Motorola Solutions

Senior Software Security Engineer

Motorola Solutions$100K — $130K *
Vancouver, BC V5K 5J9In-Person
Information Technology
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 7+ years of experience in Security Engineering focused on product/application security.
  • Bachelor's degree in Computer Science, Information Security, or related field.
  • In-depth knowledge of Linux and Docker orchestration techniques, including Kubernetes.
  • Significant software development experience; proficiency in Go, Typescript/Javascript, C/C++, Python, and Bash is desirable.
  • Exceptional analytical and investigative skills, with hands-on root cause analysis experience.

Responsibilities

  • Perform threat modeling, risk assessments, and architecture reviews to identify and mitigate risk.
  • Support engineering teams with detailed security requirements for compliance and best practices.
  • Conduct security code reviews to identify vulnerabilities.
  • Define and oversee deployment of security testing tools in CI pipelines.
  • Triage findings from automated security scanning tools and validate vulnerabilities.
  • Establish secure coding standards and implement security practices in CI/CD pipelines.
  • Support incident response processes and conduct post-incident analysis.

Benefits

  • Work in a high-growth technology environment or SaaS business.
  • Opportunity to establish and influence best security practices.
  • Access to advanced security tools and technology.
  • Collaboration with engineering and compliance teams on critical security issues.
Full Job Description
Department Overview
The Senior Software Security Engineer will be responsible for analyzing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC).
Job Description

Responsibilities:
Security Design and Implementation
  • Perform threat modeling, risk assessments, and architecture reviews to identify and mitigate risk.
  • Support the engineering teams on detailed security requirements to meet compliance requirements and industry best practices.
  • Perform security code reviews looking for potential security vulnerabilities.
  • Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters.


Security Testing
  • Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations.
  • Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools.
  • Manual penetration testing of web applications (backend and frontend).Manual penetration testing skills in the domains of cloud infrastructure, embedded/OS or mobile are desirable.
  • Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls.
  • Recommend improvements to existing security scanning tools and processes, and propose new ones.


Vulnerability Management
  • Triage the findings from the automated security scanning tools.
  • Validate potential security vulnerabilities to determine whether they are actual true positives, or false positives (i.e. non-applicable) in the product context. Write proof of concept exploits when necessary to achieve this.
  • Assess the risk of vulnerabilities and threats in order to help the business determine their remediation priority order.
  • Communicate the identified security issues to engineering and compliance stakeholders, and manage them throughout the SDLC process to ensure they are properly addressed.

SDLC and DevSecOps Integration
  • Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams.
  • Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing DevSecOps principles and practices to increase automation.
  • Implement automated security controls as part of CI/CD pipelines.


Incident Response and Compliance
  • Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies.
  • Define clear criteria and protocols for security incident response.
  • Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reoccurring, and refine response strategies.
  • Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections.
  • Ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST).


Qualifications:
Experience and Education
  • 7+ years of experience in Security Engineering with a focus on product security and/or application security.
  • Bachelor's degree in Computer Science, Information Security, or a related technical field.


Technical Skills
  • In-depth knowledge of Linux and Docker container-based infrastructures, including their orchestration (e.g. Kubernetes).
  • Working knowledge of techniques, standards, and state-of-the-art authentication and authorization technologies, applied cryptography, security vulnerabilities and remediations.
  • Significant software development experience. Experience in Go (our main backend language), Typescript/Javascript, C/C++, Python and Bash is desirable.
  • Working knowledge of web-related protocols and technologies (HTTP, REST APIs, DOM, CSP), networking protocols (IP, TCP, UDP), and security protocols (TLS).
  • Experience in performing threat modeling, with a good grasp of common threat vectors and frameworks.
  • Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls, OWASP ASVS and Testing Guides.
  • Familiarity with industry-standard security frameworks such as OWASP and NIST.
  • Experience with security tools such as SAST, DAST, IAST, and SCA.
  • Exceptional analytical and investigative skills, with hands-on experience in root cause analysis.
  • Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities.
  • Experience with CI/CD pipeline, security tools integration, and secure SDLC.
  • Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud), and on best practices on how to secure cloud environments.


Desirable Qualifications:
Advanced Expertise
  • Familiarity with security considerations for AI/ML systems is desirable.
  • Understanding of distributed systems design, implementation and operation.
  • Understanding of privacy threats and controls, including on how to adapt generic best practices to specific scenarios in the product by providing detailed specifications to stakeholders.
  • Exploit development experience, and good understanding of the necessary conditions to trigger different vulnerability types, and the maximum impact achievable.
  • Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery).


