DevSecOps engineer at Ford ensuring secure software development and compliance with security standards. Collaborating with teams to embed security practices and assess vulnerabilities in software delivery.
About the role
- Cyber Security Engineer working with product teams to embed security in development lifecycle. Design, implement, and manage security controls across cloud infrastructure and application architectures.
Responsibilities
- Partner with product engineering teams to embed security practices into the software development lifecycle, from design through deployment.
- Define and maintain security patterns for common platform components (APIs, services, identity, secrets, data storage).
- Provide actionable remediation guidance for engineering teams, aligned to business risk and delivery timelines.
- Manage and triage findings across: SAST / SCA Container and artifact scanning Secret scanning DAST (where applicable) Malware Cloud security posture and configuration findings.
- Drive consistent risk scoring, prioritization, and remediation tracking aligned to SLAs.
- Validate fixes through testing and evidence-driven verification.
- Integrate security tooling and controls into CI/CD pipelines with a focus on automation and developer usability.
- Improve pipeline outcomes by reducing false positives and creating security guardrails that scale.
- Build automation and scripts for security testing, enforcement, metrics, and reporting.
- Assess and advise on security controls for: IAM and access policies Network segmentation and security groups Encryption and key management Logging and monitoring.
- Assist in root cause analysis and drive remediation actions that prevent recurrence.
- Contribute to security standards, runbooks, and operational readiness.
Requirements
- 7+ years in security or IT roles.
- 3+ years of hands-on experience in cybersecurity engineering, product security, DevSecOps, or secure platform engineering.
- Strong understanding of common application security risks and mitigations (OWASP Top 10, secure coding patterns).
- Experience integrating security scanning into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps, etc.).
- Working knowledge of cloud security fundamentals (AWS, Azure, or GCP).
- Experience in at least one scripting/programming language (Python, Go, Java, JavaScript/TypeScript, or similar).
- Ability to communicate security risk clearly and pragmatically to engineering teams and technical leadership.
Benefits
- Health & Wellbeing
- Personal & Professional Development
- Unconditional Inclusion
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Security Officer responsible for ensuring safety and security at the Genesee Brewing Company. Monitoring premises, responding to emergencies, and providing visitor assistance during shifts.
Security Estimator creating estimates and proposals for security projects at LINX. Collaborating with engineering and sales teams for system design and client relationships.
Product Security Architect at Expedia designing secure architecture for services and APIs. Collaborating with teams to guide secure practices and integrate AI - driven solutions.
IT Security Officer overseeing information security for a specific IT sector at Desjardins. Collaborating with cross - sector teams and managing information security risks and vulnerabilities.
Associate, Information Security professional at Santander focusing on Vulnerability Management and network security exposure. Collaborating with teams to enhance security posture and manage technology risks.
IAM Security & Technology Governance person driving IAM technical program with cutting - edge technology to improve security posture at MUFG. Manage IAM requirements, standards, governance and solutions across global implementation.
Senior Analyst in Mastercard's newly created Vocalink Control Office supporting control testing across Security domains. Ensuring a strong control environment and identifying gaps for improvement.
Senior Analyst focusing on Information Security and Compliance at Cirque du Soleil. Engaging in threat analysis and improvement of security tools and processes, within a creative company culture.
Security Architect designing and implementing cybersecurity architectures for UK Defence projects. Collaborating with stakeholders to safeguard client data against cyber threats.