Apply on Employer Site

Ford Motor Company · 1 week ago

Senior Software Engineer - PKI

Dearborn, MI

Full-time

Hybrid

Senior Level

5+ years exp

Ford Motor Company is a global leader in the automotive industry, dedicated to building a better world through innovation. They are seeking a Senior Software Engineer specializing in Public Key Infrastructure (PKI) and Key Management to lead the lifecycle of cryptographic systems and develop secure API services for vehicle products.

AutomotiveAutonomous VehiclesManufacturingTransportation

No H1B

U.S. Citizen Only

Responsibilities

End-to-End Ownership: Lead the full lifecycle of PKI and Key Management API services supporting our vehicle products and ecosystem — lead customer requirements gathering, architecture design, implementation, testing, deployment, monitoring, and post-launch support

Design and develop RESTful APIs and web services that are robust, secure, and scalable for various features and use cases: CRL/OCSP, ACME, Certificate Issuance, message encryption/decryption, software signing, key rotation and certificate lifecycle management, HSM integration with PKCS11, CCC. Implement access control methods that enforce least privilege access principles using OAuth or mTLS

Cryptographic Engineering: Implement and harden PKI and key services with deep knowledge of PKI industry standards, X.509, PKCS standards, elliptic curve cryptography (ECC) and RSA, post-quantum readiness, and hardware security module CSP integration. Apply hybrid encryption techniques with AES. Define and enforce PKI certificate policies and certificate profiles

Secure Systems Architecture: Design fault-tolerant, highly available PKI services with zero-downtime issuance, disaster recovery, and multi-region replication

Infrastructure and CI/CD Integration: Release and Deploy your apps through build server, CI/CD pipeline, and infrastructure involving on-premises and cloud Kubernetes

Security & Compliance: Monitor and address findings regularly in code base through SAST, DAST, software quality and security vulnerability scanning

Monitoring and Response: Actively assist in monitoring our systems and performing root cause analysis to address issues quickly. Implement robust application logging and integration with Splunk and security monitoring systems

Define and lead best practices for our software development process, perform code reviews, and mentor engineers while remaining hands-on in the codebase

Working with ECU embedded development teams to understand embedded architecture requirements and the best approach of key management for each ECU

Authoring and managing technical cybersecurity requirements and process documentation

Qualification

Public Key Infrastructure (PKI)Key ManagementSecure API servicesCryptographic EngineeringCloud infrastructure (Kubernetes)Software engineering C#/C++Software engineering JavaDatabase management SQLDatabase management NoSQLCybersecurity standards NISTCybersecurity standards OWASPObject-oriented programmingVersion control (Git)Test-driven developmentSoftware testingIdentityAccess ManagementMonitoringResponseTechnical documentationSoft skills

Required

Bachelor's degree in Computer Science or related OR a combination of education and experience

5+ years in proficiency of software engineering and secure coding practices using object oriented programming, including C#/C++, Java, .Net Standard

Strong knowledge and applicability of software architecture, development, methodologies and design principles including test-driven development

Outstanding software testing skills that results in lasting quality solutions that scale

Proficient version control of development and release branches in Git

Proven track record of owning customer-facing products from ideation to general acceptance, and flexibility to manage multiple projects and deliverables throughout lifecycle

3+ years deploying and maintaining cloud infrastructure with Kubernetes or OpenShift, and managing database instances (SQL Postgres, Redis, MongoDB)

3+ years developing and maintaining production PKI systems and cryptographic APIs

Experience and deep understanding of industry security standards and applying them in our software solutions and processes, including NIST, OWASP, and relevant ISO and IEEE standards

Application of Identity and Access Management principles in software services across varying infrastructures, including OAuth, JWT, mTLS

Excellent understanding and application of cybersecurity algorithms, standards, and strategies including RSA, ECC, EdDSA, AES, TLS, X.509, PKCS#11, ACME, OCSP, CRL, HSM integration (Thales, YubiHSM, AWS CloudHSM, GCP KMS)

Strong knowledge of PKI and Key Management best practices

Ability to justify asymmetric vs symmetric keying strategies chosen