Sr. Product Security Engineer

at Motorola Solutions in Chicago, Illinois, United States

Job Description

Company Overview
At Motorola Solutions, we're guided by a shared purpose - helping people be their best in the moments that matter - and we live up to our purpose every day by solving for safer. Because people can only be their best when they not only feel safe, but are safe. We're solving for safer by building the best possible technologies across every part of our safety and security ecosystem. That's mission-critical communications devices and networks, AI-powered video security & access control and the ability to unite voice, video and data in a single command center view. We're solving for safer by connecting public safety agencies and enterprises, enabling the collaboration that's critical to connect those in need with those who can help. The work we do here matters.Department OverviewAt Unified Communications, our vision is to build a safer world - unified by instant, secure and reliable communications. We build best-in-class broadband mission critical voice, video and data communications products. Our portfolio includes evidence platforms as well as Land Mobile Radio interoperability solutions.Job Description
At MSI, our security philosophy is building security foundationally in our products and processes. This position is a key global role responsible for the entire portfolio of Unified Communications products. It includes collaborating with engineering teams, partners and customers worldwide. This position reports to the System Owner (Director of Product Management & Cybersecurity). The role spans 2 pillars of the secure SDLC: building security into the product and assessing it for compliance.

S-SDLC compliance: implementing the NIST Cybersecurity framework with compliance to industry best practices including OWASP, GDPR, CIS, DoD, etc. This is a hands-on role which involves building product security into the software including secure architecture, secure design, secure coding and secure testing practices. In this role, you will, engage with Product Owners and Engineering Teams to understand the product and processes, implement compliance to NIST 800-53 family of controls in the product software, perform gap analysis, risk assessments and collaborating with Product Management and Risk Owners to mature and prioritize security and compliance epics on product roadmaps. The role includes maintaining the product security white paper and marketing materials release over release, driving responses to customer security assessments and security requirements in RFI/RFP responses.

ISM compliance: assessing products and processes to frameworks such as ISO 27001, ISO 27701, SOC 2, FedRAMP, CJIS, global ISMs such as CCCS, ITHC, IRAP, ANSII, etc. This role is responsible for implementing ISM controls and policies, driving portfolio compliance and representing the organization in internal and external audits. It includes maintaining ISM documentation (policies and procedures) and required evidence repositories, asset registers, risk registers, business continuity plans and participating in site level management reviews.

Data Privacy compliance: collaborating with MSI's Data Privacy teams for ongoing data privacy assessments and maintaining data privacy artifacts for the portfolio of products every release.

The following skills are needed for this role:
Experience with Android and iOS Mobile Application Security
Experience with Windows Browser based Application Security
Experience with Linux Server Infrastructure Security
Proven track record of implementing NIST 800-53 cybersecurity framework controls
Success in leading teams to ISO 27001 and SOC 2 Type 2 compliance
Experience with Azure and AWS Cloud deployments
Experience with Data Center (on-prem) deployments

Additional Qualified Skills:
CISSP certification
Experience with deploying products in a FedRAMP compliant environment (candidate achieved successful ATO or JAB approval)
Experience with deploying products in a CJIS compliant environment
Experience with deploying products in compliance to international ISM frameworks (e.g. CCCS, ITHC, IRAP, ANSII, etc)
Experience with air-gapped deployments

This position is subject to working in high security areas governed by the US Department of Justice's "Criminal Justice Information Services (CJIS) Security Policy" and therefore requires successfully passing a more stringent fingerprint background check administered by Motorola Solutions Inc. customers.

#LI-RS1

Employer work permit sponsorship is not available for this position. Basic Requirements
Bachelors Degree in Engineering: Computer Science, Information... For full info follow application link.

Motorola Solutions is an Equal Opportunity Employer committed to no discrimination because of race, color, creed, marital status, age, religion, sex, national origin, citizenship, sexual orientation, gender identity or expression, genetic information, disability, protected veteran, or any other legally protected characteristic.