Senior Software Security Engineer

Company Overview

At Motorola Solutions, we believe that everything starts with our people. We're a global close-knit community, united by the relentless pursuit to help keep people safer everywhere. Our critical communications, video security and command center technologies support public safety agencies and enterprises alike, enabling the coordination that's critical for safer communities, safer schools, safer hospitals and safer businesses. Connect with a career that matters, and help us build a safer future.

Aperçu de l'entreprise

Chez Motorola Solutions, nous pensons que tout commence par nos employés. Nous sommes une communauté mondiale soudée, unie par la volonté incessante de contribuer à la sécurité des personnes partout dans le monde. Nos technologies de communication, de sécurité vidéo et de centre de commandement essentielles soutiennent les agences de sécurité publique et les entreprises, permettant une coordination essentielle pour des communautés, des écoles, des hôpitaux et des entreprises plus sécuritaires. Connectez-vous à une carrière qui compte et aidez-nous à bâtir un avenir plus sûr.

Department OverviewThe Senior Software Security Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC).
Job Description

Responsibilities

Security Design and Implementation

• Perform threat modeling, risk assessments, and architecture reviews to identify and mitigate risk.

• Support the engineering teams on definition on detailed security requirements to meet compliance requirements and industry best practices.

• Perform security code reviews looking for potential security vulnerabilities.

• Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters.

Security Testing

• Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations.

• Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools.

• Manual penetration testing of web applications (backend and frontend).Manual penetration testing skills in the domains of cloud infrastructure, embedded/OS or mobile are desirable.

• Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls.

• Recommend improvements to existing security scanning tools and processes, and propose new ones.

Vulnerability Management

• Periodically triage the findings from the automated security scanning tools.

• Validate potential security vulnerabilities to determine whether they are actual true positives, or false positives (i.e. non-applicable) in the product context. Write proof of concept exploits when necessary to achieve this.

• Assess the risk of vulnerabilities and threats in order to help the business determine their remediation priority order.

• Communicate the identified security issues to engineering and compliance stakeholders, and manage them throughout the SDLC process to ensure they are properly addressed.

SDLC and DevSecOps Integration

• Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams.

• Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing DevSecOps principles and practices to increase automation.

• Implement automated security controls as part of CI/CD pipelines.

Incident Response and Compliance

• Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies.

• Define clear criteria and protocols for security incident response.

• Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reoccurring, and refine response strategies.

• Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections.

• Ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST).

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field; Master's degree preferred.

• 5+ years of experience in Security Engineering, with expertise in product and application security.

• In-depth knowledge of Linux, Docker, Kubernetes, and cloud platforms (AWS, Azure, GCP).

• Familiarity with authentication technologies, cryptography, and security protocols (e.g., TLS).

• Strong software development skills, with experience in Go, Python, JavaScript, C/C++, and Bash.

• Understanding of web-related protocols (HTTP, REST APIs), networking protocols (TCP/IP), and security frameworks (OWASP, NIST).

• Experience with security tools like SAST, DAST, IAST, and SCA, and secure CI/CD pipeline implementation.

• Knowledge of threat modeling, vulnerability remediation, and emerging threats.

• Desirable qualifications include exploit development, familiarity with AI/ML security considerations, and certifications like OSCP, CISSP, or CCSP.

• Exceptional analytical, investigative, and communication skills, with ability to advise technical and non-technical stakeholders. 

Desirable Qualifications

• Familiarity with security considerations for AI/ML systems is desirable.

• Understanding of distributed systems design, implementation and operation.

• Understanding of privacy threats and controls, including on how to adapt generic best practices to specific scenarios in the product by providing detailed specifications to stakeholders.

• Exploit development experience, and good understanding of the necessary conditions to trigger different vulnerability types, and the maximum impact achievable.

• Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery).

• Master's degree or equivalent experience preferred.

• Security certifications are a plus, including OSCP, OSEE, SANS/GIAC, CCSP, and CISSP.

• Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders.

• Demonstrated ability to design, document, and implement new security processes.

• Experience in a high-growth technology environment or SaaS business.

• Ability to remain calm under pressure, especially during incidents or audits.

Target Base Salary Range: $95,000 - $110,000 CAD

Consistent with Motorola Solutions values and applicable law, we provide the following information to promote pay transparency and equity. Pay within this range varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate.

#LI-SC1

#LI-REMOTE

Basic Requirements

• Bachelors Degree with 4+ years of experience in Security Engineering with a focus on product security and/or application security.

• 2+ years of experience in performing threat modeling

• 2+ years of experience with security tools such as SAST, DAST, IAST, and/or SCA.

Travel RequirementsUnder 10%
Relocation ProvidedNone
Position TypeExperienced
Referral Payment PlanYes

EEO Statement

Motorola Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or belief, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally-protected characteristic. 

We are proud of our people-first and community-focused culture, empowering every Motorolan to be their most authentic self and to do their best work to deliver on the promise of a safer world. If you'd like to join our team but feel that you don't quite meet all of the preferred skills, we'd still love to hear why you think you'd be a great addition to our team.

We're committed to providing an inclusive and accessible recruiting experience for candidates with disabilities, or other physical or mental health conditions. To request an accommodation, please complete this Reasonable Accommodations Form so we can assist you.

Motorola Solutions adopte, favorise et promeut les principes de diversité, d'équité et d'inclusion. Nous encourageons et accueillons les candidatures de toutes les personnes qualifiées, quelles que soient leur race, origines ethnique, religion ou croyance, orientation sexuelle, identité et expression sexuelle, statut d'anciens combattants ou tout autre statut protégé par la Loi.

Nous sommes fiers de notre culture axée sur les personnes et les communautés, encourageant ainsi chaque Motorolan d'être la version la plus authentique de lui-même dans ses responsabilités afin de tenir la promesse d'un monde plus sécuritaire.

Si vous souhaitez vous joindre à notre communauté mais croyez que vous ne possédez pas toutes les exigences requises pour le poste convoité, nous aimerions tout de même connaître les raisons pour lesquelles vous pensez être un excellent candidat pour notre équipe.

Nous offrons également des mesures d'adaptation pendant toutes les étapes du processus d'embauche afin de favoriser l'inclusion des personnes vivant avec un  handicap physique et/ou mental. Pour demander un aménagement, veuillez remplir ce formulaire d'aménagement raisonnable afin que nous puissions vous aider.

---