Lead Application Security Engineer

Company Overview

At Motorola Solutions, we believe that everything starts with safety. It’s the constant that empowers people to confidently move forward. It can fill a flight or sell out a stadium. It can care for a patient or graduate a class.

As a global leader in public safety and enterprise security, we create and connect the technologies that help to keep people safe where they live, learn, work and play. Our integrated technology ecosystem unifies critical communications, video security and access control, and command center software, enabling collaboration in more powerful ways.

At Motorola Solutions, we’re ushering in a new era in public safety and security. Bring your passion, potential and talents to a career that matters.

Department Overview

This is an opportunity for you to use user cybersecurity skills to protect the people that protect us. Our customers are first responders. Fire, police, and paramedics; 911 call takers and 911 dispatchers. And when we or our loved ones place that 911 call, we become the customer of our customers. We want that call to be answered, and we want the communications between the dispatcher and the first responder to be available. But what if that 911 call center, or the communications link to the responders in the field, were under attack? What if you or your loved ones' call to 911 went unanswered, or they were unable to dispatch paramedics to your location, because they had been taken down by ransomware? This is not just theoretical; it is happening. First responders and 911 call centers are under attack around the globe, and this is a chance to fight back.
Job Description

Your Responsibilities

• Responsible for executing on and implementing an application security strategy targeting security testing and DAST best practices across various technology stacks and development methodologies.

• Promote and advocate for a collaborative and security focused culture among all developer communities globally.

• Interface with development teams to provide guidance and enablement on various secure software development life-cycle (SDLC) activities, especially security validation and testing of web and mobile applications to ensure products meet internal and industry standards and requirements.

• Serve as a subject matter expert to internal product teams on DAST testing and secure coding standards.

• Deliver training and support to development teams on various SDLC and security testing topics.

• Collaborate with other teams and stakeholders to accomplish shared objectives

• Strong team player with the ability to work with a geographically dispersed team

• Engage with business leads and senior-level stakeholders to educate, consult and socialize application security initiatives and practices.

• Define, develop and deliver application security training and awareness materials.

Specific Knowledge and Skills

• Strong background in working with SAST and DAST security testing tools such as SonarQube, OWASP ZAP, BurpSuite

• Excellent written and oral communication skills.

• Excellent interpersonal, planning, and organizational skills.

• Experience with organizational change management

• Ability to multi-task with a strong sense of urgency; ability to meet deadlines

• Ability to concisely illustrate concepts in words and diagrams

• Ability to research and learn new topics and become functional with them quickly.

• Comfortable working with remote team members and geographically dispersed teams.

• Strong background in software development and modern programming languages (Java, C#, Python, Node.JS, Go)

• Knowledge of common application vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies.

• Experience with current DevOps methodologies and practices (CI/CD)

• Proficient in delivering and speaking to technical concepts to a wide variety of audiences.

• Knowledge of cybersecurity and secure coding principles and best practices

• Skill in using code analysis tools like SAST and DAST tools

• Knowledge of application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, injections, race conditions, replay, return-oriented attacks, malicious code)

Additional Requirements:

• Strong working knowledge on DAST tools including ZAP, Burp suite, etc.

• Solid understanding of various forms of security testing 

• Experience in working with DevOps or Agile environments 

• Experience explaining technical and security concepts to technical and non-technical people

#LI-MP2

#LI-HYBRD

Basic Requirements

• Bachelor’s degree and 3+ years of experience

• OR Masters degree and 1+ years of experience

Vaccine Requirement

Motorola Solutions has implemented a voluntary COVID-19 vaccination policy. We strongly encourage all employees to be fully vaccinated. Additionally, certain local governments or Motorola Solutions' customers may have vaccine requirements that apply to some of our employees. These employees are required to submit proof of vaccination to Motorola Solutions and maintain compliance with these requirements.

Travel RequirementsNone
Relocation ProvidedNone
Position TypeExperienced
Referral Payment PlanNo

Our U.S. Benefits include:

• Incentive Bonus Plans
• Medical, Dental, Vision benefits effective Day 1
• 401K with Company Match and Day 1 vesting
• 9 Paid Holidays
• Generous Paid Time Off Packages
• Employee Stock Purchase Plan
• Paid Parental & Family Leave
• and more!

EEO Statement

Motorola Solutions is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran's status, or, any other protected characteristic.