Senior Application Security Analyst
Mexico City, MEX, Mexico
Ford Motor Company
Since 1903, we have helped to build a better world for the people and communities that we serve. Welcome to Ford Motor Company.We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves? Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are. As a Senior Security Analyst you will have the opportunity to work on integrating security into Cloud (GCP) & DEVSECOPS processes to help ensure Ford Credit’s applications are free from application and infrastructure vulnerabilities.
Main Responsibilities
- Act as a senior subject matter expert for secure application coding evaluations
- Provide guidance on secure software development and best practices.
- Engage application teams on code security-related problems - identify vulnerabilities and help teams implement secure solutions.
- Collaborate with application support teams (Architecture, Engineering, Security, etc.) to ensure that application security best practices are integrated into the application SDLC and deployment processes.
- Help application teams understand Ford Information Security Policy (ISP) and recommended security controls.
- Help define security standards around CICD pipelines, SAST/SCA/DAST testing processes, DEVSECOPS principles (IaC, automation, etc.)
Required Skills
- Strong security coding experience with languages like Java, .Net, Python, Ruby or equivalent
- Experience with the full software or systems development life cycle, including reqs analysis, design, integration, testing, and implementation.
- Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
- Experience working in highly regulated environments and participation in security audits and/or application threat modeling.
- Experience implementing security frameworks (NIST, CIS, etc.)
Additional Nice to Have
- Experience working with GCP and particularly securing GCP assets and development pipelines.
- Experience using SAST/SCA tools like CheckMarx, SonarCube, FOSSA, BlackDuck, 42Crunch
- Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
- Good presentation & communication skills
Education Requirements
- BA or BS degree (preferably in Computer Science, Information System/Management, Engineering or Mathematics)
Desired training/certifications
- Developer certifications
- Security certifications
You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!
As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you,
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits Automation Checkmarx Cloud Computer Science DAST DevSecOps GCP Incident response Java Mathematics NIST OWASP Python Ruby SAST SDLC Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs