Cyber Defense Analyst

JOB DESCRIPTION

At Ford Motor Company, we believe freedom of movement drives human progress. We also believe in providing you with the freedom to define and realize your dreams. With our incredible plans for the future of mobility, we have a wide variety of opportunities for you to accelerate your career potential as you help us define tomorrow's transportation.

This role will be focused on operating and improving Ford's Cyber Defense Center (CDC) efforts within the Office of the CETO organization. The CDC mission is to provide proactive and reactive security services to protect Ford Motor Company Global digital information assets from compromise. Ford Motor Company must be able to respond to information security-related incidents in a manner that protects corporate information and ensures the protection of additional information which might be affected by the incident. The Threat Integration Analyst is focused on integrating threat and intelligence information across Ford's security landscape including SIEM, SOAR, EDR, Intelligence, and other tools in order to protect any Ford Motor Company asset or asset of any subsidiary or joint venture worldwide.

Successful candidates must have a significant interest in the Cyber Defense background. The candidate should display strong technical depth that spans cloud, network, and hosts. Experience in understanding modern computing vulnerabilities, attack vectors and exploits is recommended. Leadership behaviors must include solid oral and written communications skills, focus on teamwork, and a high level of personal integrity. In this role, candidate will understand existing and emerging threat actors, and be able to identify rapidly changing tools, tactics, and procedures of attacks.

Candidates must be willing to work a Hybrid work pattern, with a 4 day in-office schedule.

QUALIFICATIONS

The minimum requirements we seek :

• Bachelor's degree in a computer related field
• Highly capable Python programming skills focused on Rest API's for organizing and moving data across myriad platforms and tooling
• 2+ years of experience with SIEM tools with preference for Chronicle
• Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
• Experience in a fast paced, high stress, support environment, able to work with a sense of urgency and pay attention to detail
  Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management.

Our preferred requirements:

• 2+ years prior SOC operational experience
• Sound understanding of Cloud, TCP/IP and networking concepts.
• In depth knowledge of servers, clients, various computer peripherals, network and/or Storage technologies
• Thorough knowledge of multiple operating systems specifically Windows and (Mac or Linux)
• Familiar with Ford Computing Infrastructure and application development life cycle (SDM)
• Demonstrate high level of independent initiative, drive for results, quality methods and integrity

RESPONSIBILITIES

What you'll be able to do:

• Develop and implement in Python SOAR orchestration to integrate logs, events, data feeds, execute Incident Response actions, etc.
• Create, enhance, and tune curated and custom SIEM threat detections
• Partner with IT Operations teams for current and future log source ingestion and parsing into SIEM and SOAR environments
• Technical project management for software upgrades and maintenance using the AGILE framework