Cyber Defense Response Analyst (AI & Automation Focus)

Role Overview This position is for a Cyber Defense Response Analyst & AI Developer with a primary focus on architecting and deploying agentic AI tools to proactively identify and remediate suspicious activity across cloud, network, and host-based environments. This role serves as a critical bridge between traditional incident response and advanced security engineering by developing Agentic AI workflows and conducting AI-driven threat hunting and incident investigation.

Impact and Scope As a Response Analyst, you will provide proactive and reactive security services to safeguard Ford’s technology, infrastructure, applications, and data. You will develop autonomous agents designed to analyze massive, complex datasets to identify "weak signals" and stealthy adversary behaviors that traditional SIEM and EDR tools often miss. The scope of this role encompasses all Ford Motor Company assets, including subsidiaries and joint ventures worldwide.

Candidate Profile Successful candidates must demonstrate a deep interest in computer forensics or penetration testing, supported by a proven track record in proactive threat hunting or AI/ML-enhanced security operations. You should possess significant technical depth across cloud, network, or host architectures, with the specialized ability to build autonomous agents that measurably enhance the Cyber Defense Center’s (CDC) investigative capabilities.

Leadership and Culture Essential leadership behaviors include strong oral and written communication skills, a collaborative team-first mindset, and a high level of personal integrity. You will be expected to translate complex AI concepts into actionable security outcomes while mentoring peers on emerging automated defense techniques.

Work Schedule Candidates must be willing to work a Hybrid schedule, currently requiring 4 days per week in-office at our southeast Michigan metro area location.

• Agentic SOC AI Development: Design, develop, and deploy autonomous AI agents to automate complex threat hunting tasks, alert triage, and incident investigations. 
• AI Threat Hunting: Execute hypothesis-driven hunting campaigns using AI/ML to identify anomalies, lateral movement, and "living-off-the-land" techniques across enterprise datasets. 
• Automated Detection Engineering: Transform manual hunt findings and AI-generated insights into durable, automated detection rules and LLM-orchestrated response playbooks. 
• Incident Investigation & Response: Lead coordinated responses to major intrusions, phishing, and misuse of computing facilities using EDR, SIEM, and Cloud logs to minimize asset loss and threat propagation. 
• Cross-Domain Correlation: Build and maintain RAG (Retrieval-Augmented Generation) systems and agents that correlate telemetry across endpoint, network, identity, and cloud environments. 
• Operational Excellence: Develop consistent and repeatable methods to resolve security incidents, ensuring high-quality results are delivered in a timely manner. 
• Continuous Improvement: Identify and incorporate IT security improvement opportunities, replacing manual, repetitive procedures with agentic workflows to reduce MTTD and MTTR. 
• Compliance & Governance: Ensure all incident response and data handling activities enable compliance with global laws, regulations, and due diligence requirements. 
• Enterprise Collaboration: Leverage enterprise-wide skill sets and collaborate with global stakeholders to handle high-visibility or large-scale security events. 
• Mentorship & Leadership: Mentor junior and peer analysts in proper incident handling techniques and the adoption of emerging AI-driven hunting and forensic tools.