Senior Application Security Analyst

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves? Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are. As a Senior Security Analyst  you will have the opportunity to work on integrating security into Cloud (GCP) & DEVSECOPS processes to help ensure Ford Credit’s applications are free from application and infrastructure vulnerabilities.

Main Responsibilities

• Act as a senior subject matter expert for secure application coding evaluations 
• Provide guidance on secure software development and best practices.
• Engage application teams on code security-related problems - identify vulnerabilities and help teams implement secure solutions. 
• Collaborate with application support teams (Architecture, Engineering, Security, etc.) to ensure that application security best practices are integrated into the application SDLC and deployment processes. 
• Help application teams understand Ford Information Security Policy (ISP) and recommended security controls.
• Help define security standards around CICD pipelines, SAST/SCA/DAST testing processes, DEVSECOPS principles (IaC, automation, etc.)

Required Skills 

• Strong security coding experience with languages like Java, .Net, Python, Ruby or equivalent
• Experience with the full software or systems development life cycle, including reqs analysis, design, integration, testing, and implementation.
• Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
• Experience working in highly regulated environments and participation in security audits and/or application threat modeling.
• Experience implementing security frameworks (NIST, CIS, etc.)

Additional Nice to Have

• Experience working with GCP and particularly securing GCP assets and development pipelines.
• Experience using SAST/SCA tools like CheckMarx, SonarCube, FOSSA, BlackDuck, 42Crunch
• Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
• Good presentation & communication skills

Education Requirements

• BA or BS degree (preferably in Computer Science, Information System/Management, Engineering or Mathematics) 

Desired training/certifications

• Developer certifications
• Security certifications

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you,