Application Security Cloud Engineer

Ford Motor Company•Dearborn, MI

40d

About The Position

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger than ourselves. Are you ready to change the way the world moves? The Ford Motor Credit Company team helps put people behind the wheels of great Ford and Lincoln vehicles. By partnering with dealerships, we provide financing, personalized service and professional expertise to thousands of dealers and millions of customers in over one hundred countries around the world. In this position... Ford Credit is undertaking a massive technology modernization, and at the heart of this transformation is a commitment to building a world-class, secure cloud environment. We are seeking a senior engineer to be a cornerstone of this initiative. This role will have the opportunity to help design, build, and secure our new Zero Trust environment in Google Cloud Platform (GCP). As a key member of our second line-of-defense security team, you will act as a trusted advisor and technical expert, partnering with development, operations, and architecture teams. You will have the autonomy and influence to embed security into the fabric of our applications and infrastructure, ensuring we are secure by design. If you are a hands-on builder who is passionate about proactive security and wants to make a tangible impact on a strategic, multi-year program, this is the role for you.

Responsibilities

Partner with Architecture, Developer Experience (DevX), and Site Reliability Engineering (SRE) teams to shape and implement our GCP Zero-Trust security architecture.
Provide expert oversight and validation of security controls, acting as a critical second-line partner to ensure our cloud environment is fundamentally secure.
Drive the operationalization of Google's Security Command Center Enterprise (SCCE), turning its powerful features into a proactive threat detection and compliance engine.
Serve as the subject matter expert for securing containerized (Docker, Kubernetes) and serverless applications within GCP.
Collaborate on best practices for the enforcement of security quality gates for Infrastructure as Code (IaC) and Policy as Code (PaC) implementations.
Govern security controls within our CI/CD pipelines, overseeing and adjusting security gates to prevent vulnerabilities from reaching production.
Mature and scale our application security tooling processes (Static and Dynamic Testing, Open-Source Software Scanning, secrets detection), translating raw findings into actionable risk intelligence for development teams.
Develop and automate vulnerability management processes, using a risk-based approach to prioritize and drive remediation.
Lead by influence, providing expert guidance on secure coding practices and modern security patterns to our engineering teams.
Act as a key liaison for our bug bounty program, coordinating between vendors and internal teams to ensure swift resolution.
Mentor and support our Security Advocate program, empowering them to elevate the security posture across the organization through awareness and training exercises.
Collaborate effectively with cross-functional teams, including development, operations, compliance, and incident response.