At Motorola Solutions, we believe that everything starts with our people. We’re a global close-knit community, united by the relentless pursuit to help keep people safer everywhere. Our critical communications, video security and command center technologies support public safety agencies and enterprises alike, enabling the coordination that’s critical for safer communities, safer schools, safer hospitals and safer businesses. Connect with a career that matters, and help us build a safer future.
We are seeking a talented and battle-tested individual to join our team as a Senior Cyber Defense Professional at Motorola Solutions. As a global technology enterprise, we face various security threats, both internal and external. In this role, you will have the opportunity to combat advanced adversaries and enhance our security posture through threat hunting, security architecture, vulnerability management, and digital forensics. You will play a crucial role in our world-class information security program, designing innovative methods to detect attacks, analyzing emerging attack techniques, and collaborating with the team to develop effective tools and solutions. You will not just be "working tickets." You will be the primary investigator for high-impact security events, a proactive threat hunter, and a mentor to our junior staff. We are looking for a practitioner who focuses on outcomes: reducing attacker dwell time, automating repetitive tasks, and ensuring that every incident leads to a permanent improvement in our security posture.We are looking for someone who is passionate about learning, thrives on challenges, and is eager to contribute to our future success. Strong collaboration, communication, and a team-oriented mindset are essential for this role.
MSI provides a work environment that encompasses workplace flexibility, continued professional growth through paid training & certifications, conferences and seminars, along with education assistance. Our culture encourages the honing of current skills and building of new capabilities. We prize flexibility, continuous improvement, and collaboration both within the team as well as with industry peers.
If you are excited about the prospect of contributing to a dynamic and challenging environment where you can make a real impact in the field of information security, we look forward to receiving your application.
Skills and attributes for success:
Self-driven, creative, and can operate independently
Technical expertise
Continuously learning and identifying ways to strengthen and advance MSI’s Incident Response program
Thorough understanding of cybersecurity principles
Strong oral and written communication skills with a desire to share thoughts and ideas
Responsibilities:
Incident Leadership & Execution (Core Duties)
Lead and Manage Incidents: Act as the Incident Response Lead (IRL) for low to high-severity and complex security incidents, directing the response, containment, eradication, and recovery efforts across affected teams
Conduct Advanced Investigation: Perform deep-dive analysis of security incidents using advanced forensic techniques (host, memory, network) to determine the scope, cause, and impact of the breach
Perform Root Cause Analysis: Identify the source, vulnerability, and sequence of events that led to the incident, providing detailed findings to inform security improvements.
Execute Threat Containment: Develop and implement immediate and effective containment strategies (e.g., isolating systems, revoking access, blocking malicious traffic) to minimize damage and prevent further proliferation of the threat
Post-Incident Leadership: Lead AAR (after action reviews) & "Lessons Learned" sessions to translate incident findings into actionable changes
Mentor and Coach: Provide mentorship and training to junior analysts on advanced incident response techniques, forensic analysis, and security tool usage
Projects Partispation: Lead project initiatives and participate as a contributing member on supporting cybersecurity initiative
Detection, Analysis, and Hunting
Monitor and Triage Escalations: Serve as the final escalation point for the Security Operations Center (SOC), validating and adjudicating high-priority security alerts and anomalies
Proactive Threat Hunting: Design and execute proactive threat hunting operations using threat intelligence and anomaly detection techniques to identify undetected malicious activity across the enterprise environment
Malware Analysis: Analyze malicious code (static and dynamic) and artifacts to understand their capabilities, targets, and C2 infrastructure, and extract Indicators of Compromise (IOCs)
Detection Engineering: Tune rules and develop new high-fidelity detections based on findings from Purple Team events, threat hunting, and incidents
EDR & SIEM, and Log Analysis: Expertly utilize endpoint detection and SIEM platforms to correlate events, review system and network logs, and develop new custom queries and detection rules
