<p>We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger than ourselves. Are you ready to change the way the world moves?</p> <p>As part of the Security Identity and Access Management team, we are hiring a DevOps Engineer with a primary technical focus on Google Cloud Platform (GCP). This role offers an exciting opportunity to apply your strong cloud engineering skills to critical security challenges, helping secure our vital cloud, on-prem, and hybrid environments.</p> <p>You will be a key contributor in a DevSecOps framework, blending development, operations, and security practices to build and maintain our Identity and Access Management (IAM) and Privileged Access Management (PAM) infrastructure. This position requires a candidate capable of managing concurrent and complex development and operational tasks, implementing secure, scalable, automated, and resilient access controls, automating security tasks, and ensuring operational excellence across the platform. You'll work primarily with GCP, understanding how different PAM/IAM systems might coexist or integrate across our enterprise.</p> <p>Due to the business-critical and global nature of the ePAM platform, this position provides an outstanding opportunity to engage with, deliver value and gain exposure to Global business units, JVs and Technology teams, including Ford Credit, Ford Pro and Model e, Ford Blue, Manufacturing, EPEO, Application Employee Experience, Enterprise Connectivity/Network teams and Cyber Defense.</p> <p>We're looking for a DevOps Engineer to join our Security Identity and Access Management (IAM) team, with a strong focus on Google Cloud Platform (GCP). This is a fantastic opportunity to use your cloud engineering skills to tackle critical security challenges, helping secure our cloud, on-prem, and hybrid environments. You'll be working within a DevSecOps framework, building and maintaining our essential IAM and Privileged Access Management (PAM) systems. It's a dynamic role where you'll build secure, automated controls, automate security tasks, and ensure operational excellence, all while getting exposure to various global business units and technology teams across the company.</p> <p>What you'll do...</p> <ol> <li>Secure, Reliable, and Scalable IAM/PAM Implementation in GCP: </li></ol> <ul> <li>You will contribute to the design and implement secure, reliable, and scalable GCP IAM/PAM policies and structures, rigorously applying the principle of least privilege across our GCP footprint (Organizations, Folders, Projects). This includes implementing and refining secure patterns for managing GCP IAM/PAM roles, service accounts, and their credentials, leveraging modern GCP security features like Workload Identity Federation and Access Context Manager, while also considering the availability and performance impact. </li><li>You will conduct technical security and reliability reviews of proposed GCP architectures to identify and mitigate potential identity and access-related risks and single points of failure early in the lifecycle. </li></ul> <ol start="2"> <li>Implementing and Managing PAM Solutions with Reliability in Mind (Across Hybrid Environments): </li></ol> <ul> <li>You will implement and maintain solutions for managing privileged accounts and secrets across our environment, with a focus on assets within or interacting with GCP, Entra/InTune. This includes leveraging GCP-native services like Secret Manager where appropriate and understanding how to integrate with or manage credentials stored within other enterprise PAM tools. </li><li>You will define and enforce security policies around privileged session management, monitoring, and auditing, considering the operational stability and capabilities of the various PAM tools in use. </li></ul> <ol start="3"> <li>Automated Security Enforcement & Operational Excellence (DevSecOps & SRE Integration): </li></ol> <ul> <li>You will embed automated security and operational checks, including validation for IAM/PAM configurations, directly into our CI/CD pipelines using Infrastructure as Code (IaC) tools like Terraform for GCP resources, to prevent insecure or unstable deployments. </li><li>You will automate security-critical tasks such as credential rotation, access reviews, and compliance checks programmatically, championing "Security as Code" and "Operations as Code" across the GCP environment and potential integrations with other systems. </li><li>You will utilize APIs to develop solutions, collect identity-related data and automate security & operational tasks in a hybrid environment. </li></ul> <ol start="4"> <li>Observability, Monitoring, Threat Detection, and Incident Response: </li></ol> <ul> <li>You will implement and maintain observability solutions (metrics, logs, traces) and configure relevant logging sources (including security and PAM logs) to gain deep insights into system behavior, performance, and security events. </li><li>You will utilize detection and monitoring tools (like Dynatrace or similar platforms) to analyze system health, performance, and availability, proactively detect suspicious or malicious activity, and develop/maintain security, performance, and availability alerts, dashboards, and reporting. </li><li>With our team being Global, you will provide support and be a key participant in the investigation and response to and resolution of security and reliability incidents, applying SRE practices and focusing on minimizing Mean Time To Detect (MTTD) and Mean Time To Recover (MTTR). </li></ul> <ol start="5"> <li>Security, Reliability Strategy, and Compliance: </li></ol> <ul> <li>You will contribute to the overall cloud security and reliability strategy, specifically focusing on evolving our IAM and PAM posture in GCP to address emerging threats, business needs, and operational requirements. </li><li>You will ensure that our IAM/PAM configurations and practices meet internal security standards, reliability targets (SLOs/SLIs), and external compliance requirements (e.g., SOC 2, ISO 27001), assisting in providing necessary audit evidence from relevant systems. </li><li>You will research and evaluate new security and reliability technologies and approaches in the IAM/PAM space, understanding how different solutions compare and could potentially integrate or complement our existing setup. </li></ul> <ol start="6"> <li>Security & Reliability Collaboration and Knowledge Sharing: </li></ol> <ul> <li>You will share your security and reliability expertise for the ePAM platform, providing guidance and best practices to engineering, operations, and other teams. This includes helping teams understand secure credential handling, secure application interaction with GCP services, the importance of least privilege, and how these practices impact system reliability and performance across the different tools and platforms in use. </li><li>You will collaborate closely with other security teams, SRE teams, and platform owners to support a cohesive security and reliability strategy across potentially disparate systems. </li></ul> <ol start="7"> <li>System