Cyber Security Platform Engineer - Cyber Defense

Ford•Dearborn, MI

22h•Remote

About The Position

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves? Enterprise Technology is looking for a Security Engineer within Enterprise Platform Engineering and Operations group to engineer solutions within our Cybersecurity platforms in support of our Cyber Defense Organization. Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience, and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are. This position drives the software architecture and engineering of our SIEM/SOAR and unified risk management ecosystems. With a primary focus on cloud based SIEM/SOAR & security management platforms, you will apply software engineering principles to build scalable, API-driven security solutions. The ideal candidate brings a hybrid background in coding and security, capable of programmatically managing infrastructure, developing custom data pipelines, and engineering automation workflows to empower a mature SOC. You will collaborate with cross-functional teams to code and deploy enhancements that strengthen our security posture and automate compliance standards.

Requirements

Bachelor’s degree in Computer Science, Cyber Security, Information Systems or related field.
6+ years of overall software engineering experience
2+ technical experience designing and maintaining scalable security data architectures.
Skilled in configuring cloud-native security & SIEM/SOAR platforms.
Experience with security logging, data sources, log parsing & tuning and industry best practices for log ingestion
Experience administering cloud-native security platforms, with a specific focus on maintaining platform health, troubleshooting configuration issues, and managing complex IAM roles to ensure granular access control.
2+ years hands-on development experience on cloud native platforms, preferably Google Cloud Platform.

Nice To Haves

Proficiency in scripting languages like Python, Go, Java, or Bash for automation, data manipulation, and integration tasks.
Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions or similar.
Knowledge of secure coding practices
Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective service for scaling
Robust knowledge of system design principles including reliability, availability, and scalability
Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites)
Strong understanding of network security, log analysis, threat detection, and incident response.
Knowledge of RESTful APIs, data integration techniques, and infrastructure-as-code tools (e.g., Terraform, Ansible).
Ability to analyze complex data systems, identify improvement opportunities, and translate business requirements into detailed technical designs.
Excellent analytical skills and attention to detail for solving complex problems with many variables.
Strong verbal and written communication skills to articulate technical issues, collaborate with stakeholders, and create comprehensive documentation.
Ability to work effectively in a team environment and interact with various internal and external teams.
Comfortable supporting multiple client environments and balancing delivery with operations.
Familiarity with security concepts, cybersecurity frameworks such as NIST, MITRE ATT&CK threat hunting, and cyber threat intelligence.
Strong technical experience working in multi-cloud platforms, particularly Google Cloud.

Responsibilities

Architect and engineer scalable, cloud-native SIEM solutions, utilizing Infrastructure-as-Code principles to manage log ingestion pipelines and storage.
Develop and maintain robust data pipelines to ingest, transform, and normalize security logs from diverse endpoints (APIs, cloud platforms, firewalls) into the SIEM, ensuring high data fidelity and low latency.
Write and optimize custom parsers using Regex and scripting languages to map raw log data to standardized security models, ensuring consistent data structures for analysis.
Program custom integrations connecting third-party tools and streaming data sources to the SIEM via REST APIs and webhooks.
Collaborate with DevOps and Application teams to define logging standards and embed security telemetry requirements early in the software development lifecycle (SDLC).
Manage the full lifecycle of the SIEM platform, including health monitoring, troubleshooting ingestion failures, and debugging parsing errors to ensure 24/7 availability.
Proactively analyze ingestion volume against capacity limits to identify optimization opportunities, implementing granular log tuning and exclusion rules that minimize licensing costs and maximize the signal-to-noise ratio
Engineer automated provisioning workflows using Infrastructure as Code (IaC) to programmatically manage both the underlying infrastructure and complex IAM policies supporting the security platforms.

Benefits

Immediate medical, dental, and prescription drug coverage
Flexible family care, parental leave, new parent ramp-up programs, subsidized back-up child care and more
Vehicle discount program for employees and family members, and management leases
Tuition assistance
Established and active employee resource groups
Paid time off for individual and team community service
A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
Paid time off and the option to purchase additional vacation time.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume