Security Engineer - DevSecOps Ford Motor Company
Ford Motor Company
Office Location
Full Time
Experience: 3 - 3 years required
Pay:
Salary Information not included
Type: Full Time
Location: Chennai
Skills: Security testing, Sast, Dast, Container Image scanning, automation scripts, DevOps platforms, cloud platforms, Agile processes, AI ML, LLMs
About Ford Motor Company
Job Description
The DevSecOps Security engineer will be responsible for enabling security testing services throughout the lifecycle of an application with the required processes and technologies. This includes cultivating a mindset of "secure by design" within the developer community, supporting driving automation via the application's CI/CD Pipeline, and supporting vulnerability remediation. The ideal candidate should have experience in Security testing activities such as SAST, DAST, Container Image scanning, and associated tools. A deep understanding of modern web application architectures including Microservices, SPAs, and APIs is essential. Experience with writing automation scripts, DevOps platforms like Tekton, CloudBuild, Github Actions, and cloud platforms such as GCP, Azure, or AWS is required. Good knowledge of Agile processes, AI/ML, and LLMs is also desired. Qualifications for this role include three or more years of experience in DevSecOps or Application Security Testing, along with an MCA or B.E/B.Tech (Computer Science/IT) or MS-IT degree from an accredited institution. DevSecOps or Application Security related certifications are preferred. Knowledge of Information Security Policies/Frameworks, being a self-starter, strong interpersonal skills, good communication and presentation skills, willingness to learn new technologies, and work flexible hours across time zones are necessary attributes. Position responsibilities involve defining policies and processes to support DevSecOps for the Enterprise, engaging early with developers in the software development lifecycle, identifying and implementing opportunities for automating security testing, facilitating the onboarding of applications into security tools, supporting application teams with vulnerability remediation, spreading awareness about application security and DevSecOps, working closely with security tool vendors, and producing necessary operational and vulnerability metrics for cyber and operations Leadership.,