DevOps Engineer-Security Identity & Access Management

We are the movers of the world and the makers of the future. We get up every day roll up our sleeves and build a better world -- together. At Ford were all a part of something bigger than ourselves. Are you ready to change the way the world moves

As part of the Security Identity and Access Management team we are hiring a DevOps Engineer with a primary technical focus on Google Cloud Platform (GCP). This role offers an exciting opportunity to apply your strong cloud engineering skills to critical security challenges helping secure our vital cloud on-prem and hybrid environments.

You will be a key contributor in a DevSecOps framework blending development operations and security practices to build and maintain our Identity and Access Management (IAM) and Privileged Access Management (PAM) infrastructure. This position requires a candidate capable of managing concurrent and complex development and operational tasks implementing secure scalable automated and resilient access controls automating security tasks and ensuring operational excellence across the platform. Youll work primarily with GCP understanding how different PAM/IAM systems might coexist or integrate across our enterprise.

Due to the business-critical and global nature of the ePAM platform this position provides an outstanding opportunity to engage with deliver value and gain exposure to Global business units JVs and Technology teams including Ford Credit Ford Pro and Model e Ford Blue Manufacturing EPEO Application Employee Experience Enterprise Connectivity/Network teams and Cyber Defense.

What youll do...

Reliable and Scalable IAM/PAM Implementation in GCP:
You will contribute to the design and implement secure reliable and scalable GCP IAM/PAM policies and structures rigorously applying the principle of least privilege across our GCP footprint (Organizations Folders Projects). This includes implementing and refining secure patterns for managing GCP IAM/PAM roles service accounts and their credentials leveraging modern GCP security features like Workload Identity Federation and Access Context Manager while also considering the availability and performance impact.
You will conduct technical security and reliability reviews of proposed GCP architectures to identify and mitigate potential identity and access-related risks and single points of failure early in the lifecycle.
and Managing PAM Solutions with Reliability in Mind (Across Hybrid Environments):
You will implement and maintain solutions for managing privileged accounts and secrets across our environment with a focus on assets within or interacting with GCP Entra/InTune. This includes leveraging GCP-native services like Secret Manager where appropriate and understanding how to integrate with or manage credentials stored within other enterprise PAM tools.
You will define and enforce security policies around privileged session management monitoring and auditing considering the operational stability and capabilities of the various PAM tools in use.
Security Enforcement & Operational Excellence (DevSecOps & SRE Integration):
You will embed automated security and operational checks including validation for IAM/PAM configurations directly into our CI/CD pipelines using Infrastructure as Code (IaC) tools like Terraform for GCP resources to prevent insecure or unstable deployments.
You will automate security-critical tasks such as credential rotation access reviews and compliance checks programmatically championing Security as Code and Operations as Code across the GCP environment and potential integrations with other systems.
You will utilize APIs to develop solutions collect identity-related data and automate security & operational tasks in a hybrid environment.
Monitoring Threat Detection and Incident Response:
You will implement and maintain observability solutions (metrics logs traces) and configure relevant logging sources (including security and PAM logs) to gain deep insights into system behavior performance and security events.
You will utilize detection and monitoring tools (like Dynatrace or similar platforms) to analyze system health performance and availability proactively detect suspicious or malicious activity and develop/maintain security performance and availability alerts dashboards and reporting.
With our team being Global you will provide support and be a key participant in the investigation and response to and resolution of security and reliability incidents applying SRE practices and focusing on minimizing Mean Time To Detect (MTTD) and Mean Time To Recover (MTTR).
Reliability Strategy and Compliance:
You will contribute to the overall cloud security and reliability strategy specifically focusing on evolving our IAM and PAM posture in GCP to address emerging threats business needs and operational requirements.
You will ensure that our IAM/PAM configurations and practices meet internal security standards reliability targets (SLOs/SLIs) and external compliance requirements (e.g. SOC 2 ISO 27001) assisting in providing necessary audit evidence from relevant systems.
You will research and evaluate new security and reliability technologies and approaches in the IAM/PAM space understanding how different solutions compare and could potentially integrate or complement our existing setup.
& Reliability Collaboration and Knowledge Sharing:
You will share your security and reliability expertise for the ePAM platform providing guidance and best practices to engineering operations and other teams. This includes helping teams understand secure credential handling secure application interaction with GCP services the importance of least privilege and how these practices impact system reliability and performance across the different tools and platforms in use.
You will collaborate closely with other security teams SRE teams and platform owners to support a cohesive security and reliability strategy across potentially disparate systems.
Health Security Maintenance and Improvement:
You will maintain the security health operational health and performance of our PAM Platform infrastructure and tools primarily focused on GCP but understanding the health of integrated or related systems.
You will stay current with the latest GCP security features evolving security best practices and advancements in cloud reliability patterns and SRE practices relevant to identity and access management. Youll also keep abreast of developments in major enterprise PAM approaches and solutions generally.
You will continuously seek opportunities to improve our security posture and system reliability across the relevant systems.
:
You will create and maintain high-quality documentation including security standards risk assessments architecture diagrams for access controls (detailing how different systems connect) system runbooks operational procedures and monitoring configurations for GCP and integrated PAM flows.

