Ford is looking for a Cyber Security Platform Engineer to join our Enterprise Platform Engineering and Operations group. In this role, you will architect and engineer solutions within our Cybersecurity platforms, driving the software architecture of our SIEM/SOAR and unified risk management ecosystems. Your focus will be on applying software engineering principles to build scalable, API-driven security solutions on cloud-based platforms.
What You'll Do
- Architect and engineer scalable, cloud-native SIEM solutions, utilizing Infrastructure-as-Code principles to manage log ingestion pipelines and storage.
- Develop and maintain robust data pipelines to ingest, transform, and normalize security logs from diverse endpoints into the SIEM.
- Write and optimize custom parsers using Regex and scripting languages to map raw log data to standardized security models.
- Program custom integrations connecting third-party tools and streaming data sources to the SIEM via REST APIs and webhooks.
- Collaborate with DevOps and Application teams to define logging standards and embed security telemetry requirements early in the software development lifecycle.
- Manage the full lifecycle of the SIEM platform, including health monitoring, troubleshooting ingestion failures, and debugging parsing errors.
- Proactively analyze ingestion volume against capacity limits to identify optimization opportunities, implementing granular log tuning and exclusion rules.
- Engineer automated provisioning workflows using Infrastructure as Code to programmatically manage underlying infrastructure and complex IAM policies.
What We're Looking For
- Bachelor’s degree in Computer Science, Cyber Security, Information Systems or related field.
- 6+ years of overall software engineering experience.
- 2+ years technical experience designing and maintaining scalable security data architectures.
- Skilled in configuring cloud-native security & SIEM/SOAR platforms.
- Experience with security logging, data sources, log parsing & tuning and industry best practices for log ingestion.
- Experience administering cloud-native security platforms, with a specific focus on maintaining platform health, troubleshooting configuration issues, and managing complex IAM roles.
- 2+ years hands-on development experience on cloud native platforms, preferably Google Cloud Platform.
Nice to Have
- Proficiency in scripting languages like Python, Go, Java, or Bash for automation, data manipulation, and integration tasks.
- Hands-on experience setting up CI/CD pipelines, OpenShift Tekton, or GitHub Actions or similar.
- Knowledge of secure coding practices.
- Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective service for scaling.
- Robust knowledge of system design principles including reliability, availability, and scalability.
- Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites).
- Strong understanding of network security, log analysis, threat detection, and incident response.
- Knowledge of RESTful APIs, data integration techniques, and infrastructure-as-code tools (e.g., Terraform, Ansible).
- Ability to analyze complex data systems, identify improvement opportunities, and translate business requirements into detailed technical designs.
- Excellent analytical skills and attention to detail for solving complex problems with many variables.
- Strong verbal and written communication skills to articulate technical issues, collaborate with stakeholders, and create comprehensive documentation.
- Ability to work effectively in a team environment and interact with various internal and external teams.
- Comfortable supporting multiple client environments and balancing delivery with operations.
- Familiarity with security concepts, cybersecurity frameworks such as NIST, MITRE ATT&CK threat hunting, and cyber threat intelligence.
- Strong technical experience working in multi-cloud platforms, particularly Google Cloud.
Technical Stack
- SIEM/SOAR platforms, Google Cloud Platform
- Python, Go, Java, Bash
- Infrastructure-as-Code (Terraform, Ansible)
- REST APIs, Regex
- CI/CD pipelines (OpenShift Tekton, GitHub Actions)
- GCP Cloud Run, GCP Cloud Functions
- Dynatrace, GCP Ops Suites
Team & Environment
You will be part of the Enterprise Platform Engineering and Operations group, supporting our Cyber Defense Organization.
Benefits & Compensation
- Compensation range: $97,140-$190,500
- Immediate medical, dental, and prescription drug coverage
- Flexible family care, parental leave, new parent ramp-up programs, subsidized back-up child care and more
- Vehicle discount program for employees and family members, and management leases
- Tuition assistance
- Established and active employee resource groups
- Paid time off for individual and team community service
- A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
- Paid time off and the option to purchase additional vacation time
Work Mode
This position is remote.
We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status.
