Key skills
PythonJavaGoBashGCPGoogle CloudTerraformGitHub ActionsAnsibleServerlessOpenShiftIAMCloud RunCloud FunctionsDynatraceRESTfulGitHubSDLCCI/CDRisk ManagementCommunicationCollaborationNetwork Security
About this role
Ford Pro is committed to shaping the future of mobility and is seeking a Security Engineer to engineer solutions within their Cybersecurity platforms. This role focuses on driving the software architecture and engineering of SIEM/SOAR and unified risk management ecosystems, applying software engineering principles to build scalable, API-driven security solutions.
Responsibilities:
- Architect and engineer scalable, cloud-native SIEM solutions, utilizing Infrastructure-as-Code principles to manage log ingestion pipelines and storage
- Develop and maintain robust data pipelines to ingest, transform, and normalize security logs from diverse endpoints (APIs, cloud platforms, firewalls) into the SIEM, ensuring high data fidelity and low latency
- Write and optimize custom parsers using Regex and scripting languages to map raw log data to standardized security models, ensuring consistent data structures for analysis
- Program custom integrations connecting third-party tools and streaming data sources to the SIEM via REST APIs and webhooks
- Collaborate with DevOps and Application teams to define logging standards and embed security telemetry requirements early in the software development lifecycle (SDLC)
- Manage the full lifecycle of the SIEM platform, including health monitoring, troubleshooting ingestion failures, and debugging parsing errors to ensure 24/7 availability
- Proactively analyze ingestion volume against capacity limits to identify optimization opportunities, implementing granular log tuning and exclusion rules that minimize licensing costs and maximize the signal-to-noise ratio
- Engineer automated provisioning workflows using Infrastructure as Code (IaC) to programmatically manage both the underlying infrastructure and complex IAM policies supporting the security platforms
Requirements:
- Bachelor's degree in Computer Science, Cyber Security, Information Systems or related field
- 6+ years of overall software engineering experience
- 2+ technical experience designing and maintaining scalable security data architectures
- Skilled in configuring cloud-native security & SIEM/SOAR platforms
- Experience with security logging, data sources, log parsing & tuning and industry best practices for log ingestion
- Experience administering cloud-native security platforms, with a specific focus on maintaining platform health, troubleshooting configuration issues, and managing complex IAM roles to ensure granular access control
- 2+ years hands-on development experience on cloud native platforms, preferably Google Cloud Platform
- Proficiency in scripting languages like Python, Go, Java, or Bash for automation, data manipulation, and integration tasks
- Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions or similar
- Knowledge of secure coding practices
- Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective service for scaling
- Robust knowledge of system design principles including reliability, availability, and scalability
- Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites)
- Strong understanding of network security, log analysis, threat detection, and incident response
- Knowledge of RESTful APIs, data integration techniques, and infrastructure-as-code tools (e.g., Terraform, Ansible)
- Analytical and Problem-Solving Skills: Ability to analyze complex data systems, identify improvement opportunities, and translate business requirements into detailed technical designs
- Excellent analytical skills and attention to detail for solving complex problems with many variables
- Communication and Collaboration: Strong verbal and written communication skills to articulate technical issues, collaborate with stakeholders, and create comprehensive documentation
- Ability to work effectively in a team environment and interact with various internal and external teams
- Comfortable supporting multiple client environments and balancing delivery with operations
- Security & Cloud skills: Familiarity with security concepts, cybersecurity frameworks such as NIST, MITRE ATT&CK threat hunting, and cyber threat intelligence
- Strong technical experience working in multi-cloud platforms, particularly Google Cloud