Senior Software Security Engineer

Company Overview

At Motorola Solutions, we believe that everything starts with our people. We’re a global close-knit community, united by the relentless pursuit to help keep people safer everywhere. Our critical communications, video security and command center technologies support public safety agencies and enterprises alike, enabling the coordination that’s critical for safer communities, safer schools, safer hospitals and safer businesses. Connect with a career that matters, and help us build a safer future.

The Senior Software Security Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC).

This role is primarily hybrid, with occasional travel to our Krakow office.

• Perform threat modelling , risk assessments, and architecture reviews to identify and mitigate risk.
• Support the engineering teams on definition on detailed security requirements to meet compliance requirements and industry best practices.
• Perform security code reviews looking for potential security vulnerabilities.
• Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters.

• Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations.
• Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools.
• Manual penetration testing of web applications (backend and frontend).Manual penetration testing skills in the domains of cloud infrastructure, embedded/OS or mobile are desirable.
• Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls.
• Recommend improvements to existing security scanning tools and processes, and propose new ones.

• Periodically triage the findings from the automated security scanning tools.

• Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams.
• Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing Dev Sec Ops  principles and practices to increase automation.
• Implement automated security controls as part of CI/CD pipelines.

• Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies.
• Define clear criteria and protocols for security incident response.
• Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reocurring , and refine response strategies.
• Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections.

• 5+ years of experience in Security Engineering with a focus on product security and/or application security.
• Bachelor’s degree in Computer Science, Information…