Apply on Employer Site

Ford Motor Company · 18 hours ago

Application Security Cloud Engineer

Dearborn, MI

Full-time

Hybrid

Senior Level

5+ years exp

Ford Motor Company is a global leader in the automotive industry, committed to building a secure cloud environment as part of its technology modernization efforts. They are seeking a Senior Application Security Cloud Engineer to design, build, and secure a Zero Trust environment in Google Cloud Platform (GCP), collaborating with various teams to embed security into applications and infrastructure.

AutomotiveAutonomous VehiclesManufacturingTransportation

No H1B

Responsibilities

Partner with Architecture, Developer Experience (DevX), and Site Reliability Engineering (SRE) teams to shape and implement our GCP Zero-Trust security architecture

Provide expert oversight and validation of security controls, acting as a critical second-line partner to ensure our cloud environment is fundamentally secure

Drive the operationalization of Google's Security Command Center Enterprise (SCCE), turning its powerful features into a proactive threat detection and compliance engine

Serve as the subject matter expert for securing containerized (Docker, Kubernetes) and serverless applications within GCP

Collaborate on best practices for the enforcement of security quality gates for Infrastructure as Code (IaC) and Policy as Code (PaC) implementations

Govern security controls within our CI/CD pipelines, overseeing and adjusting security gates to prevent vulnerabilities from reaching production

Mature and scale our application security tooling processes (Static and Dynamic Testing, Open-Source Software Scanning, secrets detection), translating raw findings into actionable risk intelligence for development teams

Develop and automate vulnerability management processes, using a risk-based approach to prioritize and drive remediation

Lead by influence, providing expert guidance on secure coding practices and modern security patterns to our engineering teams

Act as a key liaison for our bug bounty program, coordinating between vendors and internal teams to ensure swift resolution

Mentor and support our Security Advocate program, empowering them to elevate the security posture across the organization through awareness and training exercises

Collaborate effectively with cross-functional teams, including development, operations, compliance, and incident response

Qualification

Google Cloud PlatformApplication SecurityVulnerability ManagementContainerizationScripting LanguagesSecurity Testing MethodologiesInfrastructure as CodeCommunication SkillsCollaboration SkillsProblem-Solving Skills

Required

Bachelor's degree in computer science, information security, or a related technical field, or equivalent practical experience

5+ years of progressive experience in application security, cloud security, or a similar security engineering role

Demonstrable expertise in securing applications and infrastructure within Google Cloud Platform (GCP)

In-depth understanding of software development lifecycle (SDLC) principles and practices

Proven experience with vulnerability management, including scanning, analysis, prioritization, and remediation tracking

Strong knowledge of various security testing methodologies and tools

Proficiency in at least one scripting language (e.g., Python, Go, Bash) for automation and tool development

Experience with containerization (Docker, Kubernetes) and serverless technologies

Excellent communication, collaboration, and problem-solving skills

Preferred

Master's degree in a relevant technical field

Relevant industry certifications such as GCP Professional Cloud Security Engineer, CISSP, CCSP, CSSLP

Experience with Infrastructure as Code (IaC) security practices and tools (e.g., Terraform, Mondoo, Open Policy Agent)

Knowledge of common security frameworks and compliance standards (e.g., NIST, ISO 27001, SOC 2, GDPR)

Experience with security monitoring, logging, and alerting solutions in a cloud environment (e.g., GCP Security Command Center, Cloud Logging, Cloud Monitoring)