Senior Software Engineer - PKI

Senior Software Engineer Specializing In Public Key Infrastructure (PKI) And Secure Api Services

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we're all a part of something bigger thanourselves. Are you ready to change the way the world moves?

The Product Cybersecurity PKI & Key Mgmt Security Services team generates, distributes, stores, and manages lifecycle for the cryptographic keys in the vehicle product ecosystem. This includes developing and maintaining in-house APIsand web services to provide confidentiality, integrity and authenticity protection for various use cases and features in the product ecosystem.

The Product Cybersecurity PKI & Key Mgmt Security Services team is directly engaged with the entire end-to-end solution for Vehicle Products and ecosystem, providing key management, PKI certificate lifecycle management and relative security services that support everything from ECU manufacturing to customer facing features.

In addition to managing the product ecosystem cryptographic keys, the team develops and maintains various security API services built on the foundation and usage of cryptographic keys – including vehicle secure messaging from cloud, software signing, UDS diagnostics, EV charging and more. Our infrastructure cloud and on-premises servers and hardware security modules (HSM) running our services and powering our product PKI.

Responsibilities

We are seeking an exceptional Senior Software Engineer specializing in Public Key Infrastructure (PKI) and secure API services to own the end-to-end lifecycle of mission-critical cryptographic systems. You will design, build, deploy, and maintain high-assurance PKI APIs that power certificate issuance, lifecycle management, revocation, and integration for enterprise and cloud-native environments. This is not a support or maintenance role. You will own products, drive architecture, interface directly with customers, and deliver production-grade systems that protect billions in digital assets. The ideal candidate is a world-class software engineer who treats code as craft, thrives in ambiguity, has a deep understanding of foundational cybersecurity strategies and algorithms, and builds trusted relationships with security architects and product development teams. Key responsibilities include:

• End-to-End Ownership: Lead the full lifecycle of PKI and Key Management API services supporting our vehicle products and ecosystem — lead customer requirements gathering, architecture design, implementation, testing, deployment, monitoring, and post-launch support.
• Design and develop RESTful APIs and web services that are robust, secure, and scalable for various features and use cases: CRL/OCSP, ACME, Certificate Issuance, message encryption/decryption, software signing, key rotation and certificate lifecycle management, HSM integration with PKCS11. Implement access control methods that enforce least privilege access principles using OAuth or mTLS.
• Cryptographic Engineering: Implement and harden PKI and key services with deep knowledge of PKI industry standards, X.509, PKCS standards, elliptic curve cryptography (ECC) and RSA, post-quantum readiness, and hardware security module CSP integration. Apply hybrid encryption techniques with AES. Define and enforce PKI certificate policies and certificate profiles.
• Secure Systems Architecture: Design fault-tolerant, highly available PKI services with zero-downtime issuance, disaster recovery, and multi-region replication.
• Infrastructure and CI/CD Integration: Release and Deploy your apps through build server, CI/CD pipeline, and infrastructure involving on-premises and cloud Kubernetes
• Security & Compliance: Monitor and address findings regularly in code base through SAST, DAST, software quality and security vulnerability scanning.
• Monitoring and Response: Actively assist in monitoring our systems and performing root cause analysis to address issues quickly. Implement robust application logging and integration with Splunk and security monitoring systems.
• Define and lead best practices for our software development process, perform code reviews, and mentor engineers while remaining hands-on in the codebase.
• Working with ECU embedded development teams to understand embedded architecture requirements and the best approach of key management for each ECU.
• Authoring and managing technical cybersecurity requirements and process documentation

Qualifications

You'll have...

• Bachelor's degree in Computer Science, Information Technology, OR a combination of education and experience

• 5+ years of experience and proficiency in software engineering and secure coding practices using object oriented programming, including C#/C++, Java, Python or related languages
• Experience and understanding of industry security standards and applying them in our software solutions and processes, including NIST, OWASP, and relevant ISO and IEEE standards.
• Strong knowledge and applicability of software architecture, development, methodologies and design principles including test-driven development
• Application of Identity and Access Management principles in software services
• Strong software testing skills that result in lasting quality solutions at scale
• Proficient version control of development and release branches in Git
• 3+ years of experience deploying and maintaining cloud infrastructure with Kubernetes or OpenShift, and managing database instances (SQL Postgres, Redis, MongoDB)
• 3+ years building, maintaining, and integrating with production PKI systems and supporting cryptographic interfaces.
• Strong knowledge of PKI and Key Management best practices
• Excellent understanding and application of cybersecurity algorithms, standards, and strategies including RSA, ECC, AES, X.509, PKCS#11, ACME, OCSP, CRL, HSM integration

Even better, you may have...

• CISSP or related cybersecurity certifications.
• Proven track record of owning customer-facing products from ideation to general acceptance, and flexibility to manage multiple projects and deliverables throughout lifecycle.
• Familiarity with in-vehicle network architecture, modules, and protocols are a plus.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply! As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, vision and prescription drug coverage

• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more

• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more

• Vehicle discount program for employees and family members and management leases

• Tuition assistance

• Established and active employee resource groups

• Paid time off for individual and team community service

• A generous schedule of paid holidays, including the week between Christmas and New Year's Day

• Paid time off and the option to purchase additional vacation time. For a detailed look at our benefits, click here:

This position is a range of salary grades 7-8.

Grade 7: $118,700 – $198,500Grade 8: $138,800 – $232,700

*Note: This is a hybrid role, you are expected to relocate if you are not within commutable distance, and responsible to be on site 4 days a week

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.#LI-Hybrid#AH1