Senior Software Cybersecurity Engineer

Responsible for analysing software designs, implementations, and security controls throughout the software development lifecycle (SDLC). Focus on threat modelling, secure design, testing, vulnerability management, and DevSecOps integration.

Responsibilities

• Perform threat modelling, risk assessments, and architecture reviews to identify and mitigate risk.
• Support engineering teams in defining detailed security requirements to meet compliance and industry best practices.
• Conduct security code reviews for potential vulnerabilities.
• Serve as a subject matter expert, advising engineering and compliance teams on technical product security matters.
• Define and oversee the deployment of Software Composition Analysis (SCA) tools, generating SBOMs to identify known vulnerabilities and license issues.
• Define and oversee automated security testing tools in CI pipelines, including SAST, DAST, and secret detection scanning.
• Perform manual penetration testing of web applications and, when desired, cloud, embedded, OS, or mobile environments.
• Write custom scripts or unit tests to verify vulnerabilities or missing controls.
• Recommend improvements to security scanning tools and processes, and propose new ones.
• Periodically triage findings from automated tools, validating true positives versus false positives and delivering proof‑of‑concept exploits when needed.
• Assess vulnerability risk to prioritize remediation for the business.
• Communicate identified security issues to stakeholders and manage them through the SDLC to ensure resolution.
• Establish and maintain secure coding standards, baseline product security requirements, and general best practices.
• Assist in implementing a secure CI/CD pipeline with DevSecOps principles to enhance automation.
• Implement automated security controls within CI/CD pipelines.
• Support product security incident response, including root cause analysis, mitigation strategies, incident criteria, and post‑incident lessons.
• Monitor emerging threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections.
• Ensure product compliance with relevant security standards, certifications, and regulations (e.g., OWASP, NIST).

Experience and Education

• 5+ years of experience in Security Engineering with a focus on product and/or application security.
• Bachelor’s degree in Computer Science, Information Security, or a related technical field.

Technical Skills

• In‑depth knowledge of Linux and Docker container‑based infrastructures, including orchestration (e.g., Kubernetes).
• Working knowledge of authentication, authorization, applied cryptography, security vulnerabilities, and remediation techniques.
• Significant software development experience; experience in Go (primary backend language), TypeScript/JavaScript, C/C++, Python, and Bash is desirable.
• Knowledge of web protocols (HTTP, REST APIs, DOM, CSP), networking protocols (IP, TCP, UDP) and security protocols (TLS).
• Experience performing threat modeling with common threat vectors and frameworks.
• Strong knowledge of security principles, best practices, and industry standards (NIST, ISO 27001, CIS Controls, OWASP ASVS and Testing Guides).
• Familiarity with industry‑standard security frameworks such as OWASP and NIST.
• Experience with security tools (SAST, DAST, IAST, SCA).
• Exceptional analytical and investigative skills, including root‑cause analysis.
• Knowledge of current and emerging threats and exploitation techniques.
• Experience with CI/CD pipeline integration, security tools, and secure SDLC.
• Experience with cloud infrastructure (AWS, Azure, or Google Cloud) and best practices for securing cloud environments.

Desirable Qualifications

• Familiarity with security considerations for AI/ML systems.
• Understanding of distributed systems design, implementation, and operation.
• Understanding of privacy threats and controls, including tailoring best practices to specific product scenarios.
• Exploit development experience and knowledge of conditions needed to trigger vulnerability types.
• Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery).

Education and Certifications

• Master’s degree or equivalent experience preferred.
• Security certifications (OSCP, OSEE, SANS/GIAC, CCSP, CISSP) are a plus.

Soft Skills & Leadership

• Excellent verbal and written communication, able to translate complex security concepts to technical and non‑technical stakeholders.
• Demonstrated ability to design, document, and implement new security processes.
• Experience in a high‑growth technology or SaaS environment.
• Ability to remain calm under pressure, especially during incidents or audits.

Benefits

• Competitive salary and bonus schemes.
• Two weeks additional pay per year (holiday bonus).
• 25 days holiday entitlement + bank holidays.
• Defined contribution pension scheme.
• Private medical insurance.
• Employee stock purchase plan.
• Flexible working options.
• Life assurance.
• Enhanced maternity and paternity pay.
• Career development support and broad learning opportunities.
• Employee health and wellbeing support (EAP, wellbeing guidance, etc.).
• Carbon neutral initiatives/goals.
• Corporate social responsibility initiatives including support for volunteering days.
• Well‑known company discount scheme.

Travel Requirements

• Under 10%

Relocation

• None

Position Type

• Experienced

Referral Payment Plan

• Yes

Company

• Motorola Solutions UK Limited

EEO Statement

• Motorola Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or belief, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally-protected characteristic.