Application Security Analyst

We are the movers of the world and the makers of the future. We get up every day roll up our sleeves and build a better world -- together. At Ford were all a part of something bigger than ourselves. Are you ready to change the way the world moves

The Ford Motor Credit Company team helps put people behind the wheels of great Ford and Lincoln vehicles. By partnering with dealerships we provide financing personalized service and professional expertise to thousands of dealers and millions of customers in over one hundred countries around the world.

In this position...

• In this role you will have the opportunity to support the oversight and security validation of our current technology platform and new Zero Trust environment within the Google Cloud Platform (GCP).
• As a key member of our second line-of-defense (2LoD) security team you will act as a collaborative partner to our development and operations teams. Your focus will be on providing independent technical review and vulnerability management expertise to ensure security is effectively embedded into the fabric of our applications
• You will play a vital role in identifying risks and ensuring our systems remain secure by design through proactive monitoring and reporting. If you are a detail-oriented professional who is passionate about cloud security and wants to make a tangible impact on a strategic multi-year program this is the role for you.

What youll do...

• Vulnerability Management & Triage:
  • Assist in the administration of application vulnerability scanning tools (SAST DAST and SCA) within the GCP environment.
  • Perform initial triage of vulnerability findings to remove false positives and determine risk priority.
  • Track the status of open vulnerabilities and work with first-line teams to ensure timely remediation according to company policy.
  • Generate regular reports on vulnerability trends and remediation progress for security leadership.
• Second Line of Defense (2LoD) Oversight:
  • Support the review and validation of security controls implemented by development teams to ensure they meet internal standards.
  • Assist in conducting security risk assessments for new application features or cloud configurations.
  • Help document and maintain security policies standards and procedures.
  • Monitor compliance with security baselines and report on deviations within the GCP environment.
• Application Security Support:
  • Act as a point of contact for developers regarding basic security best practices and secure coding guidelines (e.g. OWASP Top 10).
  • Participate in basic threat modeling sessions and security reviews for cloud-deployed applications.
  • Support the integration of security checkpoints into CI/CD pipelines.
  • Maintain and evolve our Security Advocate Program to integrate security within our development teams
• GCP Security Monitoring:
  • Monitor GCP Security Command Center and other security logging tools for alerts or misconfigurations.
  • Review Identity and Access Management (IAM) permissions to ensure the principle of least privilege is being followed.
  • Assist in the verification of secure configurations for GCP services (e.g. GCS buckets Cloud Functions GKE).

Youll have...

• Bachelors degree in Information Technology Cybersecurity Computer Science or a related field (or equivalent experience/internships).
• 13 years of experience in an information security role (experience in application security or cloud security is a plus).
• Foundational understanding of Google Cloud Platform (GCP) services and basic cloud security concepts.
• Strong knowledge of common application vulnerabilities (e.g. OWASP Top 10).
• Experience using vulnerability scanning or management tools (e.g. Cycode Checkmarx FOSSA)
• Strong organizational skills with the ability to track multiple technical tasks and follow up on remediation.
• Secure coding knowledge and techniques to provide developers with actionable guidance
• Proactive self-starter with a passion for continuous learning in the evolving cloud security landscape and a demonstrated ability to identify and address security gaps independently
• Good communication skills with the ability to explain security risks to both technical and non-technical stakeholders.

Even better you may have...

• Relevant Cyber Security certifications (e.g. CompTIA Security Google Cloud Digital Leader ISC2)
• Familiarity with Infrastructure as Code (IaC) security practices and tools (e.g. Terraform Mondoo Open Policy Agent).
• Knowledge of common security frameworks and compliance standards (e.g. NIST ISO 27001 SOC 2 GDPR).
• Experience with security monitoring logging and alerting solutions in a cloud environment (e.g. GCP Security Command Center Cloud Logging Cloud Monitoring).
• Experience with containerization (Docker) or CI/CD tools.

You may not check every box or your experience may look a little different from what weve outlined but if you think you can bring value to Ford Motor Company we encourage you to apply!

As an established global company we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe or keep you close to home Will your career be a deep dive into what you love or a series of new teams and new skills Will you be a leader a changemaker a technical expert a culture builderor all of the above No matter what you choose we offer a work life that works for you including:

• Immediate medical dental vision and prescription drug coverage
• Flexible family care days paid parental leave new parent ramp-up programs subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement fertility treatments and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays including the week between Christmas and New Years Day
• Paid time off and the option to purchase additional vacation time.

This position is a salary grade 6 and ranges from $.

This position is a salary grade 7 and ranges from $.

For more information on salary and benefits click here: sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race religion color age sex national origin sexual orientation gender identity disability status or protected veteran the United States if you need a reasonable accommodation for the online application process due to a disability please call 1-.

This position is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week. #LI-Hybrid

#LI-FordCredit #LI-MK2