Network Traffic Analysis: Analyze network packet captures (PCAP) and flow data to identify lateral movement, data exfiltration, and communication with external threat actors
Process Improvement & Strategy
Develop and Refine Playbooks: Create, update, and maintain detailed Incident Response (IR) plans, runbooks, and Standard Operating Procedures (SOPs) to ensure consistency and efficiency in incident handling
Evaluate and Tune Security Tools: Propose and implement improvements to existing security tools (EDR, SIEM, SOAR, Firewalls, IDS/IPS) and detection logic to enhance the organization's security posture and reduce false positives
Partner with the Threat Intelligence: Incorporate findings from the organization's threat intelligence strategy into incident investigations, ensuring threat data is actionable and integrated into defense systems
Communication, Documentation, and Compliance
High-Level Reporting and Briefings: Prepare and deliver clear, concise written and verbal reports, after-action review (AAR), and executive summaries to technical & non-technical stakeholders on incident status, impact, and lessons learned
Regulatory Compliance: Work with GRC team to ensure all incident response activities are conducted in accordance with legal and regulatory requirements (e.g., data breach notification laws, internal policies)
Coordinate with Stakeholders: Collaborate closely with IT, Legal, Human Resources, and external vendors/partners throughout an incident to ensure a coordinated and effective response
On-Call Support: Participate in an on-call rotation to provide 24/7 incident response coverage for critical security events
Monitor specific cyber threat actors to understand tactics and techniques
Prepare reports documenting security incidents and damage assessment
Review logs to identify unusual behavior in networks and endpoint devices
Perform forensic analysis as necessary
Drive lessons learned and remediation efforts organization-wide
Recommend security enhancements to management or the team
Experience with scripting and programming languages such as Python, PowerShell, or any other modern language
Understanding of programming concepts and a security-first approach in developing programs.
Develop scripts and tools using modern programming languages.
Solve complex problems through logical thinking.
Prototype new technologies.
Gather business requirements and support database, server, and script managemen
Requirements:
Knowledge and training in Information Security, Computer Systems Engineering, or Network Engineering.
Understanding of tasks required of Security Operations Center (SOC) analyst and the relationship with the Incident Respose team
Experience with networking fundamentals (TCP/IP, HTTP minimum)
Familiarity with major operating systems available (Windows, Linux, and MacOS)
Ability to piece together small pieces of information from multiple sources to tell a larger story
Knowledge of major attack types (Malware-based, Identity-based, Social Engineering, Infrastructure, or Supply Chain)
Understanding of vulnerabilities and exploits.
Familiarity with analyzing and distilling logs (firewall, web application, Active Directory)
Familiarity with MITRE ATT&CK & Lockheed Cyber Kill Chain
Familiarity with security tools & technologies:
EDR: CrowdStrike, SentinelOne, Palo Alto Cortex XDR, Microsoft Defender
SIEM: Splunk, Elastic, Palo Alto Cortex XSIAM, Microsoft Azure Sentinel
SOAR: Splunk SOAR, Palo Alto Cortex XSOAR, Microsoft Sentinel, IBM QRadar, Google Security Operations, Rapid7 InsightConnect
Ability to script in Shell (Bash or Powershell) & Python
Experience conveying complex information in simple, succinct explanations
Ability to work in a fast-paced, operational environment, including non-standard work hours in response to Information Security incidents
In return for your expertise, we’ll support you in this new challenge with coaching & development every step of the way. Also, to reward your hard work you’ll get:
Competitive salary package
Private medical & dental coverage
Employee Pension Plan
Life insurance
Employee Stock Purchase Plan
Flexible working hours
Strong collaborative culture
Comfortable work conditions (high-class offices, parking space)
Volleyball field and grill place next to the office
Access to wellness facilities and integration events as well as training and broad
Development opportunities
#LI-LB1
EEO Statement
Motorola Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or belief, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally-protected characteristic.
We are proud of our people-first and community-focused culture, empowering every Motorolan to be their most authentic self and to do their best work to deliver on the promise of a safer world. If you’d like to join our team but feel that you don’t quite meet all of the preferred skills, we’d still love to hear why you think you’d be a great addition to our team.