Cyber Defense Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related technical field (or equivalent professional experience).
• 3+ years of experience in a Security Operations Center (SOC) or Cyber Defense Center (CDC), including:
• Hands-on experience with SIEM platforms and EDR/XDR tools.
• Performing data correlation and analysis of system logs (Firewall, Network Flow, IDS/IPS, and Operating System logs).
• Incident handling and triage, including the resolution of escalations and clear communication during active security events.
• In-depth understanding of Operating Systems (Windows, Linux, Mac), network protocols (TCP/IP, DNS, HTTP), and core infrastructure technologies.
• Ability to work in a fast-paced, high-stress environment with a strong sense of urgency and attention to detail.
• Strong deductive reasoning, critical thinking, and prioritization skills.
• Excellent oral and written communication skills—able to translate technical items into non-technical terms.
• High level of independent initiative, integrity, and a disciplined approach to adhering to procedures.

Nice To Haves

• 2+ years of experience with Google Cloud Platform (GCP) or Microsoft Azure, specifically analyzing cloud-native security logs.
• Experience leveraging or tuning Artificial Intelligence (AI) and Machine Learning (ML) tools to improve threat detection or automate manual triage tasks.
• Proficiency in scripting languages such as Python, PowerShell, Bash, or SQL to automate workflows or parse data.
• Familiarity with Ford’s computing infrastructure and the Software Development Methodology (SDM).
• Preferred industry credentials such as GIAC (GCIH, GCIA), CEH or CIISP.

Responsibilities

• Perform initial triage and investigation of various security incidents to determine the impact on Ford, including phishing, malicious software, reconnaissance activities (probes/scans), data exfiltration, and policy violations.
• Conduct daily analysis using a range of tools, including SIEM, EDR/XDR, SOAR, and Sandbox analysis platforms.
• Investigate alerts across multi-cloud (Azure, GCP, AWS) and on-premises environments.
• Collaborate with internal business units and technical teams to investigate and contain incidents.
• Respond to cybersecurity inquiries received from Ford personnel, providing clear guidance and risk assessment.
• Execute and maintain security playbooks and standard operating procedures (SOPs) to ensure consistent, repeatable, and efficient incident resolution.
• Effectively document investigation details for both technical peer review and non-technical stakeholders.
• Identify and map attacker Tools, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) to the MITRE ATT&CK framework to enhance future detection and prevention.
• Support Shift Lead rotation at least once per calendar quarter, managing escalations and team coordination.
• Monitor the global threat landscape and stay up-to-date with emerging cybersecurity trends to proactively improve Ford’s security posture.
• Utilize AI-driven threat detection tools to enhance triage accuracy, reduce false positives, and accelerate the identification of emerging attack patterns.

Benefits

• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.