DevOps Engineer-Security Identity & Access Management

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves? 

As part of the Security Identity and Access Management team, we are hiring a DevOps Engineer with a primary technical focus on Google Cloud Platform (GCP). This role offers an exciting opportunity to apply your strong cloud engineering skills to critical security challenges, helping secure our vital cloud, on-prem, and hybrid environments.

You will be a key contributor in a DevSecOps framework, blending development, operations, and security practices to build and maintain our Identity and Access Management (IAM) and Privileged Access Management (PAM) infrastructure. This position requires a candidate capable of managing concurrent and complex development and operational tasks, implementing secure, scalable, automated, and resilient access controls, automating security tasks, and ensuring operational excellence across the platform. You'll work primarily with GCP, understanding how different PAM/IAM systems might coexist or integrate across our enterprise.

Due to the business-critical and global nature of the ePAM platform, this position provides an outstanding opportunity to engage with, deliver value and gain exposure to Global business units, JVs and Technology teams, including Ford Credit, Ford Pro and Model e, Ford Blue, Manufacturing, EPEO, Application Employee Experience, Enterprise Connectivity/Network teams and Cyber Defense.

 

What you'll do...

1.    Secure, Reliable, and Scalable IAM/PAM Implementation in GCP:
•    You will contribute to the design and implement secure, reliable, and scalable GCP IAM/PAM policies and structures, rigorously applying the principle of least privilege across our GCP footprint (Organizations, Folders, Projects). This includes implementing and refining secure patterns for managing GCP IAM/PAM roles, service accounts, and their credentials, leveraging modern GCP security features like Workload Identity Federation and Access Context Manager, while also considering the availability and performance impact.
•    You will conduct technical security and reliability reviews of proposed GCP architectures to identify and mitigate potential identity and access-related risks and single points of failure early in the lifecycle.
2.    Implementing and Managing PAM Solutions with Reliability in Mind (Across Hybrid Environments):
•    You will implement and maintain solutions for managing privileged accounts and secrets across our environment, with a focus on assets within or interacting with GCP, Entra/InTune. This includes leveraging GCP-native services like Secret Manager where appropriate and understanding how to integrate with or manage credentials stored within other enterprise PAM tools.
•    You will define and enforce security policies around privileged session management, monitoring, and auditing, considering the operational stability and capabilities of the various PAM tools in use.
3.    Automated Security Enforcement & Operational Excellence (DevSecOps & SRE Integration):
•    You will embed automated security and operational checks, including validation for IAM/PAM configurations, directly into our CI/CD pipelines using Infrastructure as Code (IaC) tools like Terraform for GCP resources, to prevent insecure or unstable deployments.
•    You will automate security-critical tasks such as credential rotation, access reviews, and compliance checks programmatically, championing "Security as Code" and "Operations as Code" across the GCP environment and potential integrations with other systems.
•    You will utilize APIs to develop solutions, collect identity-related data and automate security & operational tasks in a hybrid environment.
4.    Observability, Monitoring, Threat Detection, and Incident Response:
•    You will implement and maintain observability solutions (metrics, logs, traces) and configure relevant logging sources (including security and PAM logs) to gain deep insights into system behavior, performance, and security events.
•    You will utilize detection and monitoring tools (like Dynatrace or similar platforms) to analyze system health, performance, and availability, proactively detect suspicious or malicious activity, and develop/maintain security, performance, and availability alerts, dashboards, and reporting.
•    With our team being Global,  you will provide support and be a key participant in the investigation and response to and resolution of security and reliability incidents, applying SRE practices and focusing on minimizing Mean Time To Detect (MTTD) and Mean Time To Recover (MTTR).
5.    Security, Reliability Strategy, and Compliance:
•    You will contribute to the overall cloud security and reliability strategy, specifically focusing on evolving our IAM and PAM posture in GCP to address emerging threats, business needs, and operational requirements.
•    You will ensure that our IAM/PAM configurations and practices meet internal security standards, reliability targets (SLOs/SLIs), and external compliance requirements (e.g., SOC 2, ISO 27001), assisting in providing necessary audit evidence from relevant systems.
•    You will research and evaluate new security and reliability technologies and approaches in the IAM/PAM space, understanding how different solutions compare and could potentially integrate or complement our existing setup.
6.    Security & Reliability Collaboration and Knowledge Sharing:
•    You will share your security and reliability expertise for the ePAM platform, providing guidance and best practices to engineering, operations, and other teams. This includes helping teams understand secure credential handling, secure application interaction with GCP services, the importance of least privilege, and how these practices impact system reliability and performance across the different tools and platforms in use.
•    You will collaborate closely with other security teams, SRE teams, and platform owners to support a cohesive security and reliability strategy across potentially disparate systems.
7.    System Health, Security Maintenance, and Improvement:
•    You will maintain the security health, operational health, and performance of our PAM Platform infrastructure and tools, primarily focused on GCP but understanding the health of integrated or related systems.
•    You will stay current with the latest GCP security features, evolving security best practices, and advancements in cloud reliability patterns and SRE practices relevant to identity and access management. You'll also keep abreast of developments in major enterprise PAM approaches and solutions generally.
•    You will continuously seek opportunities to improve our security posture and system reliability across the relevant systems.
8.    Documentation:
•    You will create and maintain high-quality documentation, including security standards, risk assessments, architecture diagrams for access controls (detailing how different systems connect), system runbooks, operational procedures, and monitoring configurations for GCP and integrated PAM flows.
 

