Overview
On Site
Contract - W2
Skills
google cloud platform
Amazon Web Services
NIST 800-53
Cyber security
Software security
Enterprise services
ISO/IEC 27001:2005
Enterprise architecture
Internal control
Incident management
Cloud computing
Configuration Management
IT management
Risk management
Computer science
Computer engineering
Vulnerability management
Software engineering
Security operations
Decision-making
Automated testing
Test plans
System security
Microsoft Azure
NIST SP 800 Series
JavaScript
Security engineering
Cloud security
Security architecture
Version control
IT operations
MI
Software development
Continuous integration
Continuous delivery
SCA
Testing
Auditing
ICC
Collaboration
Operations
IT outsourcing
Regulatory Compliance
Policies
Partnership
SAP GRC
Automation
Provisioning
Scalability
API
Scripting
Software development methodology
SEC
Purchasing
OWASP
Sarbanes-Oxley
Java
Python
Ruby
Management
Authorization
CISSP
CISA
CISM
Git
GitHub
Splunk
Reporting
Research
Privacy
Job Details
Job Description
Position Title: Cyber Security Consultant/Expert
Location - Dearborn, Mi, 48121
Position Description:
Act as a senior subject matter expert for secure coding, evaluating, and implementing processes to mature application security.
Provide consulting services to all Ford Pro product teams, providing guidance and education on code security related problems by leveraging enterprise services across product lifecycles, identifying vulnerabilities, and implementing secure solutions.
Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.
Support ISO 27001 certification preparation of all Ford Pro software products and services.
Support all teams dealing with Audit, ICC Control Review and OICs as they occur.
Collaborate across Ford Pro Tech, Information Tech Operations (ITO), Enterprise Architecture, Model E and Enterprise Cyber Security organizations and so many more.
Work with all regular security and compliance annual activities and education plan for all Ford Pro teams to ensure compliance with corporate policies to deliver Ford+ plan.
Facilitate getting all known control gaps identified and develop control improvement plans in partnership with Internal Controls team as part of GRC processes.
Partner with Cyber Defense during incident response for Ford Pro teams, as required.
Support and develop automation solutions that enable our product teams to build and deploy code quickly.
Leverage cloud technology to promote fast provisioning and scalability.
Implement industry best practices for API configuration management.
Cross between technology and business topics being able to explain security topics to any audience.
Operate independently and adapt to dynamic needs of the organization and changing teams.
Skills Required:
Bachelor's degree in business, Cyber Security, IT management, Risk Management, Computer Science, or Computer Engineering or any related field
5+ years' experience in cybersecurity analysis, vulnerability management, security consulting, secure software engineering.
Experience in security operations including delivery of security findings to software engineering teams and consulting on risk priorities for vulnerabilities.
Ability to work collaboratively with others and navigate complex decision making.
Familiarity with automation test scripts, test plans and configuration of test systems, security testing tools and their use in an SDLC.
Experience working with Google Cloud Platform and particularly securing Google Cloud Platform assets and development pipelines.
Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
Skills Preferred:
Experience supporting cloud-based platforms in an enterprise environment such as: Google Cloud Platform (Google Cloud Platform), Microsoft Azure, and Amazon Web Services (AWS).
Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc.
Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
Working knowledge of API Security
Security coding experience with languages like Java, Java Script, Python, Ruby or equivalent
Strong understanding of Security Engineering concepts around key management, authorization, Cloud Security etc.
Experience working with GAO and/or Internal Control
Certifications are highly valued (CISSP, CISA, CISM, etc.)
Master's degree in cyber security, Computer Science, Software Engineering, or a related field.
Security architecture experience collaborating with software product teams.
Experience with Git/GitHub or equivalent source control repositories.
Experience using a centralized logging solution such as Splunk or Datadog for monitoring and reporting.
IT operations, security, and/or infrastructure experience in an enterprise environment.
Experience with vulnerability management with understanding of CVEs, CWEs and how to research and manage risks.
Comfortable communicating with different levels and audiences effectively to gain attention collaboratively while not causing panic or animosity.
A strong drive to keep learning new tools, ideas, techniques and methodologies to change culture to one based on building security and privacy into solutions from inception.
Motivated to support compliance to standards and policies as foundational to security.
Experience Required:
5+ years' experience in cybersecurity analysis, vulnerability management, security consulting, secure software engineering.
