General Motors Application Security Specialist - INF0017632 in Detroit, Michigan

The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us at Careers.Accommodations@GM.com. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability, sexual orientation, gender identity/expression, or protected veteran status.

About the role:

The Application Security Specialist supports the activities of the Security Assurance team which is responsible for identifying, prioritizing and eradicating vulnerabilities in computer systems and networks throughout the GM environment.This role will be responsible identifying vulnerabilities in various applications, developing and maintaining application security testing methodologies, and track remediation of vulnerabilities across the GM environment. The Application Security Analyst will be required to perform hands-on, automated and manual security testing of applications.

Major Duties/Responsibilities

  • Passion for identifying application security weaknesses
  • Perform complex security related testing, creating test cases, performing manual and automated tests (dynamic and static), report on problems encountered and documenting test results for follow-up
  • Select, implement, and maintain application security testing tools
  • Perform manual testing to confirm the validity, risk, and impact of identified vulnerabilities.
  • Develop solutions to remediate findings from application security testing
  • Manage the lifecycle of vulnerabilities, from identification to remediation and reporting

Qualifications

Minimum Qualifications

  • Bachelor’s degree in Information Systems or related field with adequate experience in the field of information security is acceptable.
  • 4-5 years hands-on experience in either: application security, penetration testing, or vulnerability management
  • Programming experience in Java, .NET, PHP
  • Hands-on web application security knowledge
  • Experience with white-box or gray-box testing
  • Experience with application security source code reviews
  • Advanced knowledge of operating system and database security (Windows, Unix, Linux, SQL, and Oracle etc.)
  • Hands-on experience with commercial and open-source network and application security testing tools
  • Demonstrated sound written and verbal communication skills
  • Extensive ability to transform technical concepts into usable documented material for non-technical users
  • Work on multiple projects simultaneously, set priorities and meet deadlines
  • Work independently and manage workload with organization to meet expectations and objectives.
  • Absorb, retain and organize information gathered from multiple sources and in a variety of formats.
  • High level of integrity in dealing with confidential and sensitive information

Minimum Qualifications

  • Bachelor’s degree in Information Systems or related field with adequate experience in the field of information security is acceptable.
  • 4-5 years hands-on experience in either: application security, penetration testing, or vulnerability management
  • Programming experience in Java, .NET, PHP
  • Hands-on web application security knowledge
  • Experience with white-box or gray-box testing
  • Experience with application security source code reviews
  • Advanced knowledge of operating system and database security (Windows, Unix, Linux, SQL, and Oracle etc.)
  • Hands-on experience with commercial and open-source network and application security testing tools
  • Demonstrated sound written and verbal communication skills
  • Extensive ability to transform technical concepts into usable documented material for non-technical users
  • Work on multiple projects simultaneously, set priorities and meet deadlines
  • Work independently and manage workload with organization to meet expectations and objectives.
  • Absorb, retain and organize information gathered from multiple sources and in a variety of formats.
  • High level of integrity in dealing with confidential and sensitive information

Preferred Qualifications:

  • Master’s degree in a relevant field
  • Experience developing exploits
  • Obtained certifications in one or more of the following preferred:

CISSP, GIAC, CEH