Penetration Tester

Job Description

The Role:
This role strengthens GM’s protection, detection, and response capabilities by simulating real-world attacker objectives and actions across GM’s technology landscape. You will plan and execute hands-on penetration tests, uncover root causes, and drive actionable remediation with engineering partners. The ideal candidate operates with minimal guidance, communicates clearly, and delivers high-quality, evidence-backed results.

What You'll Do (Responsibilities):

• Plan, scope, and execute application penetration tests (lead and supporting roles) across web, API, and mobile surfaces; incorporate relevant code, pipeline, and infrastructure review to map end-to-end attack paths.
• Perform authenticated and unauthenticated testing using industry-standard techniques; develop targeted tests and proof-of-concepts to validate exploitability and business impact.
• Document clear, reproducible findings with severity, impact, and pragmatic remediation guidance; deliver concise readouts to technical and non-technical stakeholders.
• Validate fixes and risk reductions, ensuring sustainable remediation and knowledge transfer to engineering teams.
• Collaborate with internal stakeholders on external vulnerability reports received through the company’s responsible disclosure program and help reduce recurring patterns.
• Contribute to safe test automation and scale (e.g., authenticated testing orchestration, repeatable workflows, CI/CD touchpoints) to improve coverage and consistency.
• Maintain awareness of emerging threats, testing techniques, and common weaknesses; advocate for secure-by-design patterns and developer enablement.

Your Skills & Abilities (Required Qualifications):

• 2+ years of hands-on experience in penetration testing, security assurance, or vulnerability management, including white-box or gray-box testing
• Solid understanding of web and API security concepts (authentication/SSO, session management, injection classes, deserialization, SSRF, RCE, access control)
• Proficiency applying industry-standard offensive testing methods and authenticated testing setups; ability to create high-quality test cases and execute both manual and automated assessments
• Experience writing professional-grade penetration test reports and presenting findings/readouts to diverse audiences
• Broad familiarity with operating systems, networks, and cloud-native architectures; ability to reason about upstream/downstream dependencies and systemic risk

People Skills:

• Strong written and verbal communication skills; able to translate complex technical issues into actionable guidance
• High integrity handling confidential and sensitive information; capable of managing multiple engagements, priorities, and deadlines with minimal supervision

What Will Give You A Competitive Edge (Preferred Qualifications):

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related technical discipline
• Experience responsibly developing or adapting exploits and proof-of-concepts to validate risk
• Recognized certifications (e.g., OSCP, GIAC, CISSP, or equivalent)
• Experience with mobile or AI/LLM application testing, red teaming/threat hunting collaboration, or building repeatable pentest/CI/CD integrations

#LI-DH2

GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc). This role is categorized as hybrid. This means the selected candidate is expected to report to a specific location at least 3 times a week {or other frequency dictated by their manager}. The selected candidate will be required to travel <25% for this role. This job may be eligible for relocation benefits. The position is subject to export control restrictions and requires the successful candidate to be a U.S. Person (U.S. citizen, U.S. permanent resident, asylee or refugee).

About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

Why Join Us 

We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee to feel they belong to one General Motors team.

Benefits Overview

From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Non-Discrimination and Equal Employment Opportunities (U.S.)

General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers.

All employment decisions are made on a non-discriminatory basis without regard to sex, race, color, national origin, citizenship status, religion, age, disability, pregnancy or maternity status, sexual orientation, gender identity, status as a veteran or protected veteran, or any other similarly protected status in accordance with federal, state and local laws. 

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required, where applicable, to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more, visit How we Hire.

Accommodations

General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us or call us at 800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.