Perform initial triage and investigation of various security incidents to determine the impact on Ford, including phishing, malicious software, reconnaissance activities (probes/scans), data exfiltration, and policy violations. Conduct daily analysis using a range of tools, including SIEM, EDR/ XDR, SOAR, and Sandbox analysis platforms. Investigate alerts across multi-cloud (Azure, GCP, AWS) and on-premises environments. Collaborate with internal business units and technical teams to investigate and contain incidents. Respond to cybersecurity inquiries received from Ford personnel, providing clear guidance and risk assessment. Execute and maintain security playbooks and standard operating procedures (SOPs) to ensure consistent, repeatable, and efficient incident resolution. Effectively document investigation details for both technical peer review and non-technical stakeholders. Identify and map attacker Tools, Techniques, and Procedures (TT - Ps) and Indicators of Compromise (IO - Cs) to the MITRE ATT&CK framework to enhance future detection and prevention. Support Shift Lead rotation at least once per calendar quarter, managing escalations and team coordination. Monitor the global threat landscape and stay up-to-date with emerging cybersecurity trends to proactively improve Ford’s security posture. Utilize AI-driven threat detection tools to enhance triage accuracy, reduce false positives, and accelerate the identification of emerging attack patterns. Qualifications: Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related technical field (or equivalent professional experience). Professional Experience: 3 years of experience in a Security Operations Center (SOC) or Cyber Defense Center (CDC), including: Hands-on experience with SIEM platforms and EDR/ XDR tools. Performing data correlation and analysis of system logs (Firewall, Network Flow, IDS/ IPS, and Operating System logs). Incident handling and triage, including the resolution of escalations and clear communication during active security events. Foundational Knowledge: In-depth understanding of Operating Systems (Windows, Linux, Mac), network protocols (TCP/ IP, DNS, HTTP), and core infrastructure technologies. Soft Skills: Ability to work in a fast-paced, high-stress environment with a strong sense of urgency and attention to detail. Strong deductive reasoning, critical thinking, and prioritization skills. Excellent oral and written communication skills—able to translate technical items into non-technical terms. Professionalism: High level of independent initiative, integrity, and a disciplined approach to adhering to procedures. Preferred Qualifications:Cloud Security: 2 years of experience with Google Cloud Platform (GCP) or Microsoft Azure, specifically analyzing cloud-native security logs. AI & Automation: Experience leveraging or tuning Artificial Intelligence (AI) and Machine Learning (ML) tools to improve threat detection or automate manual triage tasks. Scripting: Proficiency in scripting languages such as Python, PowerShell, Bash, or SQL to automate workflows or parse data. Ford Specifics: Familiarity with Ford’s computing infrastructure and the Software Development Methodology (SDM). Certifications: Preferred industry credentials such as GIAC (GCIH, GCIA), CEH or CIISP.