Cyber Defense Response Analyst (AI & Automation Focus)

Role Overview This position is for a Cyber Defense Response Analyst & AI Developer with a primary focus on architecting and deploying agentic AI tools to proactively identify and remediate suspicious activity across cloud network and host-based environments. This role serves as a critical bridge between traditional incident response and advanced security engineering by developing Agentic AI workflows and conducting AI-driven threat hunting and incident investigation.

Impact and Scope As a Response Analyst you will provide proactive and reactive security services to safeguard Fords technology infrastructure applications and data. You will develop autonomous agents designed to analyze massive complex datasets to identify weak signals and stealthy adversary behaviors that traditional SIEM and EDR tools often miss. The scope of this role encompasses all Ford Motor Company assets including subsidiaries and joint ventures worldwide.

Candidate Profile Successful candidates must demonstrate a deep interest in computer forensics or penetration testing supported by a proven track record in proactive threat hunting or AI/ML-enhanced security operations. You should possess significant technical depth across cloud network or host architectures with the specialized ability to build autonomous agents that measurably enhance the Cyber Defense Centers (CDC) investigative capabilities.

Leadership and Culture Essential leadership behaviors include strong oral and written communication skills a collaborative team-first mindset and a high level of personal integrity. You will be expected to translate complex AI concepts into actionable security outcomes while mentoring peers on emerging automated defense techniques.

Work Schedule Candidates must be willing to work a Hybrid schedule currently requiring 4 days per week in-office at our southeast Michigan metro area location.

• Agentic SOC AI Development: Design develop and deploy autonomous AI agents to automate complex threat hunting tasks alert triage and incident investigations.
• AI Threat Hunting: Execute hypothesis-driven hunting campaigns using AI/ML to identify anomalies lateral movement and living-off-the-land techniques across enterprise datasets.
• Automated Detection Engineering: Transform manual hunt findings and AI-generated insights into durable automated detection rules and LLM-orchestrated response playbooks.
• Incident Investigation & Response: Lead coordinated responses to major intrusions phishing and misuse of computing facilities using EDR SIEM and Cloud logs to minimize asset loss and threat propagation.
• Cross-Domain Correlation: Build and maintain RAG (Retrieval-Augmented Generation) systems and agents that correlate telemetry across endpoint network identity and cloud environments.
• Operational Excellence: Develop consistent and repeatable methods to resolve security incidents ensuring high-quality results are delivered in a timely manner.
• Continuous Improvement: Identify and incorporate IT security improvement opportunities replacing manual repetitive procedures with agentic workflows to reduce MTTD and MTTR.
• Compliance & Governance: Ensure all incident response and data handling activities enable compliance with global laws regulations and due diligence requirements.
• Enterprise Collaboration: Leverage enterprise-wide skill sets and collaborate with global stakeholders to handle high-visibility or large-scale security events.
• Mentorship & Leadership: Mentor junior and peer analysts in proper incident handling techniques and the adoption of emerging AI-driven hunting and forensic tools.

• Cybersecurity or Threat Hunting Experience: 2 years of experience in Cybersecurity with a specific focus on Threat Hunting SOC operations Incident Response or Red Teaming/Penetration Testing.
• AI/ML for Security: Proven experience applying machine learning or statistical analysis to large-scale security telemetry including logs endpoint data network traffic and cloud events.
• Programming Proficiency: Advanced Python skills with demonstrated experience building security automation data correlation scripts and interacting with LLM APIs.
• Technical Depth: Sound understanding of TCP/IP networking concepts and adversary tactics techniques and procedures (TTPs) mapped to the MITRE ATT&CK and MITRE ATLAS frameworks.
• Operating System Expertise: Thorough knowledge of multiple operating systems with primary proficiency in Linux and secondary proficiency in either Mac or Windows.
• Critical Thinking & Analysis: Strong deductive reasoning and problem-solving skills with the ability to form and test complex hunt hypotheses and prioritize tasks under pressure.
• Operational Discipline: Experience working in a fast-paced high-stress environment with a disciplined approach to following detailed processes procedures and documentation.
• Tool & Process Development: Experience assisting in the development and maintenance of security tools standard operating procedures (SOPs) and technical documentation.
• Communication & Service: Excellent customer service skills including the ability to handle escalations manage incident communications and resolve complex security issues.
• Professional Integrity & Initiative: Demonstrated high level of independent initiative drive for results and personal integrity.
• Operational Flexibility: Personal flexibility to accommodate a day-to-day work schedule that may require significant overtime or limited travel during global or high-visibility incidents.

You may not check every box or your experience may look a little different from what weve outlined but if you think you can bring value to Ford Motor Company we encourage you to apply!

As an established global company we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe or keep you close to home Will your career be a deep dive into what you love or a series of new teams and new skills Will you be a leader a changemaker a technical expert a culture builderor all of the above No matter what you choose we offer a work life that works for you including:
Immediate medical dental vision and prescription drug coverage
Flexible family care days paid parental leave new parent ramp-up programs subsidized back-up child care and more
Family building benefits including adoption and surrogacy expense reimbursement fertility treatments and more
Vehicle discount program for employees and family members and management leases
Tuition assistance
Established and active employee resource groups
Paid time off for individual and team community service
A generous schedule of paid holidays including the week between Christmas and New Years Day
Paid time off and the option to purchase additional vacation time.

This position is a salary grade 6-8 and ranges from $85400-$192900.

Final determination of salary grade will be based on candidates skills and experience and base salary will be set within the applicable range according to job scope responsibility and competitive market value.

For more information on salary and benefits click here: sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race religion color age sex national origin sexual orientation gender identity disability status or protected veteran the United States if you need a reasonable accommodation for the online application process due to a disability please call 1-.

This position is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week.

#LI-Hybrid

#LI-GR1