DevSecOps

The DevSecOps engineer ensures that every step of the software development lifecycle (SDLC) follows security best practices, works to automate security processes, embed security testing, and foster a culture of shared responsibility between development, operations, and security teams. They also implement secure coding practices, identify and mitigate vulnerabilities early through tools, review for secure cloud infrastructure, and ensure compliance with security standards to help teams for rapid software delivery.

Technical Skills & Responsibilities

• Programming & Development: Strong development or scripting experience, specifically in Java, to automate routine tasks and improve system reliability.
• Code Security: Perform security-focused code reviews to identify, triage, and fix vulnerabilities and bugs.
• Security Expertise: Deep familiarity with common security flaws (e.g., OWASP Top 10) and the use of security libraries and static analysis tools (SAST).
• DevSecOps & Automation: Integrate, monitor, and improve DevSecOps tools and processes, including automated enforcement and code-based compliance.
• Vulnerability Management: Perform continuous vulnerability assessments, risk mitigation, and risk management.

• Advanced Security Architecture: Design and implement Zero Trust security models, platform-based controls, and automated guardrails.

• Technical Consultation: Support and consult with product and development teams to address application security risks throughout the lifecycle.
• Training & Mentorship: Provide security training, outreach, and mentoring to internal teams and customers.
• Process Improvement: Monitor KPIs and customer experience to refine security processes and adherence.
• Communication: Professional written and verbal communication skills with the ability to articulate complex technical topics clearly.
• Collaboration: Proven ability to work effectively and collaboratively within software development environments.

This description outlines the general nature and scope of work typically performed in this job. It is not intended to be an exhaustive list of all duties, responsibilities, knowledge, skills, work requirements, etc. It may vary slightly based on business or geographic needs and is subject to being reviewed and updated periodically.  

• Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience.
• Minimum of 3 years of professional experience
• Desirable Certified DevSecOps Professional (CDP), Certified Kubernetes Administrator (CKA) or Certified Kubernetes Security (CKS) and HashiCorp Certified: Terraform Associate.

DISCLAIMER:
Ford Motor Company is an Equal Opportunity Employer, as we are committed with a diverse workforce, and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran and basis of disability.