You will be pivotal in embedding security practices within our DevOps workflows, ensuring our systems are scalable, functional, and secure. You will be an integral part of the Dev Enablement Team, tasked with designing, implementing, and maintaining CI/CD pipelines using Tekton and Terraform (IaaC). Your role will involve close collaboration with Full Stack software engineers to refine our development processes, while actively engaging in hands-on development tasks to guarantee robust and secure applications. Additionally, you will provide technical leadership and expertise, guiding the team through complex troubleshooting activities to resolve issues efficiently and effectively.
Qualifications:
- Bachelor's degree in Computer Science, Engineering, or a related field.
- 5+ years of experience in DevOps or DevSecOps roles.
- Proficiency in CI/CD tools and practices, particularly Tekton.
- Strong experience with Terraform for Infrastructure as Code.
- Highly skilled in cloud computing.
- In-depth knowledge of security best practices and tools.
- Experience with containerization technologies (e.g., Docker, Kubernetes) including Architecture, Deployments, and statefulSets as well as Networking. It will be important to be capable to manage Kubernetes security concepts including RBAC, network policies, and secrets management.
- Excellent problem-solving skills and attention to detail.
- Strong communication and collaboration skills.
Preferred Qualifications:
- Certifications in relevant technologies (e.g., Certified Kubernetes Administrator, Terraform Associate).
- Experience with other CI/CD tools (e.g., Jenkins, GitLab CI).
- Familiarity with Google Cloud Platform (GCP) and other cloud platforms (e.g., AWS, Azure).
- Experience with cloud-native security tools and practices.
Skills:
- Cloud Run: Experience in deploying and managing containerized applications.
- PostgreSQL: Proficiency in database design, optimization, and management.
- Tekton: Knowledge of CI/CD pipelines and automation.
- Terraform: Expertise in infrastructure as code and cloud resource management.
- Java 17: Strong understanding of Java programming and its latest features.
- Spring Boot 3.x: Experience in building microservices and RESTful APIs.
- Jib: Familiarity with containerizing Java applications.
- GCP Cloud Logging & Monitoring: Skills in monitoring and logging cloud applications.
- Azure AD: Understanding of identity and access management.
- Artifact Registry: Experience in managing and securing container images.
- GCP Secret Manager: Knowledge of managing secrets and sensitive data.
- FOSSA: Familiarity with open-source license compliance.
- SonarQube: Proficiency in code quality and security analysis.
- Checkmarx: Skills in static application security testing.
- Chrunch: Experience with data processing and analytics.
DISCLAIMER
Ford Motor Company is an Equal Opportunity Employer, as we are committed with a diverse workforce, and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran and basis of disability.
Key Responsibilities:
Collaborate with Full Stack Engineers: Partner closely with software engineers to identify and implement security measures throughout the development lifecycle, ensuring secure coding practices and effective threat mitigation.
Hands-on Development: Actively engage in the development of applications, writing code, and implementing features using technologies such as Java 17, Spring Boot 3.x, and PostgreSQL.
CI/CD Pipeline Development: Design, develop, and maintain CI/CD pipelines using Tekton, automating the build, test, and deployment processes to enhance efficiency and reliability.
Infrastructure as Code (IaC): Implement and manage infrastructure using Terraform, including version control, automation, orchestration, and compliance testing to ensure robust and scalable environments.
Security Automation: Automate security controls, data protection, and vulnerability management within deployment pipelines using tools like Checkmarx and SonarQube to maintain high security standards.
Monitoring and Logging: Utilize GCP Cloud Logging and Monitoring to continuously monitor and improve the security posture of applications and infrastructure, ensuring proactive issue resolution.
Container Management: Manage containerized applications using Docker and Kubernetes, including architecture, deployments, statefulSets, and networking. Ensure Kubernetes security through RBAC, network policies, and secrets management.
Secret Management: Use GCP Secret Manager to securely manage sensitive data and secrets, maintaining confidentiality and integrity.
Artifact Management: Manage and secure container images using Artifact Registry, ensuring reliable and secure deployments.
Compliance and License Management: Ensure open-source license compliance using FOSSA, maintaining legal and ethical standards.
Security Assessments and Audits: Conduct regular security assessments, audits, and compliance checks to identify and mitigate potential vulnerabilities, ensuring continuous improvement.
Training and Documentation: Provide training and awareness on secure coding practices, document security procedures and policies, and communicate them effectively to the team to foster a culture of security.