Security Automation Engineer
At Motorola Solutions, we create technologies our customers refer to as their lifeline. Our technology platforms in communications, software, video and services help our customers work safely and more efficiently. Whether it’s helping firefighters see through smoke, enabling police officers to see around street corners, or reliably keeping the lights on in homes and businesses around the world, our work supports those who put their lives on the line to keep us safe. Bring your passion, potential and talents to Motorola Solutions, and help us usher in a new era in public safety and security.
Department OverviewThis is your opportunity to use your automation and security skills to protect the people that protect us. As part of the product Application Security Architecture team, you’ll work on driving and refining the appsec and vulnerability management strategy across all of Motorola Solution’s mission critical products and services. Our customers are first responders: fire, police, paramedics, 911 call takers and dispatchers.
We are looking for an individual that is passionate - not just about cybersecurity - but about our mission to protect public safety and first responders. You should be passionate about constantly learning, researching and building solutions to difficult problems. The Application Security Architecture team is responsible for developing the entire application security strategy across Motorola Solutions, including tooling, SDLC, guidelines, standards and vulnerability management. You will be working closely with engineering teams to understand their technology stacks, pipelines, frameworks, and products and create seamless solutions to integrate security testing and metrics.
We believe automation is king, and our goal is to attempt to automate security testing as much as we can - including everything from the way our security testing tools are deployed and triggered, to how metrics and remediations are tracked. Part of the responsibility of the security automation engineer will be to architect and manage our security tooling environment to take advantage of cloud native technologies and Infrastructure as Code and to provide development and engineering teams the resources and guidance to trigger, automate and validate their security testing.
This is a great greenfield opportunity to build out unique solutions using new technology in order to address engineering teams’ security needs. We want to rely on you to come up with innovative and automated ways to help teams secure their applications and systems utilizing every tool we have at our disposal. This is also a great chance to learn and improve your cybersecurity skills through research, experimentation and hands on implementation.
If you are passionate about cloud infrastructure, DevOps and security and want to help solve important problems at scale in a high stakes environment, this role is for you. If you are a developer or operations engineer with a strong passion and interest in security, this role is for you. If you are a security consultant or penetration tester, but want to help build and defend solutions against the attacks you’ve normally performed, this role is for you! Some of your responsibilities will include:
Architecting robust and scalable cloud native solutions for vulnerability scanning, reporting and metrics
Designing and implementing serverless functions, webhooks, CLIs and other utilities for helping engineering teams automate and validate their security scans
Integrating automated security tests via various tools into CI/CD pipelines
Leveraging cloud infrastructure and APIs to help gain visibility and oversight of our security posture
Investigating and POCing commercial and open-source security scanning tools
Developing various automation scripts, plugins and dashboards to enable application security and vulnerability management oversight at scale
Performing research and documenting best practices on securing and implementing various technologies as we adopt them
Providing assistance to engineering teams for running security scans, interpreting results, and tracking remediations
Creating resources, documentation and training materials to help engineering teams onboard security scanners
This is your opportunity to help shape the application security landscape for products that directly impact people’s lives, every single day.
Skills we are looking for:
Some familiarity with application security concepts (e.g. OWASP Top 10)
Some experience with or desire to learn security testing tools such as SAST, DAST, and vulnerability scanners (e.g. Fortify, OWASP ZAP, Nessus, etc)
Strongly proficient in at least one scripting language
Exposure to various programming languages (i.e. ability to figure out what’s going on by looking at code snippets)
Strong ability to learn and research new things, including tools, languages, frameworks, etc.
Strong communication skills and the ability to present security concepts to non-technical audiences
Familiarity with DevOps practices, including CI/CD pipelines and tools (e.g. Jenkins)
Exposure to cloud infrastructure and cloud network architecture concepts, esp. Azure
Familiarity with cloud security concepts and best practices, esp. Azure
Experience with, or desire to learn, Infrastructure as Code and Automated Configuration Management tools (e.g. Terraform and Ansible)
Must have at least 3 years experience in either development, operations or security
Referral Payment PlanYes
Motorola Solutions is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran's status, or, any other protected characteristic.
If you are a current Motorola Solutions employee, please click this link to apply through your Workday account.