Senior Software Cybersecurity Engineer
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Security Design and Implementation
- Perform threat modelling , risk assessments, and architecture reviews to identify and mitigate risk.
- Perform requirements analysis, security audits, and provide detailed mitigation recommendations specifically for Cloud and Container environments.
- Design, review, and enforce Key Management and Identity and Access Management (IAM) controls.
- Support the engineering teams on definition on detailed security requirements to meet compliance requirements and industry best practices.
- Perform security code reviews looking for potential security vulnerabilities.
- Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters.
- Security Testing
- Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations.
- Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools.
- Apply a basic level of knowledge and experience in manual network and application security testing to validate controls.
- Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls.
- Recommend improvements to existing security scanning tools and processes, and propose new ones.
- Vulnerability Management
- Drive vulnerability management with a strong focus on Kubernetes (K8s) infrastructure and container images.
- Periodically triage the findings from the automated security scanning tools.
- Validate potential security vulnerabilities to determine whether they are actual true positives, or false positives (i.e. non-applicable) in the product context. Write proof of concept exploits when necessary to achieve this.
- Assess the risk of vulnerabilities and threats in order to help the business determine their remediation priority order.
- Communicate the identified security issues to engineering and compliance stakeholders, and manage them throughout the SDLC process to ensure they are properly addressed.
- SDLC and DevSecOps Integration
- Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams.
- Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing DevSecOps principles and practices to increase automation.
- Implement automated security controls as part of CI/CD pipelines.
- Incident Response and Compliance
- Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies.
- Apply Detection Engineering principles, including the determination of baseline application security parameters and the creation/maintenance of application-level rules for IDS/IPS.
- Define clear criteria and protocols for security incident response, including creation of technical runbooks.
- Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reoccurring , and refine response strategies.
- Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections.
- Ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST).
- Basic Requirements
- Required Qualifications
- Experience and Education
- 7+ years of experience in Security Engineering with a focus on product security and/or application security.
- Bachelor's degree in Computer Science, Information Security, or a related technical field.
- E xperience leading cybersecurity process change and mentoring on secure by design principles.
- Partnering with engineering teams to ensure secure coding practices and adoption of industry best practices.
- Proactively monitor emerging security threats, vulnerabilities, and trends to investig
Benefits
Additional Information
Company Overview At Motorola Solutions, we believe that everything starts with our people. We're a global close-knit community, united by the relentless pursuit to help keep people safer everywhere. We build and connect technologies to help protect people, property and places. Our solutions foster the collaboration that's critical for safer communities, safer schools, safer hospitals, safer businesses, and ultimately, safer nations. Connect with a career that matters, and help us build a safer future. Department Overview The Senior Software Cybersecurity Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC). Job Description This role is mainly remote.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at Motorola Solutions? Share your experience