Cyber Defense Response Analyst (AI & Automation Focus)

Role Overview This position is for a Cyber Defense Response Analyst & AI Developer with a primary focus on architecting and deploying agentic AI tools to proactively identify and remediate suspicious activity across cloud, network, and host-based environments. This role serves as a critical bridge between traditional incident response and advanced security engineering by developing Agentic AI workflows and conducting AI-driven threat hunting and incident investigation.

Impact and Scope As a Response Analyst, you will provide proactive and reactive security services to safeguard Ford’s technology, infrastructure, applications, and data. You will develop autonomous agents designed to analyze massive, complex datasets to identify "weak signals" and stealthy adversary behaviors that traditional SIEM and EDR tools often miss. The scope of this role encompasses all Ford Motor Company assets, including subsidiaries and joint ventures worldwide.

Candidate Profile Successful candidates must demonstrate a deep interest in computer forensics or penetration testing, supported by a proven track record in proactive threat hunting or AI/ML-enhanced security operations. You should possess significant technical depth across cloud, network, or host architectures, with the specialized ability to build autonomous agents that measurably enhance the Cyber Defense Center’s (CDC) investigative capabilities.

Leadership and Culture Essential leadership behaviors include strong oral and written communication skills, a collaborative team-first mindset, and a high level of personal integrity. You will be expected to translate complex AI concepts into actionable security outcomes while mentoring peers on emerging automated defense techniques.

Work Schedule Candidates must be willing to work a Hybrid schedule, currently requiring 4 days per week in-office at our southeast Michigan metro area location.

• Agentic SOC AI Development: Design, develop, and deploy autonomous AI agents to automate complex threat hunting tasks, alert triage, and incident investigations. 
• AI Threat Hunting: Execute hypothesis-driven hunting campaigns using AI/ML to identify anomalies, lateral movement, and "living-off-the-land" techniques across enterprise datasets. 
• Automated Detection Engineering: Transform manual hunt findings and AI-generated insights into durable, automated detection rules and LLM-orchestrated response playbooks. 
• Incident Investigation & Response: Lead coordinated responses to major intrusions, phishing, and misuse of computing facilities using EDR, SIEM, and Cloud logs to minimize asset loss and threat propagation. 
• Cross-Domain Correlation: Build and maintain RAG (Retrieval-Augmented Generation) systems and agents that correlate telemetry across endpoint, network, identity, and cloud environments. 
• Operational Excellence: Develop consistent and repeatable methods to resolve security incidents, ensuring high-quality results are delivered in a timely manner. 
• Continuous Improvement: Identify and incorporate IT security improvement opportunities, replacing manual, repetitive procedures with agentic workflows to reduce MTTD and MTTR. 
• Compliance & Governance: Ensure all incident response and data handling activities enable compliance with global laws, regulations, and due diligence requirements. 
• Enterprise Collaboration: Leverage enterprise-wide skill sets and collaborate with global stakeholders to handle high-visibility or large-scale security events. 
• Mentorship & Leadership: Mentor junior and peer analysts in proper incident handling techniques and the adoption of emerging AI-driven hunting and forensic tools.

• Cybersecurity or Threat Hunting Experience: 2+ years of experience in Cybersecurity, with a specific focus on Threat Hunting, SOC operations, Incident Response, or Red Teaming/Penetration Testing. 
• AI/ML for Security: Proven experience applying machine learning or statistical analysis to large-scale security telemetry, including logs, endpoint data, network traffic, and cloud events. 
• Programming Proficiency: Advanced Python skills with demonstrated experience building security automation, data correlation scripts, and interacting with LLM APIs. 
• Technical Depth: Sound understanding of TCP/IP, networking concepts, and adversary tactics, techniques, and procedures (TTPs) mapped to the MITRE ATT&CK and MITRE ATLAS frameworks. 
• Operating System Expertise: Thorough knowledge of multiple operating systems, with primary proficiency in Linux and secondary proficiency in either Mac or Windows. 
• Critical Thinking & Analysis: Strong deductive reasoning and problem-solving skills, with the ability to form and test complex hunt hypotheses and prioritize tasks under pressure. 
• Operational Discipline: Experience working in a fast-paced, high-stress environment with a disciplined approach to following detailed processes, procedures, and documentation. 
• Tool & Process Development: Experience assisting in the development and maintenance of security tools, standard operating procedures (SOPs), and technical documentation. 
• Communication & Service: Excellent customer service skills, including the ability to handle escalations, manage incident communications, and resolve complex security issues. 
• Professional Integrity & Initiative: Demonstrated high level of independent initiative, drive for results, and personal integrity. 
• Operational Flexibility: Personal flexibility to accommodate a day-to-day work schedule that may require significant overtime or limited travel during global or high-visibility incidents.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:
• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.

This position is a salary grade 6-8 and ranges from $85,400-$192,900.    

Final determination of salary grade will be based on candidate's skills and experience, and base salary will be set within the applicable range according to job scope, responsibility and competitive market value.

For more information on salary and benefits, click here: https://fordcareers.co/GSR

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

This position is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week. 

#LI-Hybrid

#LI-GR1