Apply on Employer Site

Rockwell Automation · 1 day ago

Senior Product Security Engineer

United States

Full-time

Remote

Senior Level

$136K/yr - $204K/yr

5+ years exp

Rockwell Automation is a global technology leader focused on enhancing productivity and sustainability for manufacturers. The Senior Product Security Engineer will lead software application security efforts, collaborating with development teams and ensuring adherence to security standards throughout the product development lifecycle.

HardwareIndustrial AutomationSales AutomationSoftware

No H1B

Hiring Manager

Anna Michele 🚩Rockwell Automation

Responsibilities

Develop a deep expertise in Rockwell's established secure development processes. This position will be the primary interface between Verve's development organization and Rockwell's secure development assurance processes

Drive timely and effective resolution of vulnerability reports in support of Rockwell's Product Security Incident Response Team (PSIRT)

Coordinate incident management and other reported security issues

Drive risk reviews and risk analysis to identify systematic issues

Evangelize and mentor secure software development practices within Verve's software product development teams

Provide architecture and best practice guidance related to secure software development to product teams. Assist teams in process evolution required to achieve and maintain IEC 62443 certification

Maintain current knowledge of security threats and vulnerabilities that could impact products

Ensure adherence to security standards and provide guidance and input to standards enhancements

Collaborate throughout the development lifecycle to verify and improve software security

Perform threat modeling, security requirements review, secure code review and vulnerability assessments

Lead and participate in security architecture and design review meetings. Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk

Lead efforts with the development teams to quantify residual product risk and identification of appropriate security controls

Contribute as appropriate to the continued development of the Verve software platform

Qualification

Web application securitySecure coding standardsThreat modelingVulnerability assessmentsTCP/IP networkingLinux/Unix securityApplied cryptographyC#/.NETPythonCI/CD environmentsSecurity assessment toolsObject-oriented designContainerization conceptsCVECPECVSSIndustrial cybersecurity certifications

Required

Bachelors degree

Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening

Preferred

5+ years professional experience, with at least 3 years of experience, ideally involving web applications

A BS in Computer Science or a similar field or equivalent experience

Solid understanding of TCP/IP networking

Strong foundational understanding of web application security, linux/unix system security, network security, applied cryptography, and OS-level hardening, with advanced knowledge in at least a few of these areas

Experience working with development teams to review designs, construct threat models, and develop/maintain secure coding standards

At least a basic understanding of object-oriented design and programming

Familiarity with CVE, CPE, and CVSS

Experience with Python, C#/.NET, and Angular

A familiarity with OT devices and environments

Experience with CI/CD environments

Familiarity with containerization concepts

Experience with various security assessment tools (SCA, SAST, DAST, and vulnerability scanners)

Industrial cybersecurity and/or information technology certifications such as (ISC)2 CISSP, or CSSLP, SANS GICSP