You'll have... 

• Bachelor’s degree in Computer Science, Information Technology OR a combination of education and experience
• 5+ years of IT experience
• 3+ years of Enterprise Google Cloud engineering experience 
• 2+ years of IT DevOps experience

Even better, you may have...

• Strong written and verbal communication skills with a high degree of attention to detail.
• Proven ability to independently identify, analyze, and solve complex technical and operational problems with minimal oversight.
• Ability to quickly learn new technologies and share knowledge with others.
• Demonstrable ability to work effectively within a globally dispersed team environment.
• Proven track record to develop and document requirements and technical solutions.
• Solid understanding and practical application of Site Reliability Engineering (SRE) principles and practices (SLOs/SLIs, toil reduction, incident response).
• Experience with CI/CD Pipeline development and integration, including Infrastructure as Code (IaC) tools like Terraform.
• Strong understanding and practical experience with GCP Identity and Access Management (IAM) concepts (roles, policies, service accounts, conditions, security best practices) and leveraging related security services (Workload Identity Federation, Access Context Manager, Secret Manager, Cloud Audit Logs) relevant to PAM.
• Hands-on experience with core GCP platform components such as Cloud Resource Hierarchy, Cloud Run, Cloud Task, and Cloud Scheduler.
• Experience with containerization (Docker) and orchestration (e.g., Kubernetes/GKE).
• Understanding of common authentication and authorization protocols (e.g., OAuth, OIDC, SAML, LDAP).
• Familiarity with GCP policy enforcement mechanisms (e.g., Organization Policies, VPC Service Controls).
• Experience with scripting and programming languages (e.g. Python, Golang, BASH, PowerShell) and utilizing APIs (potentially including Microsoft Graph API) for automation, data collection, and solution development in hybrid environments.
• Experience managing codebase and projects in GitHub.
• Experience with relevant detection and monitoring tools for system health, performance, and security, including GCP native logging/monitoring (Cloud Monitoring, Cloud Audit Logs) and APM/Observability platforms (like Dynatrace or similar).
• Strong understanding of core security principles (least privilege, defense-in-depth, Zero Trust).
• Experience with Agile development concepts and tools such as JIRA.
• Understanding of Enterprise security domains, with a strong emphasis on Cloud Security
• Familiarity with other enterprise Privileged Access Management (PAM) tools, including understanding or experience with Microsoft Entra Privileged Access Management and Beyond Trust Password Safe.
• Experience with Perl programming/scripting.
• Familiarity with security risk assessment methodologies and compliance frameworks (e.g., SOC 2, ISO 27001) relevant to identity and access scenarios.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, vision and prescription drug coverage

• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more

• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more

• Vehicle discount program for employees and family members and management leases

• Tuition assistance

• Established and active employee resource groups

• Paid time off for individual and team community service

• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day

• Paid time off and the option to purchase additional vacation time. 

For a detailed look at our benefits, click here: fordcareers.co/GSRnon-HTHD
This position is a range of salary grades 6-8.

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

#LI-Hybrid