Cyber Defense Analyst

Job Description

Position Duties This position is for a Cyber Defense Center (CDC) Detection Analyst specializing in initial threat triage. The role involves swiftly assessing and prioritizing security incidents to determine their severity and potential impact. You will be responsible for promptly identifying and investigating various threats, initiating timely response actions, and escalating to appropriate teams for further investigation and/or remediation.

Work Schedule & Location

• Location: This role is hybrid, with on-site work in Southeast Michigan.
• Standard Hours: Standard working hours are typically 8:00 AM - 5:00 PM ET.
• Shift Lead Rotation: Candidates must be willing to support a Shift Lead rotation at least once per calendar quarter. During these weeks, the shift is 11:00 AM - 8:00 PM during Eastern Daylight Time (EDT) and 10:00 AM - 7:00 PM during Eastern Standard Time (EST).
• Weekend Coverage: Candidates must be willing to work at least one weekend per calendar quarter as part of Shift Lead Rotation.

Responsibilities

Responsibilities:

• Perform initial triage and investigation of various security incidents to determine the impact on Ford, including phishing, malicious software, reconnaissance activities (probes/scans), data exfiltration, and policy violations.
  
  • Conduct daily analysis using a range of tools, including SIEM, EDR/XDR, SOAR, and Sandbox analysis platforms.
  • Investigate alerts across multi-cloud (Azure, GCP, AWS) and on-premises environments.
  • Collaborate with internal business units and technical teams to investigate and contain incidents.
• Respond to cybersecurity inquiries received from Ford personnel, providing clear guidance and risk assessment.
• Execute and maintain security playbooks and standard operating procedures (SOPs) to ensure consistent, repeatable, and efficient incident resolution.
• Effectively document investigation details for both technical peer review and non-technical stakeholders.
• Identify and map attacker Tools, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) to the MITRE ATT&CK framework to enhance future detection and prevention.
• Support Shift Lead rotation at least once per calendar quarter, managing escalations and team coordination.
• Monitor the global threat landscape and stay up-to-date with emerging cybersecurity trends to proactively improve Ford's security posture.
• Utilize AI-driven threat detection tools to enhance triage accuracy, reduce false positives, and accelerate the identification of emerging attack patterns.

Qualifications

Qualifications:

• Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related technical field (or equivalent professional experience).
• Professional Experience: 3+ years of experience in a Security Operations Center (SOC) or Cyber Defense Center (CDC), including:
  • Hands-on experience with SIEM platforms and EDR/XDR tools.
  • Performing data correlation and analysis of system logs (Firewall, Network Flow, IDS/IPS, and Operating System logs).
  • Incident handling and triage, including the resolution of escalations and clear communication during active security events.
• Foundational Knowledge: In-depth understanding of Operating Systems (Windows, Linux, Mac), network protocols (TCP/IP, DNS, and core infrastructure technologies.
• Soft Skills:
  • Ability to work in a fast-paced, high-stress environment with a strong sense of urgency and attention to detail.
  • Strong deductive reasoning, critical thinking, and prioritization skills.
  • Excellent oral and written communication skills-able to translate technical items into non-technical terms.
• Professionalism: High level of independent initiative, integrity, and a disciplined approach to adhering to procedures.

Preferred Qualifications :

• Cloud Security: 2+ years of experience with Google Cloud Platform (GCP) or Microsoft Azure, specifically analyzing cloud-native security logs.
• AI & Automation: Experience leveraging or tuning Artificial Intelligence (AI) and Machine Learning (ML) tools to improve threat detection or automate manual triage tasks.
• Scripting: Proficiency in scripting languages such as Python, PowerShell, Bash, or SQL to automate workflows or parse data.
• Ford Specifics: Familiarity with Ford's computing infrastructure and the Software Development Methodology (SDM).
• Certifications: Preferred industry credentials such as GIAC (GCIH, GCIA), CEH or CIISP.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder...or all of the above? No matter what you choose, we offer a work life that works for you, including:
• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year's Day
• Paid time off and the option to purchase additional vacation time.

This position is a salary grade 7-8 and ranges from $99,600-$192,900.


Final determination of salary grade will be based on candidate's skills and experience, and base salary will be set within the applicable range according to job scope, responsibility and competitive market value.

For more information on salary and benefits, click here:

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call View phone number on click.appcast.io.

This position is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week.

#LI-Hybrid

#LI-GR1

About Us

At Ford Motor Company, we believe freedom of movement drives human progress. With our incredible plans for the future of mobility, we have a wide variety of opportunities for you to accelerate your career and help us define tomorrow's transportation.

About the Team

We believe that freedom of movement drives human progress. Ford Information Technology (IT) is shaping the future of mobility by redefining the transportation landscape, enhancing the customer experience and improving people's lives. Join the Ford family as we change the way the world moves.