Security Engineer - DevSecOps Ford Motor Company

  • company name Ford Motor Company
  • working location Office Location
  • job type Full Time

Experience: 3 - 3 years required

Pay:

Salary Information not included

Type: Full Time

Location: Chennai

Skills: Security testing, Sast, Dast, Container Image scanning, automation scripts, DevOps platforms, cloud platforms, Agile processes, AI ML, LLMs

About Ford Motor Company

Job Description

The DevSecOps Security engineer will be responsible for enabling security testing services throughout the lifecycle of an application with the required processes and technologies. This includes cultivating a mindset of "secure by design" within the developer community, supporting driving automation via the application's CI/CD Pipeline, and supporting vulnerability remediation. The ideal candidate should have experience in Security testing activities such as SAST, DAST, Container Image scanning, and associated tools. A deep understanding of modern web application architectures including Microservices, SPAs, and APIs is essential. Experience with writing automation scripts, DevOps platforms like Tekton, CloudBuild, Github Actions, and cloud platforms such as GCP, Azure, or AWS is required. Good knowledge of Agile processes, AI/ML, and LLMs is also desired. Qualifications for this role include three or more years of experience in DevSecOps or Application Security Testing, along with an MCA or B.E/B.Tech (Computer Science/IT) or MS-IT degree from an accredited institution. DevSecOps or Application Security related certifications are preferred. Knowledge of Information Security Policies/Frameworks, being a self-starter, strong interpersonal skills, good communication and presentation skills, willingness to learn new technologies, and work flexible hours across time zones are necessary attributes. Position responsibilities involve defining policies and processes to support DevSecOps for the Enterprise, engaging early with developers in the software development lifecycle, identifying and implementing opportunities for automating security testing, facilitating the onboarding of applications into security tools, supporting application teams with vulnerability remediation, spreading awareness about application security and DevSecOps, working closely with security tool vendors, and producing necessary operational and vulnerability metrics for cyber and operations Leadership.,