Senior Software Engineer - PKI

Join to apply for the Senior Software Engineer - PKI role at Ford Motor Company

Warren, MI $-$

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world – together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves?

The Product Cybersecurity PKI & Key Management Security Services team generates, distributes, stores, and manages lifecycle for the cryptographic keys in the vehicle product ecosystem. This includes developing and maintaining in‑house APIs and web services to provide confidentiality, integrity and authenticity protection for various use cases and features in the product ecosystem.

The team is directly engaged with the entire end‑to‑end solution for Vehicle Products and ecosystem, providing key management, PKI certificate lifecycle management and relative security services that support everything from ECU manufacturing to customer facing features.

In addition to managing the product ecosystem cryptographic keys, the team develops and maintains various security API services built on the foundation and usage of cryptographic keys – including vehicle secure messaging from cloud, software signing, UDS diagnostics, EV charging and more. Our infrastructure cloud and on‑premises servers and hardware security modules (HSM) run our services and power our product PKI.

We are seeking an exceptional Senior Software Engineer specializing in Public Key Infrastructure (PKI), Key Management, and secure API services to own the end‑to‑end lifecycle of mission‑critical cryptographic systems.

• End‑to‑End Ownership:
  Lead the full lifecycle of PKI and Key Management API services supporting our vehicle products and ecosystem — lead customer requirements gathering, architecture design, implementation, testing, deployment, monitoring, and post‑launch support.
• Design and develop RESTful APIs and web services that are robust, secure, and scalable for various features and use cases: CRL/OCSP, ACME, Certificate Issuance, message encryption/decryption, software signing, key rotation and certificate lifecycle management, HSM integration with PKCS#11, CCC. Implement access control methods that enforce least privilege access principles using OAuth or mTLS.
• Cryptographic Engineering:
  Implement and harden PKI and key services with deep knowledge of PKI industry standards, X.509, PKCS standards, elliptic curve cryptography (ECC) and RSA, post‑quantum readiness, and hardware security module CSP integration. Apply hybrid encryption techniques with AES. Define and enforce PKI certificate policies and certificate profiles.
• Secure Systems Architecture:
  Design fault‑tolerant, highly available PKI services with zero‑downtime issuance, disaster recovery, and multi‑region replication.
• Infrastructure and CI/CD Integration:
  Release and Deploy your apps through build server, CI/CD pipeline, and infrastructure involving on‑premises and cloud Kubernetes.
• Security & Compliance:
  Monitor and address findings regularly in code base through SAST, DAST, software quality and security vulnerability scanning.
• Monitoring and Response:
  Actively assist in monitoring our systems and performing root cause analysis to address issues quickly. Implement robust application logging and integration with Splunk and security monitoring systems.
• Define and lead best practices for our software development process, perform code reviews, and mentor engineers while remaining hands‑on in the codebase.
• Work with ECU embedded development teams to understand embedded architecture requirements and the best approach of key management for each ECU.
• Author technical cybersecurity requirements and process documentation.

• Bachelor's degree in Computer Science or related OR a combination of education and experience.
• 5+ years in proficiency of software engineering and secure coding practices using object‑oriented programming, including C#, C++, Java, .Net Standard.
• Strong knowledge and applicability of software architecture, development, methodologies and design…