Cloud Architech

Job Title: Cloud-Native Security & AI Architect (GCP / Zero Trust) Location: Hybrid — Dearborn, MI or Fully Remote (US based) Team: Ford Credit Enterprise Architecture

About the Role: Ford Credit is accelerating its transition to a Zero-Trust security model on Google Cloud Platform (GCP) and maturing their enterprise cloud security patterns. They are seeking a Cloud-Native Security & AI Architect to guide on-prem workload migrations into a secure, well-architected GCP environment, while also shaping their approach to safe and effective AI enablement (with a focus on agentic patterns in the SDLC). This role will help establish practical reference architectures, answering various “How do I do X securely?” questions from internal teams, driving clarity where standards are still emerging.

What Success Looks Like (6–12 Months):

• Documented, adopted reference architectures and patterns for Zero Trust on GCP.
• Reduced critical security gaps across migrated workloads; measurable maturity lift (e.g., from 1/5 toward 3/5).
• Repeatable Apigee patterns established; known gaps documented with remediation backlog and owners.
• Teams self-serve with “How to do X securely?” guides; faster decision cycles and fewer escalations.
• Safe, pragmatic AI enablement patterns integrated into SDLC with clear guardrails and logging.
• Established security governance frameworks and stage-gates with both automation and human-in-the-loop processes.

Tools & Ecosystem: GCP (IAM, Workload Identity, VPC, SCC, Cloud Armor, Secret Manager, Logging/Monitoring, GKE/Cloud Run, Build/Artifact), Apigee, GitHub, JIRA, Confluence, Vault (as applicable), Terraform (nice to have).

Zero-Trust Cloud Security Architecture (GCP) – primary focus

• Define and mature security architecture patterns and reference architectures for cloud-native workloads on GCP.
• Provide day-to-day guidance to application teams migrating from legacy environments to a new Zero-Trust GCP segment.
• Conduct gap analyses and recommend remediations to raise security maturity.
• Translate Ford’s Information Security Policies (ISP) into actionable architecture guidance and guardrails.
• Establish “golden paths” for securing RPC endpoints, service-to-service auth, workload identity, runtime security, and logging.
• Design and document secure patterns for hybrid connectivity, ensuring safe data exchange and identity federation between on-premise data centers (including mainframe environments) and GCP.
• Develop a holistic security strategy for critical third-party SaaS applications, focusing on identity integration (SSO), data governance, and unified visibility.
• Partner with threat modeling, networking, and data architecture teams to ensure holistic, risk-balanced designs.

API & Apigee Security Enablement

• Define patterns for securing APIs and RPC endpoints with Apigee (authN/Z, token flows, rate limiting, telemetry).
• Identify platform gaps; collaborate with Ford’s Apigee owner (EPEO) to drive improvements and reusable examples.

AI Architecture (Agentic SDLC) – secondary focus

• Evaluate AI-enabled solutions for safety and security: “Is this secure? Is it safe? Are we allowed to do this?”
• Define secure agent patterns for SDLC use cases (e.g., agents drafting JIRAs, triaging issues).
• Apply AI safety best practices (prompt injection defenses, tool/API misuse prevention, data leakage controls).
• Design human-in-the-loop, decision traceability, and auditable logging for AI-assisted decision flows.

Process & Enablement

• Create and maintain clear, consumable architecture documentation and standards from multiple sources.
• Mentor teams; answer questions rapidly; help the org balance speed with security in a zero-trust context.
• Contribute to a pragmatic roadmap to improve security maturity across the portfolio.