Health, Security Maintenance, and Improvement: </li></ol> <ul> <li>You will maintain the security health, operational health, and performance of our PAM Platform infrastructure and tools, primarily focused on GCP but understanding the health of integrated or related systems. </li><li>You will stay current with the latest GCP security features, evolving security best practices, and advancements in cloud reliability patterns and SRE practices relevant to identity and access management. You'll also keep abreast of developments in major enterprise PAM approaches and solutions generally. </li><li>You will continuously seek opportunities to improve our security posture and system reliability across the relevant systems. </li></ul> <ol start="8"> <li>Documentation: </li></ol> <ul> <li>You will create and maintain high-quality documentation, including security standards, risk assessments, architecture diagrams for access controls (detailing how different systems connect), system runbooks, operational procedures, and monitoring configurations for GCP and integrated PAM flows. </li></ul> <p>What you'll do...</p> <ol> <li>Secure, Reliable, and Scalable IAM/PAM Implementation in GCP: </li></ol> <ul> <li>You will contribute to the design and implement secure, reliable, and scalable GCP IAM/PAM policies and structures, rigorously applying the principle of least privilege across our GCP footprint (Organizations, Folders, Projects). This includes implementing and refining secure patterns for managing GCP IAM/PAM roles, service accounts, and their credentials, leveraging modern GCP security features like Workload Identity Federation and Access Context Manager, while also considering the availability and performance impact. </li><li>You will conduct technical security and reliability reviews of proposed GCP architectures to identify and mitigate potential identity and access-related risks and single points of failure early in the lifecycle. </li></ul> <ol start="2"> <li>Implementing and Managing PAM Solutions with Reliability in Mind (Across Hybrid Environments): </li></ol> <ul> <li>You will implement and maintain solutions for managing privileged accounts and secrets across our environment, with a focus on assets within or interacting with GCP, Entra/InTune. This includes leveraging GCP-native services like Secret Manager where appropriate and understanding how to integrate with or manage credentials stored within other enterprise PAM tools. </li><li>You will define and enforce security policies around privileged session management, monitoring, and auditing, considering the operational stability and capabilities of the various PAM tools in use. </li></ul> <ol start="3"> <li>Automated Security Enforcement & Operational Excellence (DevSecOps & SRE Integration): </li></ol> <ul> <li>You will embed automated security and operational checks, including validation for IAM/PAM configurations, directly into our CI/CD pipelines using Infrastructure as Code (IaC) tools like Terraform for GCP resources, to prevent insecure or unstable deployments. </li><li>You will automate security-critical tasks such as credential rotation, access reviews, and compliance checks programmatically, championing "Security as Code" and "Operations as Code" across the GCP environment and potential integrations with other systems. </li><li>You will utilize APIs to develop solutions, collect identity-related data and automate security & operational tasks in a hybrid environment. </li></ul> <ol start="4"> <li>Observability, Monitoring, Threat Detection, and Incident Response: </li></ol> <ul> <li>You will implement and maintain observability solutions (metrics, logs, traces) and configure relevant logging sources (including security and PAM logs) to gain deep insights into system behavior, performance, and security events. </li><li>You will utilize detection and monitoring tools (like Dynatrace or similar platforms) to analyze system health, performance, and availability, proactively detect suspicious or malicious activity, and develop/maintain security, performance, and availability alerts, dashboards, and reporting. </li><li>With our team being Global, you will provide support and be a key participant in the investigation and response to and resolution of security and reliability incidents, applying SRE practices and focusing on minimizing Mean Time To Detect (MTTD) and Mean Time To Recover (MTTR). </li></ul> <ol start="5"> <li>Security, Reliability Strategy, and Compliance: </li></ol> <ul> <li>You will contribute to the overall cloud security and reliability strategy, specifically focusing on evolving our IAM and PAM posture in GCP to address emerging threats, business needs, and operational requirements. </li><li>You will ensure that our IAM/PAM configurations and practices meet internal security standards, reliability targets (SLOs/SLIs), and external compliance requirements (e.g., SOC 2, ISO 27001), assisting in providing necessary audit evidence from relevant systems. </li><li>You will research and evaluate new security and reliability technologies and approaches in the IAM/PAM space, understanding how different solutions compare and could potentially integrate or complement our existing setup. </li></ul> <ol start="6"> <li>Security & Reliability Collaboration and Knowledge Sharing: </li></ol> <ul> <li>You will share your security and reliability expertise for the ePAM platform, providing guidance and best practices to engineering, operations, and other teams. This includes helping teams understand secure credential handling, secure application interaction with GCP services, the importance of least privilege, and how these practices impact system reliability and performance across the different tools and platforms in use. </li><li>You will collaborate closely with other security teams, SRE teams, and platform owners to support a cohesive security and reliability strategy across potentially disparate systems. </li></ul> <ol start="7"> <li>System Health, Security Maintenance, and Improvement: </li></ol> <ul> <li>You will maintain the security health, operational health, and performance of our PAM Platform infrastructure and tools, primarily focused on GCP but understanding the health of integrated or related systems. </li><li>You will stay current with the latest GCP security features, evolving security best practices, and advancements in cloud reliability patterns and SRE practices relevant to identity and access management. You'll also keep abreast of developments in major enterprise PAM approaches and solutions generally. </li><li>You will continuously seek opportunities to improve our security posture and system reliability across the relevant systems. </li></ul> <ol start="8"> <li>Documentation: </li></ol> <ul> <li>You will create and maintain high-quality documentation, including security standards, risk assessments, architecture diagrams for access controls (detailing how different systems connect), system runbooks, operational procedures, and monitoring configurations for GCP and integrated PAM flows. </li></ul>