Senior Embedded Product Security Engineer

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Position Summary:

As an Embedded SW/HW Product Security Engineer, you will conduct hardware-level penetration testing and evaluate security risks on multiple products including embedded device boards and working with embedded systems. You will be a member of a medium-sized global multi-location group responsible for providing security test support for the products within the Software and Control organization in Rockwell Automation. You will use Commercially-of-the-Shelf (COTS) tooling and have a comfortable working knowledge of adapting tooling to proprietary products.

You will report to the Engineering Manager, Product Security Architecture.

Essential Functions:

• Guide the proper application of security principles, techniques, and tools with product teams within the Software and Control organization in Rockwell Automation.
• Research current security trends in Industrial Control Systems, hardware, embedded systems, and interfaces to higher-level products and collaborate with security experts to ensure security requirements are put in place.
• Perform penetration testing, report the findings, and hold debriefings to communicate the results.
• Develop and implement solutions to a wide range of difficult problems.
• Provide diverse thought and promote an inclusive environment.
• Participate in product design and implementation reviews as they relate to security.
• Provide input into the design and implementation of product and system test set-ups as related to security.
• Stay on top of the "vulnerability landscape" and up to date on current/potential attacks. Where applicable, evaluate the potential impact of publicly identified attacks on our product portfolio.
• Evaluate security risks on different products and provide guidance to product teams on risks and mitigations.
• Be willing to research and explore new avenues by using the latest technologies and standards.
• Work within a global remote team environment.
• Perform SMT soldering and knowledge of accessing PCB traces.
• Develop and program on single board computers like Arduino or Raspberry Pi.
• Read board schematics and document findings to hardware product teams.

The Essentials - You Will Have:

• Bachelor's degree, or equivalent years of relevant work experience

The Preferred - You Might Also Have:

• Typically requires 5+ years of experience in relevant areas such as hardware/embedded software development, demonstrating Security Development Lifecycle concepts (i.e., secure coding principles and practices, reviews, threat modeling, security testing).
• Degree in Cyber Security, Electrical Engineering, Computer Engineering, or equivalent.
• Demonstrated knowledge in the application of embedded software/hardware engineering and security principles, theories, concepts, and techniques related to Industrial Control Systems.
• Demonstrated knowledge of communication buses and interfaces, such as SPI, I2C, JTAG, and UART.
• Demonstrated proficiency using tools such as meters, scopes, logic and protocol analyzers, JTAGulator, Bus Pirate.
• Demonstrated skills with firmware binary analysis and reverse engineering techniques with tools such as Ghidra and IDA Pro.
• Demonstrated knowledge of product security test techniques.
• Demonstrated knowledge in penetration testing, exploit development, vulnerability scanning, and fuzzing framework.
• Working knowledge of languages such as Python, C, C++, and Assembly.
• Proficient in Windows and Linux operating systems.
• Understanding of industrial protocols like Modbus and Common Industrial Protocol (CIP).
• Previous experience working with ICS/SCADA equipment.
• In-depth knowledge of common security vulnerabilities in Industrial Control Systems.
• In-depth knowledge of communication protocols like Ethernet and/or CIP.
• In-depth knowledge of ARM architectures and related ASIC security features.
• In-depth knowledge of secure boot, key storage, and firmware encryption.
• In-depth knowledge of cryptographic algorithms such as RSA and AES.
• Demonstrated knowledge of differential power analysis, fault injection, and other related side channel attack techniques using tools such as Chip Whisperer (Husky Plus).
• Demonstrated knowledge of working with hardware roots-of-trust and secure booting mechanisms.
• Experience with regard to implementing security standards such as the NIST Cybersecurity Framework and/or IEC 62443.
• Security certification(s) such as CISSP, CEH, Applicable GIAC Certifications, OSCP, CySec Specialist (TÜV Rheinland), or an advanced degree in cybersecurity.
• Advanced coursework and/or training related to hardware hacking, embedded systems, and/or securing operating systems.

What We Offer:

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

#LifeAtROK

#LI-MG4

#LI-Hybrid

We are an Equal Opportunity Employer including disability and veterans. 

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.