This position will be involved in developing/engineering SIEM/SOAR solutions across the current and future security portfolio, with a strong initial focus on Microsoft Sentinel. The ideal candidate should have experience configuring, managing, and optimizing Azure Sentinel to support a mature SOC. This role involves working closely with IT security teams to enhance our security posture while ensuring compliance with industry standards and best practices. **Responsibilities** + Manage all aspects of a SIEM/SOAR, including subscription management, query optimization, workbook/playbook management, analytic rules, and cost optimization. + Collaborating internally and across the organization in driving cloud adoption of security technologies. + Stay current with industry trends, best practices, and emerging technologies related to DevOps and cloud computing. + Extensive collaboration with technical and business facing stakeholders to engineer solutions which exceed customer expectations and drive significant business value. + Implement and monitor security standards across development, testing, and production environments. + Collaborate with Cloud operational & engineering teams to resolve deployment issues and ensure smooth operations. + Deploy, configure, and manage Azure Sentinel solutions for effective security monitoring and incident response. + Integrate Azure Sentinel with various data sources, native and non-native connectors, and Azure services to ensure comprehensive threat visibility across the organization. + Create and fine-tune analytics rules, workbooks, and playbooks to automate and improve threat detection and response processes. + Utilize futuristic tools, technology, and frameworks for enhancing business experience. + Participate in the development of a healthy product backlog, ensuring agile practices are followed. + Proactively identify opportunities to improve and automate existing technologies. + Support strategic vision for new infrastructure and systems by providing input on roadmaps/value maps in partnership with business stakeholders that aligns with the overall corporate strategy. + Support organizational wide Disaster Recovery and Business Continuity plans and strategy so the organization is prepared for potential events. + Support 24x7 security operations as needed. **Qualifications:** **Basic Qualifications:** + Bachelor’s degree in Computer Science, Cyber Security, or Information Systems. + 2+ years of proven hands-on experience with SIEM & SOAR, with a strong preference for Microsoft Sentinel. + Microsoft certifications such as: SC-200 and SC-100 + knowledge of Azure DevOps tools and services, including Azure Pipelines, Repos, Artifacts, and Boards. + Familiarity with threat intelligence platforms and cybersecurity frameworks such as NIST or MITRE ATT&CK. + 1+ year with engineering expertise with Full stack, hands-on expertise with infrastructure including IaC such as Terraform or ARM templates. + 1+ year of experience developing end-end using APIs and/or scripting languages such as Powershell, Python, YAML, JSON, NodeJS, etc. + 1+ year leading projects and implementations. + Proficiency in creating custom queries using Kusto Query Language (KQL). **Preferred Qualifications:** **Technical Skills:** + Understanding, with hands-on experience, of IT Security and Security Engineering technologies such as CASB, CSPM, Email Security Gateways, SIEM/SOAR, Endpoint Protection, EDR/XDR, DLP, etc. + Significant experience with security orchestration, automation, and response (SOAR) tools. + Technical knowledge of cloud platforms: Azure is strongly preferred. + Experience engineering reusable tools and self-service capabilities with automated infrastructure operations + Experience in creating frontend components that support accessibility + Proven experience in engineering solutions that improve the developer or user experience and productivity. + Hands-on experience setting up CI/CD pipelines. OpenShift Tekton, or GitHub Actions, or alike Knowledge of secure coding practices + Experience setting up serverless functions using GCP Cloud Run or Cloud functions, and configuring the respective cloud provider for scaling + Robust knowledge of system design principles including reliability, availability, and scalability + Understanding of security frameworks + Experience setting up logging and monitoring services (Dynatrace, GCP Ops Suites) + Proven ability to implement and prove out POCs with speed, vision and quality + Strong consulting and analytical skills and a risk management mindset **Other Skills:** + Demonstrates the ability to be highly collaborative with peers across the organization. + Possess a high tolerance for ambiguity and ever-changing technology environment. + Possess a strong bias for action. + Naturally curious and stays on top of emerging trends and threats. + interpersonal skills, with the ability to communicate effectively at all levels of the organization. + Familiarization with agile concepts. + Ability to thrive in working in a fast-paced, technologically forward-leaning environment and are not afraid to push the boundaries of security capabilities. + A sense of intellectual curiosity and a burning desire to learn. You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply! **Requisition ID** : 45081