Cyber Defense Analyst

Cyber Defense Center Detection Analyst

This position is for a Cyber Defense Center (CDC) Detection Analyst specializing in initial threat triage. The role involves swiftly assessing and prioritizing security incidents to determine their severity and potential impact. You will be responsible for promptly identifying and investigating various threats, initiating timely response actions, and escalating to appropriate teams for further investigation and/or remediation.

Work Schedule & Location

Location: This role is hybrid, with on-site work in Southeast Michigan.

Standard Hours: Standard working hours are typically 8:00 AM – 5:00 PM ET.

Shift Lead Rotation: Candidates must be willing to support a Shift Lead rotation at least once per calendar quarter. During these weeks, the shift is 11:00 AM – 8:00 PM during Eastern Daylight Time (EDT) and 10:00 AM – 7:00 PM during Eastern Standard Time (EST).

Weekend Coverage: Candidates must be willing to work at least one weekend per calendar quarter as part of Shift Lead Rotation.

Responsibilities

Responsibilities:

• Perform initial triage and investigation of various security incidents to determine the impact on Ford, including phishing, malicious software, reconnaissance activities (probes/scans), data exfiltration, and policy violations.

  • Conduct daily analysis using a range of tools, including SIEM, EDR/XDR, SOAR, and Sandbox analysis platforms.

  • Investigate alerts across multi-cloud (Azure, GCP, AWS) and on-premises environments.

  • Collaborate with internal business units and technical teams to investigate and contain incidents.

• Respond to cybersecurity inquiries received from Ford personnel, providing clear guidance and risk assessment.

• Execute and maintain security playbooks and standard operating procedures (SOPs) to ensure consistent, repeatable, and efficient incident resolution.

• Effectively document investigation details for both technical peer review and non-technical stakeholders.

• Identify and map attacker Tools, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) to the MITRE ATT&CK framework to enhance future detection and prevention.

• Support Shift Lead rotation at least once per calendar quarter, managing escalations and team coordination.

• Monitor the global threat landscape and stay up-to-date with emerging cybersecurity trends to proactively improve Ford's security posture.

• Utilize AI-driven threat detection tools to enhance triage accuracy, reduce false positives, and accelerate the identification of emerging attack patterns.

Qualifications

Qualifications:

• Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related technical field (or equivalent professional experience).
• Professional Experience: 3+ years of experience in a Security Operations Center (SOC) or Cyber Defense Center (CDC), including:
  • Hands-on experience with SIEM platforms and EDR/XDR tools.
  • Performing data correlation and analysis of system logs (Firewall, Network Flow, IDS/IPS, and Operating System logs).
  • Incident handling and triage, including the resolution of escalations and clear communication during active security events.
• Foundational Knowledge: In-depth understanding of Operating Systems (Windows, Linux, Mac), network protocols (TCP/IP, DNS, and core infrastructure technologies.
• Soft Skills:
  • Ability to work in a fast-paced, high-stress environment with a strong sense of urgency and attention to detail.
  • Strong deductive reasoning, critical thinking, and prioritization skills.
  • Excellent oral and written communication skills—able to translate technical items into non-technical terms.
• Professionalism: High level of independent initiative, integrity, and a disciplined approach to adhering to procedures.

Preferred Qualifications:

• Cloud Security: 2+ years of experience with Google Cloud Platform (GCP) or Microsoft Azure, specifically analyzing cloud-native security logs.
• AI & Automation: Experience leveraging or tuning Artificial Intelligence (AI) and Machine Learning (ML) tools to improve threat detection or automate manual triage tasks.
• Scripting: Proficiency in scripting languages such as Python, PowerShell, Bash, or SQL to automate workflows or parse data.
• Ford Specifics: Familiarity with Ford's computing infrastructure and the Software Development Methodology (SDM).
• Certifications: Preferred industry credentials such as GIAC (GCIH, GCIA), CEH or CIISP.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!