We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger than ourselves. Are you ready to change the way the world moves?
The Product Cybersecurity PKI & Key Management Security Services team generates, distributes, stores, and manages lifecycle for the cryptographic keys in the vehicle product ecosystem. This includes developing and maintaining in-house APIs and web services to provide confidentiality, integrity and authenticity protection for various use cases and features in the product ecosystem.
The team is directly engaged with the entire end-to-end solution for Vehicle Products and ecosystem, providing key management, PKI certificate lifecycle management and relative security services that support everything from ECU manufacturing to customer facing features.
In addition to managing the product ecosystem cryptographic keys, the team develops and maintains various security API services built on the foundation and usage of cryptographic keys - including vehicle secure messaging from cloud, software signing, UDS diagnostics, EV charging and more. Our infrastructure cloud and on-premises servers and hardware security modules (HSM) running our services and powering our product PKI.
We are seeking an exceptional Senior Software Engineer specializing in Public Key Infrastructure (PKI), Key Management, and secure API services to own the end-to-end lifecycle of mission-critical cryptographic systems.
What you'll do...
End-to-End Ownership: Lead the full lifecycle of PKI and Key Management API services supporting our vehicle products and ecosystem - lead customer requirements gathering, architecture design, implementation, testing, deployment, monitoring, and post-launch support.
Design and develop RESTful APIs and web services that are robust, secure, and scalable for various features and use cases: CRL/OCSP, ACME, Certificate Issuance, message encryption/decryption, software signing, key rotation and certificate lifecycle management, HSM integration with PKCS11, CCC. Implement access control methods that enforce least privilege access principles using OAuth or mTLS.
Cryptographic Engineering: Implement and harden PKI and key services with deep knowledge of PKI industry standards, X.509, PKCS standards, elliptic curve cryptography (ECC) and RSA, post-quantum readiness, and hardware security module CSP integration. Apply hybrid encryption techniques with AES. Define and enforce PKI certificate policies and certificate profiles.
Secure Systems Architecture: Design fault-tolerant, highly available PKI services with zero-downtime issuance, disaster recovery, and multi-region replication.
Infrastructure and CI/CD Integration: Release and Deploy your apps through build server, CI/CD pipeline, and infrastructure involving on-premises and cloud Kubernetes
Security & Compliance: Monitor and address findings regularly in code base through SAST, DAST, software quality and security vulnerability scanning.
Monitoring and Response: Actively assist in monitoring our systems and performing root cause analysis to address issues quickly. Implement robust application logging and integration with Splunk and security monitoring systems.
Define and lead best practices for our software development process, perform code reviews, and mentor engineers while remaining hands-on in the codebase.
Working with ECU embedded development teams to understand embedded architecture requirements and the best approach of key management for each ECU.
Authoring and managing technical cybersecurity requirements and process documentation
You'll have...
Bachelor's degree in Computer Science or related OR a combination of education and experience
5+ years in proficiency of software engineering and secure coding practices using object oriented programming, including C#/C++, Java, .Net Standard
Strong knowledge and applicability of software architecture, development, methodologies and design principles including test-driven development
Outstanding software testing skills that results in lasting quality solutions that scale
Proficient version control of development and release branches in Git
Proven track record of owning customer-facing products from ideation to general acceptance, and flexibility to manage multiple projects and deliverables throughout lifecycle.
3+ years deploying and maintaining cloud infrastructure with Kubernetes or OpenShift, and managing database instances (SQL Postgres, Redis, MongoDB)
3+ years developing and maintaining production PKI systems and cryptographic APIs.
Experience and deep understanding of industry security standards and applying them in our software solutions and processes, including NIST, OWASP, and relevant ISO and IEEE standards.
Application of Identity and Access Management principles in software services across varying infrastructures, including OAuth, JWT, mTLS
Excellent understanding and application of cybersecurity algorithms, standards, and strategies including RSA, ECC, EdDSA, AES, TLS, X.509, PKCS#11, ACME, OCSP, CRL, HSM integration (Thales, YubiHSM, AWS CloudHSM, GCP KMS)
Strong knowledge of PKI and Key Management best practices.Ability to justify asymmetric vs symmetric keying strategies chosen.
Even better, you may have...
Familiarity with in-vehicle network architecture, modules, and protocols (CAN, embedded architecture) are a plus.
You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!
As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder...or all of the above? No matter what you choose, we offer a work life that works for you, including:
Immediate medical, dental, vision and prescription drug coverage
Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
Vehicle discount program for employees and family members and management leases
Tuition assistance
Established and active employee resource groups
Paid time off for individual and team community service
A generous schedule of paid holidays, including the week between Christmas and New Year's Day
Paid time off and the option to purchase additional vacation time.
For a detailed look at our benefits, click here:
https://fordcareers.co/GSR-HTHD
This position is a range of salary grades 7-8.
*Note: This is a hybrid role, you are expected to relocate if you are not within commutable distance, and responsible to be on site 4 days a week
Visa sponsorship is not available for this position.
Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.
We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.
LI-Hybrid
Requisition ID : 54826
