Senior Product Security Engineer

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility -our people are energized problem solvers that take pride in how thework we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us!

Job Description

The Senior Product Security Engineer will drive software application security efforts across Verve's product development team. This will involve working closely with Verve's senior software engineering leadership, direct interaction with Verve's development teams, and serving as the primary interface with the broader security and compliance processes and teams within Verve's parent company, Rockwell Automation. You will report to the Team Lead, Staff Software Engineer and will be hybrid working out of the Milwaukee WI or Mayfield Heights office.

• Develop a deep expertise in Rockwell's established secure development processes. This position will be the primary interface between Verve's development organization and Rockwell's secure development assurance processes.
  • Drive timely and effective resolution of vulnerability reports in support of Rockwell's Product Security Incident Response Team (PSIRT).
  • Coordinate incident management and other reported security issues.
  • Drive risk reviews and risk analysis to identify systematic issues.
• Evangelize and mentor secure software development practices within Verve's software product development teams.
  • Provide architecture and best practice guidance related to secure software development to product teams. Assist teams in process evolution required to achieve and maintain IEC 62443 certification.
  • Maintain current knowledge of security threats and vulnerabilities that could impact products.
  • Ensure adherence to security standards and provide guidance and input to standards enhancements.
• Collaborate throughout the development lifecycle to verify and improve software security.
  • Perform threat modeling, security requirements review, secure code review and vulnerability assessments.
  • Lead and participate in security architecture and design review meetings. Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
  • Lead efforts with the development teams to quantify residual product risk and identification of appropriate security controls.
• Contribute as appropriate to the continued development of the Verve software platform.

• Bachelors degree
• Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

• 5+ years professional experience, with at least 3 years of experience, ideally involving web applications.
• A BS in Computer Science or a similar field or equivalent experience.
• Solid understanding of TCP/IP networking.
• Strong foundational understanding of web application security, linux/unix system security, network security, applied cryptography, and OS-level hardening, with advanced knowledge in at least a few of these areas.
• Experience working with development teams to review designs, construct threat models, and develop/maintain secure coding standards.
• At least a basic understanding of object-oriented design and programming.
• Familiarity with CVE, CPE, and CVSS.
• Experience with Python, C#/.NET, and Angular.
• A familiarity with OT devices and environments.
• Experience with CI/CD environments.
• Familiarity with containerization concepts.
• Experience with various security assessment tools (SCA, SAST, DAST, and vulnerability scanners).
• Industrial cybersecurity and/or information technology certifications such as (ISC)2 CISSP, or CSSLP, SANS GICSP.

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

#LI-Hybrid

#LI-AC1

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation's hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.