Product Owner, Senior Project Product Security Test

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Rockwell Automation is looking for a creative engineer to join our global Software and Control organization in Katowice as a Product Owner of Product Security Test. You will be part of a product security team, with a focus on performing security assessments of company products.

In this role it is expected that the person will use their understanding of new product development and sustaining products plus their detailed understanding of security standards and testing to define process solutions that balance quality with time to market.

You will report to the Manager located in Poland and have a hybrid work model - 3 days of work from the Katowice office.

Your Responsibilities:

• Perform security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities based on potential impact and likelihood.
• Establish a clear security testing roadmap that aligns with team goals.
• Work with team members to lead multiple security testing plans across the organization.
• Maintain and refine a backlog of security testing tasks, ensuring high-risk areas are addressed first.
• Provide security testing input to the Program Increment (PI) planning context, PI objective definition, and story acceptance criteria.
• Build a standardized set of security product requirements and produce metrics to report performance against those requirements.
• Embed security testing within the software development lifecycle to ensure security validation.
• Review and define security diagnostics and tools to help analyze security events.
• Oversee the implementation of penetration testing, vulnerability assessments, and automated security scans.
• Accept work as done by verifying acceptance criteria are met, and that the work fulfills the team's Definition of Done.
• Detect and mitigate security risks, respond to product security incidents, and work with customers regarding product security related issues.
• Participate in security architecture and design review meetings
• Communicate with and provide information to partners regarding work sequence, risks and mitigation options, and effect of scope changes.
• Collaborate with security teams, developers, and business leaders to ensure security goals are met and security vulnerabilities and incidents are addressed
• Help the security test team identify critical work to prioritize, and less-critical work which can be deferred.
• Ensure adherence to industry security standards (e.g. IEC62443), regulations, and best practices.
• Adapt to new threats and evolving security testing methodologies

The Essentials - You Will Have:

• Bachelor's degree in computer science, cybersecurity, information technology, or a related field.
• Minimum of 12 years of experience in product management, cybersecurity, or software development.
• Hands-on experience with security testing methodologies, including penetration testing, vulnerability assessments, and threat modeling.
• Familiarity with Agile frameworks and Scrum methodologies to manage security testing processes.
• Experience with cybersecurity principles, secure software development and compliance frameworks (ISO 27001, IEC62443, NIST, GDPR), and secure coding practices.
• Manage security testing within Agile development cycles.
• Assess security risks and prioritize testing efforts accordingly.
• Familiarity with security tools and automated security testing frameworks.

The Preferred - You Might Also Have:

• Additional coursework in risk management, compliance, and secure software development is beneficial.
• Experience with automation frameworks and tools development
• Experience in requirements decomposition and test traceability
• Experience using open-source tools like Git and Jenkins
• Experience with continuous integration environments, automated test, and acceptance testing
• Experience working in an Agile development setting and Agile project tools (e.g., Atlassian suite)
• Experience working with industrial protocols, especially Common Industrial Protocol (CIP)
• Experience developing software and testing safety and security standards such as IEC 61508 or IEC 62443
• Advanced courses or degree in engineering, computer science, or controls
• Certified Scrum Product Owner (CSPO), Professional Scrum Product Owner (PSPO), Agile Certified Product Manager and Product Owner (ACPMPO) or SAFe Product Owner/Product Manager (POPM) Certification.

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programs with a premium membership to Calm
• Volunteer Paid Time off available after 6 months of employment for eligible employees
• Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development

... and other local benefits!

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

#LI-AW2

#LI-Hybrid

This is a hybrid remote/in-office role.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.