Ford Motor Company Jobs

Position responsibilities include:

• Perform threat modeling for Enterprise and SaaS IT assets.

• Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities.

• Work with business, application, and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE, VAST, Attack Tree etc.

• Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats.

• Assess the risk by evaluating likelihood and impact, determine countermeasures and remediation.

• Apply Information Security Policy and industry security standards (E.g.: OWASP, NIST, CIS etc.,) and guide application teams to help build secure products.

• Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.

• Provide feedback for improving Threat Modeling tools and processes.

• Develop and maintain Threat library for custom application/infrastructure components.

• Leverage industry best practices to continually improve process maturity.

• Provide input to the Risk Management Framework and related documentation.

• Promote awareness of security issues among application teams and business teams through training and awareness programs.

• Report threats and associated risk metrics to management

• Stay updated through continuous learning of emerging technologies like LLM, ZTNA, LCNC etc.

Skillset required:

• Experience in different Threat Modeling methodologies (E.g.: STRIDE, VAST, Attack Tree etc.).

• Knowledge of security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques.

• Knowledge of organization's information security policies, standards, and procedures.

• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

• Knowledge of network access, cryptography, cryptographic key management concepts, identity and access management (e.g.: OAuth, OpenID, SAML).

• Experience in cloud security and API security.

• Experience in security assessment for Microservices architecture, Databases (SQL/NoSQL), Google Cloud Platform resources like cloud storage, Redis Pub/Sub and Cloud Run.

• Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles.

• Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy.

• Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks, buffer overflow, cross-site scripting etc.

• Skill to provide security controls guidance related to data usage, processing, storage, and transmission.

• Ability to evaluate information for reliability, validity, and relevance.

• Excellent analytical, communication, documentation, and presentation skills.

• Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.

• Strong knowledge of Agile practices and SDLC

• Self-Starter who can work in ambiguous situations and drive to a solution.

• Strong interpersonal skills, including ability to educate and influence.

Qualifications required:

• Bachelor’s degree in computer science, Cyber Security, or related field of study

• 2+ years of experience in Cyber Security or related fields of IT.

• 2+ years of experience in Application development / Infrastructure management

• Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc.

• Cyber security certifications like CISSP, OSCP, CEH, Pentest+ are highly desirable.

Requisition ID : 31345