New The Skills of Tomorrow: how AI-exposed is every skill in 2026? See the data →
Ford Motor Company

Cyber Defense Response Analyst (AI & Automation Focus)

Ford Motor Company
Apply →
hybrid senior full-time $85,400-$192,900 Dearborn

First indexed 5 May 2026

Description

This position is for a Cyber Defense Response Analyst & AI Developer with a primary focus on architecting and deploying agentic AI tools to proactively identify and remediate suspicious activity across cloud, network, and host-based environments.

As a Response Analyst, you will provide proactive and reactive security services to safeguard Ford’s technology, infrastructure, applications, and data. You will develop autonomous agents designed to analyze massive, complex datasets to identify "weak signals" and stealthy adversary behaviors that traditional SIEM and EDR tools often miss.

The scope of this role encompasses all Ford Motor Company assets, including subsidiaries and joint ventures worldwide.

Successful candidates must demonstrate a deep interest in computer forensics or penetration testing, supported by a proven track record in proactive threat hunting or AI/ML-enhanced security operations.

Essential leadership behaviours include strong oral and written communication skills, a collaborative team-first mindset, and a high level of personal integrity.

You will be expected to translate complex AI concepts into actionable security outcomes while mentoring peers on emerging automated defense techniques.

The responsibilities of this role include:

  • Agentic SOC AI Development: Design, develop, and deploy autonomous AI agents to automate complex threat hunting tasks, alert triage, and incident investigations.
  • AI Threat Hunting: Execute hypothesis-driven hunting campaigns using AI/ML to identify anomalies, lateral movement, and "living-off-the-land" techniques across enterprise datasets.
  • Automated Detection Engineering: Transform manual hunt findings and AI-generated insights into durable, automated detection rules and LLM-orchestrated response playbooks.
  • Incident Investigation & Response: Lead coordinated responses to major intrusions, phishing, and misuse of computing facilities using EDR, SIEM, and Cloud logs to minimize asset loss and threat propagation.
  • Cross-Domain Correlation: Build and maintain RAG (Retrieval-Augmented Generation) systems and agents that correlate telemetry across endpoint, network, identity, and cloud environments.
  • Operational Excellence: Develop consistent and repeatable methods to resolve security incidents, ensuring high-quality results are delivered in a timely manner.
  • Continuous Improvement: Identify and incorporate IT security improvement opportunities, replacing manual, repetitive procedures with agentic workflows to reduce MTTD and MTTR.
  • Compliance & Governance: Ensure all incident response and data handling activities enable compliance with global laws, regulations, and due diligence requirements.
  • Enterprise Collaboration: Leverage enterprise-wide skill sets and collaborate with global stakeholders to handle high-visibility or large-scale security events.
  • Mentorship & Leadership: Mentor junior and peer analysts in proper incident handling techniques and the adoption of emerging AI-driven hunting and forensic tools.

The qualifications for this role include:

  • Cybersecurity or Threat Hunting Experience: 2+ years of experience in Cybersecurity, with a specific focus on Threat Hunting, SOC operations, Incident Response, or Red Teaming/Penetration Testing.
  • AI/ML for Security: Proven experience applying machine learning or statistical analysis to large-scale security telemetry, including logs, endpoint data, network traffic, and cloud events.
  • Programming Proficiency: Advanced Python skills with demonstrated experience building security automation, data correlation scripts, and interacting with LLM APIs.
  • Technical Depth: Sound understanding of TCP/IP, networking concepts, and adversary tactics, techniques, and procedures (TTPs) mapped to the MITRE ATT&CK and MITRE ATLAS frameworks.
  • Operating System Expertise: Thorough knowledge of multiple operating systems, with primary proficiency in Linux and secondary proficiency in either Mac or Windows.
  • Critical Thinking & Analysis: Strong deductive reasoning and problem-solving skills, with the ability to form and test complex hunt hypotheses and prioritize tasks under pressure.
  • Operational Discipline: Experience working in a fast-paced, high-stress environment with a disciplined approach to following detailed processes, procedures, and documentation.
  • Tool & Process Development: Experience assisting in the development and maintenance of security tools, standard operating procedures (SOPs), and technical documentation.
  • Communication & Service: Excellent customer service skills, including the ability to handle escalations, manage incident communications, and resolve complex security issues.
  • Professional Integrity & Initiative: Demonstrated high level of independent initiative, drive for results, and personal integrity.
  • Operational Flexibility: Personal flexibility to accommodate a day-to-day work schedule that may require significant overtime or limited travel during global or high-visibility incidents.

This position is a salary grade 6-8 and ranges from $85,400-$192,900.

This listing is enriched and indexed by YubHub. To apply, use the employer's original posting: https://efds.fa.em5.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/63110