118 577
17 669
Our IT organization isn’t just here to support our business. We’re here to reinvent it – by changing the way our customers, partners and employees interact with our company. To do that, we’re looking for people who bring great ideas and who make our partners’ ideas better. Intellectually curious advisors (not order takers) who focus on outcomes to creatively solve business problems. People who not only embrace change, but who accelerate it. Job Description We are seeking a talented and battle-tested individual to join our team as a Senior Cyber Defense Professional at Motorola Solutions. As a global technology enterprise, we face various security threats, both internal and external. In this role, you will have the opportunity to combat advanced adversaries and enhance our security posture through threat hunting, security architecture, vulnerability management, and digital forensics. You will play a crucial role in our world-class information security program, designing innovative methods to detect attacks, analyzing emerging attack techniques, and collaborating with the team to develop effective tools and solutions. You will not just be "working tickets." You will be the primary investigator for high-impact security events, a proactive threat hunter, and a mentor to our junior staff. We are looking for a practitioner who focuses on outcomes: reducing attacker dwell time, automating repetitive tasks, and ensuring that every incident leads to a permanent improvement in our security posture.We are looking for someone who is passionate about learning, thrives on challenges, and is eager to contribute to our future success. Strong collaboration, communication, and a team-oriented mindset are essential for this role. MSI provides a work environment that encompasses workplace flexibility, continued professional growth through paid training & certifications, conferences and seminars, along with education assistance. Our culture encourages the honing of current skills and building of new capabilities. We prize flexibility, continuous improvement, and collaboration both within the team as well as with industry peers. If you are excited about the prospect of contributing to a dynamic and challenging environment where you can make a real impact in the field of information security, we look forward to receiving your application. Skills and attributes for success: Self-driven, creative, and can operate independently Technical expertise Continuously learning and identifying ways to strengthen and advance MSI’s Incident Response program Thorough understanding of cybersecurity principles Strong oral and written communication skills with a desire to share thoughts and ideas Responsibilities: Incident Leadership & Execution (Core Duties) Lead and Manage Incidents: Act as the Incident Response Lead (IRL) for low to high-severity and complex security incidents, directing the response, containment, eradication, and recovery efforts across affected teams Conduct Advanced Investigation: Perform deep-dive analysis of security incidents using advanced forensic techniques (host, memory, network) to determine the scope, cause, and impact of the breach Perform Root Cause Analysis: Identify the source, vulnerability, and sequence of events that led to the incident, providing detailed findings to inform security improvements. Execute Threat Containment: Develop and implement immediate and effective containment strategies (e.g., isolating systems, revoking access, blocking malicious traffic) to minimize damage and prevent further proliferation of the threat Post-Incident Leadership: Lead AAR (after action reviews) & "Lessons Learned" sessions to translate incident findings into actionable changes Mentor and Coach: Provide mentorship and training to junior analysts on advanced incident response techniques, forensic analysis, and security tool usage Projects Partispation: Lead project initiatives and participate as a contributing member on supporting cybersecurity initiative Detection, Analysis, and Hunting Monitor and Triage Escalations: Serve as the final escalation point for the Security Operations Center (SOC), validating and adjudicating high-priority security alerts and anomalies Proactive Threat Hunting: Design and execute proactive threat hunting operations using threat intelligence and anomaly detection techniques to identify undetected malicious activity across the enterprise environment Malware Analysis: Analyze malicious code (static and dynamic) and artifacts to understand their capabilities, targets, and C2 infrastructure, and extract Indicators of Compromise (IOCs) Detection Engineering: Tune rules and develop new high-fidelity detections based on findings from Purple Team events, threat hunting, and incidents EDR & SIEM, and Log Analysis: Expertly utilize endpoint detection and SIEM platforms to correlate events, review system and network logs, and develop new custom queries and detection rules Network Traffic Analysis: Analyze network packet captures (PCAP) and flow data to identify lateral movement, data exfiltration, and communication with external threat actors Process Improvement & Strategy Develop and Refine Playbooks: Create, update, and maintain detailed Incident Response (IR) plans, runbooks, and Standard Operating Procedures (SOPs) to ensure consistency and efficiency in incident handling Evaluate and Tune Security Tools: Propose and implement improvements to existing security tools (EDR, SIEM, SOAR, Firewalls, IDS/IPS) and detection logic to enhance the organizations security posture and reduce false positives Partner with the Threat Intelligence: Incorporate findings from the organizations threat intelligence strategy into incident investigations, ensuring threat data is actionable and integrated into defense systems Communication, Documentation, and Compliance High-Level Reporting and Briefings: Prepare and deliver clear, concise written and verbal reports, after-action review (AAR), and executive summaries to technical & non-technical stakeholders on incident status, impact, and lessons learned Regulatory Compliance: Work with GRC team to ensure all incident response activities are conducted in accordance with legal and regulatory requirements (e.g., data breach notification laws, internal policies) Coordinate with Stakeholders: Collaborate closely with IT, Legal, Human Resources, and external vendors/partners throughout an incident to ensure a coordinated and effective response On-Call Support: Participate in an on-call rotation to provide 24/7 incident response coverage for critical security events Monitor specific cyber threat actors to understand tactics and techniques Prepare reports documenting security incidents and damage assessment Review logs to identify unusual behavior in networks and endpoint devices Perform forensic analysis as necessary Drive lessons learned and remediation efforts organization-wide Recommend security enhancements to management or the team Experience with scripting and programming languages such as Python, PowerShell, or any other modern language Understanding of programming concepts and a security-first approach in developing programs. Develop scripts and tools using modern programming languages. Solve complex problems through logical thinking. Prototype new technologies. Gather business requirements and support database, server, and script managemen Basic Requirements Requirements: Knowledge and training in Information Security, Computer Systems Engineering, or Network Engineering. Understanding of tasks required of Security Operations Center (SOC) analyst and the relationship with the Incident Respose team Experience with networking fundamentals (TCP/IP, minimum) Familiarity with major operating systems available (Windows, Linux, and MacOS) Ability to piece together small pieces of information from multiple sources to tell a larger story Knowledge of major attack types (Malware-based, Identity-based, Social Engineering, Infrastructure, or Supply Chain) Understanding of vulnerabilities and exploits. Familiarity with analyzing and distilling logs (firewall, web application, Active Directory) Familiarity with MITRE ATT&CK & Lockheed Cyber Kill Chain Familiarity with security tools & technologies: EDR: CrowdStrike, SentinelOne, Palo Alto Cortex XDR, Microsoft Defender SIEM: Splunk, Elastic, Palo Alto Cortex XSIAM, Microsoft Azure Sentinel SOAR: Splunk SOAR, Palo Alto Cortex XSOAR, Microsoft Sentinel, IBM QRadar, Google Security Operations, Rapid7 InsightConnect Ability to script in Shell (Bash or Powershell) & Python Experience conveying complex information in simple, succinct explanations Ability to work in a fast-paced, operational environment, including non-standard work hours in response to Information Security incidents