Education and Certifications
  • Master's degree or equivalent experience preferred.
  • Security certifications are a plus, including OSCP, OSEE, SANS/GIAC, CCSP, and CISSP.


Soft Skills and Leadership
  • Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders.
  • Demonstrated ability to design, document, and implement new security processes.
  • Experience in a high-growth technology environment or SaaS business.
  • Ability to remain calm under pressure, especially during incidents or audits.


Basic Requirements
  • Bachelors Degree
  • 5+ year of experience in security Engineering


Travel Requirements
Under 10%
Relocation Provided
None
Position Type
Experienced
Referral Payment Plan
Yes

About Motorola Solutions

Motorola provides products, technologies, and services for mobile, wireline digital communication, information, and entertainment applications. Its product portfolio includes smartphones operating on the Android operating system, feature phones, media tablet devices, wireless accessories, and more. Its range of smartphone products includes the Moto X first generation, Moto X second generation, Moto G first generation, Moto G second generation, and more. It is also the manufacturer of Moto 360, a smartwatch that provides services such as notifications, updates, and other related features. It also provides monitors, cordless phones, applications, and accessories such as cases, wireless headsets, wireless speakers, and more. In addition, it provides multimedia content, including video, voice, messaging, and cloud-based and Internet-based applications and services to multiple screens such as mobile devices, televisions, media tablets, and personal computers. Its Medios service platform enables service providers to deliver content on devices. Motorola is based in Chicago, Illinois. It primarily sells its products in the United States, China, Brazil, and Singapore. Motorola currently operates as a subsidiary of Google Inc.

Motorola Solutions Careers

Join the dynamic team at Motorola Solutions today and be part of a company renowned for its relentless innovation, leadership in technology, and a commitment to professional excellence. As a global leader in communications and electronics, Motorola Solutions offers unparalleled job opportunities designed to empower your career growth and development. Work You’ll Do At Motorola Solutions, you will collaborate with a diverse team of experts who are at the forefront of technological innovation and public safety solutions. Our work impacts lives, ensuring safety and security for communities around the world. You will be part of a culture that values diversity, equity, and inclusion, and where every team member’s contribution is valued. Lead in Innovation and Technology Motorola Solutions is not just about radios and hardware; we are at the cutting edge of software solutions, AI, and data analytics. By joining our team, you will work on groundbreaking projects that redefine how public safety communicates in the digital age. Your work will help develop smart solutions that keep people safe and businesses thriving. Grow Your Career With Motorola Solutions, your career trajectory is boundless. We offer a variety of professional development and leadership training programs to help you hone your skills and advance within the company. From internships to full-time positions, Motorola Solutions is committed to nurturing talent and fostering an environment where innovation thrives. Benefits and Culture Our employees enjoy a competitive package of benefits that supports their life and well-being. These include health, vision, and dental insurance, employee assistance programs, and flexible working arrangements. At Motorola Solutions, we believe in maintaining a work-life balance that fosters both personal and professional growth. Join Our Team Explore the numerous employment opportunities at Motorola Solutions. Whether you are a seasoned professional or a recent graduate, we have positions ranging from engineering to marketing, sales to project management. We are hiring individuals who are passionate, curious, and ready to drive change. Networking and Professional Development Motorola Solutions values networking and connections within the industry. We encourage our employees to engage in various professional groups and forums to enhance their networking skills and industry knowledge. This engagement is pivotal in fostering a collaborative environment and sparking innovation within our teams. Internship Programs Our internship programs offer a robust introduction to the world of public safety solutions and communications technology. Interns at Motorola Solutions gain hands-on experience, working alongside seasoned professionals and participating in projects that make real-world impacts. Stay Connected Join the Motorola Solutions career community to stay updated on new job openings, company news, and industry developments. Tailor your job search with our career tools and get tips on crafting the perfect resume and acing your interview. Search Motorola Solutions Jobs Ready to start your journey with Motorola Solutions? Search open positions that match your skills and interests. We are looking for individuals who are driven, creative, and ready to make a difference. Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work here. Job Alert Emails Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities that await at Motorola Solutions.
Learn more about Motorola Solutions
Size
18,700 employees
Market Cap
$42.7 billion
Industry
Telecommunications & Hardware
Net Income
$949 million
Founded
1928
5 Year Trend
+6.2%
Revenue
$7.4 billion
NASDAQ
MSI
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Motorola Solutions

More Information Technology Jobs

Find similar Senior Software Security Engineer jobs:

NationwideVancouver, BC