Youll have...

• Bachelors degree in Computer Science Information Technology OR a combination of education and experience
• 5 years of IT experience
• 3 years of Enterprise Google Cloud engineering experience
• 2 years of IT DevOps experience

Even better you may have...

• Strong written and verbal communication skills with a high degree of attention to detail.
• Proven ability to independently identify analyze and solve complex technical and operational problems with minimal oversight.
• Ability to quickly learn new technologies and share knowledge with others.
• Demonstrable ability to work effectively within a globally dispersed team environment.
• Proven track record to develop and document requirements and technical solutions.
• Solid understanding and practical application of Site Reliability Engineering (SRE) principles and practices (SLOs/SLIs toil reduction incident response).
• Experience with CI/CD Pipeline development and integration including Infrastructure as Code (IaC) tools like Terraform.
• Strong understanding and practical experience with GCP Identity and Access Management (IAM) concepts (roles policies service accounts conditions security best practices) and leveraging related security services (Workload Identity Federation Access Context Manager Secret Manager Cloud Audit Logs) relevant to PAM.
• Hands-on experience with core GCP platform components such as Cloud Resource Hierarchy Cloud Run Cloud Task and Cloud Scheduler.
• Experience with containerization (Docker) and orchestration (e.g. Kubernetes/GKE).
• Understanding of common authentication and authorization protocols (e.g. OAuth OIDC SAML LDAP).
• Familiarity with GCP policy enforcement mechanisms (e.g. Organization Policies VPC Service Controls).
• Experience with scripting and programming languages (e.g. Python Golang BASH PowerShell) and utilizing APIs (potentially including Microsoft Graph API) for automation data collection and solution development in hybrid environments.
• Experience managing codebase and projects in GitHub.
• Experience with relevant detection and monitoring tools for system health performance and security including GCP native logging/monitoring (Cloud Monitoring Cloud Audit Logs) and APM/Observability platforms (like Dynatrace or similar).
• Strong understanding of core security principles (least privilege defense-in-depth Zero Trust).
• Experience with Agile development concepts and tools such as JIRA.
• Understanding of Enterprise security domains with a strong emphasis on Cloud Security
• Familiarity with other enterprise Privileged Access Management (PAM) tools including understanding or experience with Microsoft Entra Privileged Access Management and Beyond Trust Password Safe.
• Experience with Perl programming/scripting.
• Familiarity with security risk assessment methodologies and compliance frameworks (e.g. SOC 2 ISO 27001) relevant to identity and access scenarios.

You may not check every box or your experience may look a little different from what weve outlined but if you think you can bring value to Ford Motor Company we encourage you to apply!

As an established global company we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe or keep you close to home Will your career be a deep dive into what you love or a series of new teams and new skills Will you be a leader a changemaker a technical expert a culture builderor all of the above No matter what you choose we offer a work life that works for you including:

Immediate medical dental vision and prescription drug coverage

Flexible family care days paid parental leave new parent ramp-up programs subsidized back-up child care and more

Family building benefits including adoption and surrogacy expense reimbursement fertility treatments and more

Vehicle discount program for employees and family members and management leases

Tuition assistance

Established and active employee resource groups

Paid time off for individual and team community service

A generous schedule of paid holidays including the week between Christmas and New Years Day

Paid time off and the option to purchase additional vacation time.

For a detailed look at our benefits click here: position is a range of salary grades 6-8.

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race religion color age sex national origin sexual orientation gender identity disability status or protected veteran status. In the United States if you need a reasonable accommodation for the online application process due to a disability please call 1-.

#LI-Hybrid