DevSecOps Security Engineer

Ford Motor Company is an Equal Opportunity Employer, as we are committed with a diverse workforce, and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran and basis of disability.

The DevSecOps Security engineer ensures that every step of the software development lifecycle (SDLC) follows security best practices. They are also responsible for adhering to secure coding principles and aid in testing the application against security risks/parameters before release.

• Able to work well with software development teams.
• Experience identifying security issues through code review.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Experience in integrating, monitoring and improving DevSecOps tools and processes, automate routine tasks and improve system reliability
• Basic development or scripting experience and skills. 
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
• Designing and implementing Zero Trust Security model, automated enforcement, and monitoring of security controls, vulnerability management, code based compliance and gate reviews, platform based security controls and guardrails
• Perform security-focused code reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Knowledge of Risk mitigation techniques and fixing the code bugs
• Monitoring the processes during the entire lifecycle for its adherence and updating or creating new processes for improvement
• Support and consult with product and development teams in the area of application security
• Identifying and deploying cybersecurity measures by continuously performing vulnerability assessment and risk management
• Providing security training and outreach to internal development teams
• Mentoring, guiding team members and customers
• Monitoring, measuring customer experience and KPIs

• English proficiency (written and verbal)
• Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
• + 3 years of professional experience with any combination of at least 2 technical disciplines, including the following: DevSecOps, cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering