Cyber Security Platform Engineer - Cyber Defense

This position drives the software architecture and engineering of our SIEM/SOAR and unified risk management ecosystems. With a primary focus on cloud based SIEM/SOAR & security management platforms, you will apply software engineering principles to build scalable, API-driven security solutions. The ideal candidate brings a hybrid background in coding and security, capable of programmatically managing infrastructure, developing custom data pipelines, and engineering automation workflows to empower a mature SOC. You will collaborate with cross-functional teams to code and deploy enhancements that strengthen our security posture and automate compliance standards.

• Architect and engineer scalable, cloud-native SIEM solutions, utilizing Infrastructure-as-Code principles to manage log ingestion pipelines and storage.
• Develop and maintain robust data pipelines to ingest, transform, and normalize security logs from diverse endpoints (APIs, cloud platforms, firewalls) into the SIEM, ensuring high data fidelity and low latency.
• Write and optimize custom parsers using Regex and scripting languages to map raw log data to standardized security models, ensuring consistent data structures for analysis.
• Program custom integrations connecting third-party tools and streaming data sources to the SIEM via REST APIs and webhooks.
• Collaborate with DevOps and Application teams to define logging standards and embed security telemetry requirements early in the software development lifecycle (SDLC).
• Manage the full lifecycle of the SIEM platform, including health monitoring, troubleshooting ingestion failures, and debugging parsing errors to ensure 24/7 availability.
• Proactively analyze ingestion volume against capacity limits to identify optimization opportunities, implementing granular log tuning and exclusion rules that minimize licensing costs and maximize the signal-to-noise ratio
• Engineer automated provisioning workflows using Infrastructure as Code (IaC) to programmatically manage both the underlying infrastructure and complex IAM policies supporting the security platforms.

• Bachelor's degree in Computer Science, Cyber Security, Information Systems or related field.
• 6+ years of overall software engineering experience
• 2+ technical experience designing and maintaining scalable security data architectures.
• Skilled in configuring cloud-native security & SIEM/SOAR platforms .
• Experience with security logging, data sources, log parsing & tuning and industry best practices for log ingestion
• Experience administering cloud-native security platforms, with a specific focus on maintaining platform health, troubleshooting configuration issues, and managing complex IAM roles to ensure granular access control.
• 2+ years hands-on development experience on cloud native platforms, preferably Google Cloud Platform.

Even better, you may have...

• Proficiency in scripting languages like Python, Go, Java, or Bash for automation, data manipulation, and integration tasks.
• Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions or similar.
• Knowledge of secure coding practices
• Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective service for scaling
• Robust knowledge of system design principles including reliability, availability, and scalability
• Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites)
• Strong understanding of network security, log analysis, threat detection, and incident response.
• Knowledge of RESTful APIs, data integration techniques, and infrastructure-as-code tools (e.g., Terraform, Ansible).
• Analytical and Problem-Solving Skills:
• Ability to analyze complex data systems, identify improvement opportunities, and translate business requirements into detailed technical designs.
• Excellent analytical skills and attention to detail for solving complex problems with many variables.
• Communication and Collaboration:
• Strong verbal and written communication skills to articulate technical issues, collaborate with stakeholders, and create comprehensive documentation.
• Ability to work effectively in a team environment and interact with various internal and external teams.
• Comfortable supporting multiple client environments and balancing delivery with operations.
• Security & Cloud skills:
• Familiarity with security concepts, cybersecurity frameworks such as NIST, MITRE ATT&CK threat hunting, and cyber threat intelligence.
• Strong technical experience working in multi-cloud platforms, particularly Google Cloud.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder...or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, and prescription drug coverage
• Flexible family care, parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Vehicle discount program for employees and family members, and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year's Day
• Paid time off and the option to purchase additional vacation time.

For a detailed look at our benefits, click here: Benefit Summary (https://fordcareers.co/GSR)

This position is a salary grade 7- 8 .

This position is a salary grade 7-8 and ranges from $97,140-190,500 .

*Visa Sponsorship is not provided for this role *****

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger than ourselves. Are you ready to change the way the world moves? Enterprise Technology is looking for a Security Engineer within Enterprise Platform Engineering and Operations group to engineer solutions within our Cybersecurity platforms in support of our Cyber Defense Organization. Enterprise Technology plays a critical part in shaping the future of mobility. If you're looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience, and improve people's lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.