Identity Security Operations Engineer

We're looking for a Security Engineer to join our Identity and Access Management team, specifically handling the support and engineering of Privileged Access Management solutions. This is a fantastic opportunity to use your skills to tackle critical security challenges, helping secure and operate our cloud, on-prem, and hybrid environments. You'll be working within a DevSecOps team, engineering and supporting our essential Privileged Access Management (PAM) applications and infrastructure within our Identity and Access Management (IAM) department. It's a dynamic role where you'll build secure, automated controls, automate security tasks, provision and onboard new customers and provide Global support for the Platform, ensuring operational excellence while getting exposure to various global business units and technology teams across the company.

What you’ll be able to do: As part of the Enterprise Privileged Access Management Platform team, this role offers an exciting opportunity to apply your operations and engineering skills to critical security challenges, helping secure our vital cloud, on-prem, and hybrid environments.

This position requires a candidate capable of managing concurrent and complex engineering and operational tasks, implementing secure, scalable, automated, and resilient access controls, automating security tasks, and ensuring operational excellence across a hybrid/multi-cloud Security IAM (Identity and Access Management) platform.

Due to the business-critical and global nature of the Enterprise Privileged Access Management (ePAM) platform, this position provides an outstanding opportunity to grow your IT Security skills, while engaging with Ford’s Global business units, JVs and Technology teams, including Ford Credit, Ford Pro and Model e, Ford Blue, Manufacturing, IT, Employee Experience, Enterprise Connectivity/Network teams and Cyber Defense teams.

Skills and Responsibilities:

· Responsible for engineering, implementing, and operating various security services within the Enterprise Privileged Access Management (ePAM) platform.

· Work directly with customers to on-board credentials/applications/roles into various PAM solutions within the platform.

· Identify and mitigate threats, handle Identity Access Management (IAM) release engineering, provisioning and maintenance of platform infrastructure, system administration, and security tools.

· Apply Site Reliability Engineering (SRE) principles to ensure the highest Quality of Service and Incident Response for the ePAM platform.

· Conduct change management with a continuous integration and continuous delivery (CI/CD) mindset, providing application infrastructure engineering and global platform operations support for solutions like BeyondTrust Password Safe, Microsoft LAPS, EPM, and PIM in our EntraID/Azure AD Tenant.

· Design, implement, and maintain robust monitoring and observability solutions (including metrics, logs, and traces) to ensure maximum availability, instant detection of issues, and deep insights into system behavior, performance, and security events. Utilize detection and monitoring tools (e.g., Dynatrace) to analyze system health, proactively detect suspicious activity, and develop/maintain comprehensive alerts, dashboards, and reporting.

· Develop and leverage Standard Operating Procedures (SOPs), conduct risk assessments, and respond to internal, external, and customer audits, ensuring all actions comply with Security, Auditor, and Ford IT policies/best practices.

· Provide hands-on engineering/support experience with a broad range of Operating Systems (e.g., Windows Server/Client, Unix/Linux) and Database Platforms (e.g., MS SQL, Oracle, Teradata), including virtualization technologies like vSphere/ESX and Red Hat OpenShift.

· Collaborate with the Global ePAM team, IT service teams, customers, and vendors to triage and resolve operational incidents within target Service Level Agreements (SLAs).

· Develop and maintain Disaster Recovery (DR) and Business Continuity (BCP) plans; perform DR and BC testing in compliance with Ford IT Policy and Auditor requirements.

· Maintain documentation of all administrative processes, procedures, and configurations.

· Interact with team members to improve tools, technology stack, and application performance and stability.

· Resolve issues and concerns through collaboration with customers, engineering Subject Matter Experts (SMEs), and product vendors.

· Propose, configure, and implement enterprise solutions (covering both process and technical aspects) according to established standards and industry best practices.

· Participate in the design, implementation, integration, and maintenance of software, technical infrastructure, and services (covering all aspects of the technology lifecycle).

· Develop implementation requirements for technical infrastructure and services.

· Develop project charters and/or project requirements (cost, timing, scope, contingency, and risks).

· Develop support and deployment plans for technical infrastructure and services.

· Conduct rigorous testing and deployment of vendor product updates with robust change control processes, aiming for 99.99% uptime.

· Identify and mitigate bugs/security risks with vendor products while delivering enhancements and integrations that meet/exceed customer expectations.

Preferred Experience/skills:

· In-depth understanding of Enterprise Security, with a strong emphasis on Identity and Access Management and PAM solutions like BeyondTrust, CyberArk (prem and SaaS) and Azure/Google Cloud IAM (Identity and Access Management) including Entra PIM (Privileged Identity Management), InTune suite

· Experience with designing, supporting and implementing solutions with an SRE (Site Reliability Engineering) approach and utilizing Monitoring, Alerting and Observability tools such as Dynatrace and Splunk.

· Experience with CI/CD development, DevSecOps, Infrastructure as code.

· Basic experience with utilizing scripting and automation tools (e.g., Perl, Python, BASH, PowerShell) and API workflows.

· Experience with the investigation, response, and resolution of security and reliability incidents, applying SRE practices and focusing on minimizing Mean Time To Detect (MTTD) and Mean Time To Recover (MTTR).

· Highly motivated individual with strong Information Security Controls, Policy and Assurance and Shift Left, and Compliance experience/skills.

· Demonstrable ability to collaborate with other skills teams to rapidly identify and resolve problems in a complex enterprise environment with multiple technical interdependencies.

· Strong written and verbal communication skills with a high degree of attention to detail.

· A curious mindset, with the ability to learn new technology quickly and train others.

· Demonstrable ability to work within a globally dispersed team environment.

· Proven track record to develop and document requirements.

· Ability to solve complex technical issues in a prem/hybrid/cloud enterprise Security environment.

· Experience with Agile planning tools such as JIRA.

Basic Qualifications:

· Bachelor’s degree in Computer Science, Information Technology or Identity and Security Assurance

· 5+ years of total IT experience

· 2+ years of Security Operations Support and Engineering experience