Application Security Cloud Engineer

We are the movers of the world and the makers of the future. We get up every day roll up our sleeves and build a better world -- together. At Ford were all a part of something bigger than ourselves. Are you ready to change the way the world moves

The Ford Motor Credit Company team helps put people behind the wheels of great Ford and Lincoln vehicles. By partnering with dealerships we provide financing personalized service and professional expertise to thousands of dealers and millions of customers in over one hundred countries around the world.

In this position...

• Ford Credit is undertaking a massive technology modernization and at the heart of this transformation is a commitment to building a world-class secure cloud environment. We are seeking a senior engineer to be a cornerstone of this initiative. This role will have the opportunity to help design build and secure our new Zero Trust environment in Google Cloud Platform (GCP).
• As a key member of our second line-of-defense security team you will act as a trusted advisor and technical expert partnering with development operations and architecture teams.
• You will have the autonomy and influence to embed security into the fabric of our applications and infrastructure ensuring we are secure by design. If you are a hands-on builder who is passionate about proactive security and wants to make a tangible impact on a strategic multi-year program this is the role for you.

What youll do...

• Cloud Security Strategy & Oversight:
  • Partner with Architecture Developer Experience (DevX) and Site Reliability Engineering (SRE) teams to shape and implement our GCP Zero-Trust security architecture.
  • Provide expert oversight and validation of security controls acting as a critical second-line partner to ensure our cloud environment is fundamentally secure.
  • Drive the operationalization of Googles Security Command Center Enterprise (SCCE) turning its powerful features into a proactive threat detection and compliance engine.
• Technical Application & Cloud Security:
  • Serve as the subject matter expert for securing containerized (Docker Kubernetes) and serverless applications within GCP.
  • Collaborate on best practices for the enforcement of security quality gates for Infrastructure as Code (IaC) and Policy as Code (PaC) implementations.
  • Govern security controls within our CI/CD pipelines overseeing and adjusting security gates to prevent vulnerabilities from reaching production.
  • Mature and scale our application security tooling processes (Static and Dynamic Testing Open-Source Software Scanning secrets detection) translating raw findings into actionable risk intelligence for development teams.
  • Develop and automate vulnerability management processes using a risk-based approach to prioritize and drive remediation.
• Collaboration & Security Culture:
  • Lead by influence providing expert guidance on secure coding practices and modern security patterns to our engineering teams.
  • Act as a key liaison for our bug bounty program coordinating between vendors and internal teams to ensure swift resolution.
  • Mentor and support our Security Advocate program empowering them to elevate the security posture across the organization through awareness and training exercises.
  • Collaborate effectively with cross-functional teams including development operations compliance and incident response.

Youll have...

• Bachelors degree in computer science information security or a related technical field or equivalent practical experience.
• 5 years of progressive experience in application security cloud security or a similar security engineering role.
• Demonstrable expertise in securing applications and infrastructure within Google Cloud Platform (GCP).
• In-depth understanding of software development lifecycle (SDLC) principles and practices.
• Proven experience with vulnerability management including scanning analysis prioritization and remediation tracking.
• Strong knowledge of various security testing methodologies and tools
• Proficiency in at least one scripting language (e.g. Python Go Bash) for automation and tool development.
• Experience with containerization (Docker Kubernetes) and serverless technologies.
• Excellent communication collaboration and problem-solving skills.

Even better you may have...

• Masters degree in a relevant technical field.
• Relevant industry certifications such as GCP Professional Cloud Security Engineer CISSP CCSP CSSLP.
• Experience with Infrastructure as Code (IaC) security practices and tools (e.g. Terraform Mondoo Open Policy Agent).
• Knowledge of common security frameworks and compliance standards (e.g. NIST ISO 27001 SOC 2 GDPR).
• Experience with security monitoring logging and alerting solutions in a cloud environment (e.g. GCP Security Command Center Cloud Logging Cloud Monitoring).

You may not check every box or your experience may look a little different from what weve outlined but if you think you can bring value to Ford Motor Company we encourage you to apply!

As an established global company we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe or keep you close to home Will your career be a deep dive into what you love or a series of new teams and new skills Will you be a leader a changemaker a technical expert a culture builderor all of the above No matter what you choose we offer a work life that works for you including:

• Immediate medical dental vision and prescription drug coverage
• Flexible family care days paid parental leave new parent ramp-up programs subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement fertility treatments and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays including the week between Christmas and New Years Day
• Paid time off and the option to purchase additional vacation time.

For more information on salary and benefits click here: position is a range of salary grades 6-8 .

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race religion color age sex national origin sexual orientation gender identity disability status or protected veteran the United States if you need a reasonable accommodation for the online application process due to a disability please call 1-.

This position is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week. #LI-Hybrid

#LI-FordCredit #LI-MK2