Experience in security operations including delivery of security findings to software engineering teams and consulting on risk priorities for vulnerabilities.
Ability to work collaboratively with others and navigate complex decision making.
Familiarity with automation test scripts, test plans and configuration of test systems, security testing tools and their use in an SDLC.
Experience working with Google Cloud Platform and particularly securing Google Cloud Platform assets and development pipelines.
Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
Education Required:
Bachelor's degree in business, Cyber Security, IT management, Risk Management, Computer Science, or Computer Engineering or any related field
Position Title: Cyber Security Consultant/Expert
Location - Dearborn, Mi, 48121
Position Description:
Act as a senior subject matter expert for secure coding, evaluating, and implementing processes to mature application security.
Provide consulting services to all Ford Pro product teams, providing guidance and education on code security related problems by leveraging enterprise services across product lifecycles, identifying vulnerabilities, and implementing secure solutions.
Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.
Support ISO 27001 certification preparation of all Ford Pro software products and services.
Support all teams dealing with Audit, ICC Control Review and OICs as they occur.
Collaborate across Ford Pro Tech, Information Tech Operations (ITO), Enterprise Architecture, Model E and Enterprise Cyber Security organizations and so many more.
Work with all regular security and compliance annual activities and education plan for all Ford Pro teams to ensure compliance with corporate policies to deliver Ford+ plan.
Facilitate getting all known control gaps identified and develop control improvement plans in partnership with Internal Controls team as part of GRC processes.
Partner with Cyber Defense during incident response for Ford Pro teams, as required.
Support and develop automation solutions that enable our product teams to build and deploy code quickly.
Leverage cloud technology to promote fast provisioning and scalability.
Implement industry best practices for API configuration management.
Cross between technology and business topics being able to explain security topics to any audience.
Operate independently and adapt to dynamic needs of the organization and changing teams.
Skills Required:
Bachelor's degree in business, Cyber Security, IT management, Risk Management, Computer Science, or Computer Engineering or any related field
5+ years' experience in cybersecurity analysis, vulnerability management, security consulting, secure software engineering.
Experience in security operations including delivery of security findings to software engineering teams and consulting on risk priorities for vulnerabilities.
Ability to work collaboratively with others and navigate complex decision making.
Familiarity with automation test scripts, test plans and configuration of test systems, security testing tools and their use in an SDLC.
Experience working with Google Cloud Platform and particularly securing Google Cloud Platform assets and development pipelines.
Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
Skills Preferred:
Experience supporting cloud-based platforms in an enterprise environment such as: Google Cloud Platform (Google Cloud Platform), Microsoft Azure, and Amazon Web Services (AWS).
Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc.
Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques
Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
Working knowledge of API Security
Security coding experience with languages like Java, Java Script, Python, Ruby or equivalent
Strong understanding of Security Engineering concepts around key management, authorization, Cloud Security etc.
Experience working with GAO and/or Internal Control
Certifications are highly valued (CISSP, CISA, CISM, etc.)
Master's degree in cyber security, Computer Science, Software Engineering, or a related field.
Security architecture experience collaborating with software product teams.
Experience with Git/GitHub or equivalent source control repositories.
Experience using a centralized logging solution such as Splunk or Datadog for monitoring and reporting.
IT operations, security, and/or infrastructure experience in an enterprise environment.
Experience with vulnerability management with understanding of CVEs, CWEs and how to research and manage risks.
Comfortable communicating with different levels and audiences effectively to gain attention collaboratively while not causing panic or animosity.
A strong drive to keep learning new tools, ideas, techniques and methodologies to change culture to one based on building security and privacy into solutions from inception.
Motivated to support compliance to standards and policies as foundational to security.
Experience Required:
5+ years' experience in cybersecurity analysis, vulnerability management, security consulting, secure software engineering.
Experience in security operations including delivery of security findings to software engineering teams and consulting on risk priorities for vulnerabilities.
Ability to work collaboratively with others and navigate complex decision making.
Familiarity with automation test scripts, test plans and configuration of test systems, security testing tools and their use in an SDLC.
Experience working with Google Cloud Platform and particularly securing Google Cloud Platform assets and development pipelines.
Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents.
Education Required:
Bachelor's degree in business, Cyber Security, IT management, Risk Management, Computer Science, or Computer Engineering or any related field