Senior Software Security Engineer

Overview Senior Software Security Engineer role at Motorola Solutions. Responsibilities Security Design and Implementation: Perform threat modeling, risk assessments, and architecture reviews to identify and mitigate risk. Support engineering teams on definition of detailed security requirements to meet compliance requirements and industry best practices. Perform security code reviews looking for potential security vulnerabilities. Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters. Security Testing: Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations. Define and oversee the deployment of automated security testing tools into CI pipelines, including SAST, DAST, and Secret Detection scanning tools. Manual penetration testing of web applications (backend and frontend); manual penetration testing skills in cloud infrastructure, embedded/OS or mobile are desirable. Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls. Recommend improvements to existing security scanning tools and processes, and propose new ones. Vulnerability Management: Periodically triage the findings from the automated security scanning tools. Validate potential security vulnerabilities to determine whether they are actual true positives or false positives in the product context. Write proof of concept exploits when necessary. Assess the risk of vulnerabilities and threats to help the business determine remediation priority. Communicate identified security issues to engineering and compliance stakeholders and manage them throughout the SDLC to ensure they are addressed. SDLC and DevSecOps Integration: Establish and maintain secure coding standards, baseline product security requirements, and general best practices to guide development teams. Assist the program area with implementing a secure CI/CD pipeline utilizing DevSecOps principles to increase automation. Implement automated security controls as part of CI/CD pipelines. Incident Response and Compliance: Support product security incident response processes, including root cause analysis and definition of mitigation strategies. Define clear criteria and protocols for security incident response. Conduct post-incident analysis to derive lessons learned and refine response strategies. Monitor emerging security threats and ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST). Qualifications Bachelor’s degree in Computer Science, Information Security, or related field; Master’s degree preferred. 5+ years of experience in Security Engineering, with expertise in product and application security. In-depth knowledge of Linux, Docker, Kubernetes, and cloud platforms (AWS, Azure, GCP). Familiarity with authentication technologies, cryptography, and security protocols (e.g., TLS). Strong software development skills, with experience in Go, Python, JavaScript, C/C++, and Bash. Understanding of web-related protocols (HTTP, REST APIs), networking protocols (TCP/IP), and security frameworks (OWASP, NIST). Experience with security tools like SAST, DAST, IAST, and SCA, and secure CI/CD pipeline implementation. Knowledge of threat modeling, vulnerability remediation, and emerging threats. Desirable qualifications include exploit development, familiarity with AI/ML security considerations, and certifications like OSCP, CISSP, or CCSP. Exceptional analytical, investigative, and communication skills, with ability to advise technical and non-technical stakeholders. Desirable Qualifications Familiarity with security considerations for AI/ML systems is desirable. Understanding of distributed systems design, implementation and operation. Understanding of privacy threats and controls with detailed specifications to stakeholders. Exploit development experience and understanding of conditions to trigger different vulnerability types and their maximum impact. Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery). Security certifications are a plus (OSCP, OSEE, SANS/GIAC, CCSP, CISSP). Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders. Demonstrated ability to design, document, and implement new security processes. Experience in a high-growth technology environment or SaaS business. Ability to remain calm under pressure during incidents or audits. Target Base Salary Range: $95,000 - $110,000 CAD. Pay transparency information available; actual offer based on candidate expertise and job-related knowledge. Basic Requirements Bachelors Degree with 4+ years of experience in Security Engineering with a focus on product security and/or application security. 2+ years of experience in performing threat modeling. 2+ years of experience with security tools such as SAST, DAST, IAST, and/or SCA. Travel Requirements Under 10% Relocation Provided None Position Type Experienced Referral Payment Plan Yes EEO Statement : Motorola Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or belief, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally-protected characteristic. We are proud of our people-first and community-focused culture. If you’d like to join our team but feel that you don’t meet all the preferred skills, we’d still love to hear why you’d be a great addition. We’re committed to providing an inclusive and accessible recruiting experience for candidates with disabilities. To request an accommodation, please complete this Reasonable Accommodations Form. Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Telecommunications #J-18808-Ljbffr