Enterprise Cyber Advisor

NA

• Providing policy and risk-based consultation to enterprise customers ensuring a robust cybersecurity posture for applications and services hosted on-premises, private cloud or SaaS.
• Evaluate security vulnerabilities, assess risk, and implement solutions to defend against threats to enterprise assets
• Performing control assessment for critical enterprise assets and SaaS solutions to ensure Ford data is adequately secured. Help business owners to assess the security posture of Outside Service Providers
• Collaborate with other cyber services to provide best-in-class consultation and support to enterprise customers. 
• Reporting cyber security metrics by tracking key performance indicators (KPIs)
• Establishing robust engagement and communication channels to provide timely and quality response 

• Bachelor's degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
• Minimum of 2 years of professional experience in any of the following technical disciplines: software development and coding, application security, DevSecOps methodologies, identity and access management, cloud security, security operations and incident response.
• Candidate having 2-3 years of experience with IT skills (such as application development, infrastructure management) with no prior cyber security experience, but has desire for a career in IT security shall also apply.
• Knowledge of cyber security framework and industry standards (NIST CSF, ISO27001/2, OWASP, etc.), Threat Modeling and IT Risk Assessment
• Knowledge on best practices for IAM flows and grant types, OAuth2, OIDC and SAML standards
• Experience with API security best practices to protect sensitive data and services
• Knowledge with crypto algorithms and functions to build secure solutions
• Familiarity with common security flaws and ways to address them (e.g. OWASP Top 10)
• Knowledge of DevSecOps, agile principles, and security policies. 
• Assist teams in triaging and addressing security vulnerabilities

Experience Level

Mid Level