Product Security Engineer

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Summary:

We are looking for a experienced Product Security Software Engineer to lead and strengthen our software security practices across the development lifecycle. You will design security measures to protect our software systems from threats. You will collaborate with software engineers, product teams, and security experts to embed security into the development process and ensure that our applications meet the highest standards of safety and compliance.

Your Responsibilities:

• Lead the design of security features and tools that protect our software products from security vulnerabilities and cyber threats.
• Develop proof-of-concept, conduct threat modelling, security design and code reviews, and vulnerability assessments to find and address potential risks to meet the security requirements of the product.
• Monitor and resolve security anomalies.
• Mentor team members on security requirements and address vulnerabilities.
• Review and enhance security processes and standards. Coordinate penetration tests and evaluate findings.
• Be a liaison on security matters. Participate in threat modeling and ensure security gaps are addressed.
• Guide compliance activities like CIS Benchmarks and Cyber Resilience Act, Secure Software Development Framework
• You will report to Sr. Manager Software Engineering

The Essentials - You Will Have:

• Bachelor's degree in Computer Science or Computer Engineering or Cyber Security, or equivalent experience.
• Minimum 7 years' experience in Software Application Security & Development.
• Experience with TypeScript, Golang, NodeJS, Python, Angular, PowerShell, Kotlin

The Preferred - You Might Also Have:

• Experience with REST APIs, GitHub Actions, and Dagger.io.
• Knowledge of threat modeling and possible security mitigations.
• Understanding of ICS/OT threats and current events.
• Assess compliance with security requirements.
• Experience with vulnerability assessments and security audits.
• Understanding of DevSecOps, cloud platform development, and security operations.
• Experience with tools like SonarQube, Black Duck, Cybeats, Aqua, Wiz.io, Stack Hawk.
• Certified Ethical Hacker (CEH) or equivalent experience.
• Knowledge of cybersecurity standards like IEC 62443, NIST SSDF, BSIMM, SOC 2, CRA, NIS2.
• Knowledge of micro-services architecture and container technologies

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programs with a premium membership to Calm
• Volunteer Paid Time off available after 6 months of employment for eligible employees.
• Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development

... and other local benefits!

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

#LI-Hybrid #LI-DB2

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.