Senior Software Engineer - PKI at Ford Global Career Site

Dearborn, Michigan, United States -

Full Time

Start Date

Immediate

Expiry Date

09 Mar, 26

Salary

0.0

Posted On

09 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

PKI, Key Management, API Development, RESTful APIs, Cryptographic Engineering, Security Standards, OAuth, mTLS, HSM Integration, CI/CD, Disaster Recovery, Monitoring, Code Reviews, Embedded Architecture, Technical Documentation, Software Development

Industry

Motor Vehicle Manufacturing

Description

End-to-End Ownership: Lead the full lifecycle of PKI and Key Management API services supporting our vehicle products and ecosystem — lead customer requirements gathering, architecture design, implementation, testing, deployment, monitoring, and post-launch support. Design and develop RESTful APIs and web services that are robust, secure, and scalable for various features and use cases: CRL/OCSP, ACME, Certificate Issuance, message encryption/decryption, software signing, key rotation and certificate lifecycle management, HSM integration with PKCS11, CCC. Implement access control methods that enforce least privilege access principles using OAuth or mTLS. Cryptographic Engineering: Implement and harden PKI and key services with deep knowledge of PKI industry standards, X.509, PKCS standards, elliptic curve cryptography (ECC) and RSA, post-quantum readiness, and hardware security module CSP integration. Apply hybrid encryption techniques with AES. Define and enforce PKI certificate policies and certificate profiles. Secure Systems Architecture: Design fault-tolerant, highly available PKI services with zero-downtime issuance, disaster recovery, and multi-region replication. Infrastructure and CI/CD Integration: Release and Deploy your apps through build server, CI/CD pipeline, and infrastructure involving on-premises and cloud Kubernetes Security & Compliance: Monitor and address findings regularly in code base through SAST, DAST, software quality and security vulnerability scanning. Monitoring and Response: Actively assist in monitoring our systems and performing root cause analysis to address issues quickly. Implement robust application logging and integration with Splunk and security monitoring systems. Define and lead best practices for our software development process, perform code reviews, and mentor engineers while remaining hands-on in the codebase. Working with ECU embedded development teams to understand embedded architecture requirements and the best approach of key management for each ECU. Authoring and managing technical cybersecurity requirements and process documentation Established and active employee resource groups Bachelor's degree in Computer Science or related OR a combination of education and experience Proficient version control of development and release branches in Git Experience and deep understanding of industry security standards and applying them in our software solutions and processes, including NIST, OWASP, and relevant ISO and IEEE standards. Ability to justify asymmetric vs symmetric keying strategies chosen. Familiarity with in-vehicle network architecture, modules, and protocols (CAN, embedded architecture) are a plus. https://fordcareers.co/GSR-HTHD This position is a range of salary grades 7-8. Note: This is a hybrid role, you are expected to relocate if you are not within commutable distance, and responsible to be on site 4 days a week Visa sponsorship is not available for this position. Verification of employment eligibility will be required at the time of hire. We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660. LI-Hybrid

Responsibilities

Lead the full lifecycle of PKI and Key Management API services, including customer requirements gathering, architecture design, implementation, testing, deployment, and post-launch support. Design and develop robust, secure, and scalable RESTful APIs and web services for various features and use cases.