Job Description Position Overview/Description: A penetration testing / ethical hacking team is being created within Ford IT. Focus in the first year will be staffing of the team, building skills and required process definition. This position is meant for an experienced tester that can engage quickly and mentor team members with less experience. While a successful candidate will be asked to contribute to team growth in many ways, the primary focus will be technical; leading security assessments with little oversight. The role will focus on both internal testing, and supporting third party penetration testing efforts.
Responsibilities: + Scoping of penetration tests, use cases, and timing + Development of ‘rules of engagement’ with partners + Internal and external network penetration testing + Application testing, including black box, code reviews, and reverse engineering + Software development advisory + In-vehicle, network and software architecture reviews and guidance + Develop and communicate recommendations on findings remediation + Continuous improvement of testing processes and methodologies + Coordinate and function as a subject matter expert to third-party penetration testing efforts, as needed
Basic Qualifications: + Bachelor’s Degree in Computer Science or related technical field of study + 4+ years of professional experience in computer security, software development, or networking and systems administration + 2+ years experience in penetration testing
Preferred Qualifications: + Working knowledge of ISO27001 + CISSP certification + Deep experience in IP based networking + Strong encryption background + Threat Modeling experience + Advanced Web technology knowledge (i.e., HTTP, HTML, SQL) + Advanced knowledge of the detection, exploitation, and prevention of software vulnerabilities (i.e., SQL injection, XSS, buffer overflows) + Exceptional communication skills, both oral and written + Excellent self-tasking skills + Intermediate administration skills for Windows and/or Unix systems + For infrastructure-focused engagements: Intermediate TCP/IP networking knowledge (including networking architecture, device configuration, and operational practices) + For application-focused engagements: Intermediate software development knowledge (including programming languages, application architecture, and development processes + Broad Operating System knowledge + Previous Security Experience with Cellular Carriers + This role will span both traditional IP based infrastructure as well as in-vehicle technologies - working knowledge of vehicle-based security protocols is a big plus
The distance between imagination and … creation. It can be measured in years of innovation, or in moments of brilliance. When you join the Ford team discover all the benefits, rewards and development opportunities you’d expect from a diverse global leader. You’ll become part of a team that is already leading the way, with ingenious solutions and attainable products – and it is always ready to go further.
Candidates for positions with Ford Motor Company must be legally authorized to work in the United States on a permanent basis. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
Ford Motor Company is an equal opportunity employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status.