Cloud Architech

Job Title: Cloud-Native Security & AI Architect (GCP / Zero Trust) Location: Hybrid Dearborn MI or Fully Remote (US based) Team: Ford Credit Enterprise Architecture

About the Role: Ford Credit is accelerating its transition to a Zero-Trust security model on Google Cloud Platform (GCP) and maturing their enterprise cloud security patterns. They are seeking a Cloud-Native Security & AI Architect to guide on-prem workload migrations into a secure well-architected GCP environment while also shaping their approach to safe and effective AI enablement (with a focus on agentic patterns in the SDLC). This role will help establish practical reference architectures answering various How do I do X securely questions from internal teams driving clarity where standards are still emerging.

What Success Looks Like (612 Months):

• Documented adopted reference architectures and patterns for Zero Trust on GCP.
• Reduced critical security gaps across migrated workloads; measurable maturity lift (e.g. from 1/5 toward 3/5).
• Repeatable Apigee patterns established; known gaps documented with remediation backlog and owners.
• Teams self-serve with How to do X securely guides; faster decision cycles and fewer escalations.
• Safe pragmatic AI enablement patterns integrated into SDLC with clear guardrails and logging.
• Established security governance frameworks and stage-gates with both automation and human-in-the-loop processes.

Tools & Ecosystem: GCP (IAM Workload Identity VPC SCC Cloud Armor Secret Manager Logging/Monitoring GKE/Cloud Run Build/Artifact) Apigee GitHub JIRA Confluence Vault (as applicable) Terraform (nice to have).

Zero-Trust Cloud Security Architecture (GCP) primary focus

• Define and mature security architecture patterns and reference architectures for cloud-native workloads on GCP.
• Provide day-to-day guidance to application teams migrating from legacy environments to a new Zero-Trust GCP segment.
• Conduct gap analyses and recommend remediations to raise security maturity.
• Translate Fords Information Security Policies (ISP) into actionable architecture guidance and guardrails.
• Establish golden paths for securing RPC endpoints service-to-service auth workload identity runtime security and logging.
• Design and document secure patterns for hybrid connectivity ensuring safe data exchange and identity federation between on-premise data centers (including mainframe environments) and GCP.
• Develop a holistic security strategy for critical third-party SaaS applications focusing on identity integration (SSO) data governance and unified visibility.
• Partner with threat modeling networking and data architecture teams to ensure holistic risk-balanced designs.

API & Apigee Security Enablement

• Define patterns for securing APIs and RPC endpoints with Apigee (authN/Z token flows rate limiting telemetry).
• Identify platform gaps; collaborate with Fords Apigee owner (EPEO) to drive improvements and reusable examples.

AI Architecture (Agentic SDLC) secondary focus

• Evaluate AI-enabled solutions for safety and security: Is this secure Is it safe Are we allowed to do this
• Define secure agent patterns for SDLC use cases (e.g. agents drafting JIRAs triaging issues).
• Apply AI safety best practices (prompt injection defenses tool/API misuse prevention data leakage controls).
• Design human-in-the-loop decision traceability and auditable logging for AI-assisted decision flows.

Process & Enablement

• Create and maintain clear consumable architecture documentation and standards from multiple sources.
• Mentor teams; answer questions rapidly; help the org balance speed with security in a zero-trust context.
• Contribute to a pragmatic roadmap to improve security maturity across the portfolio.