Senior Software Security Engineer

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

You will work with a high-performing team of like-minded individuals passionate about ensuring that our products are delivered with the highest levels of quality and security. Join our Software Development team to learn how we deliver safe, secure and resilient technologies to protect our global community and the critical services and goods they provide.

Reporting to Engineering Team Lead.

Your Responsibilities:

• Software Development work: You'll design, implementation/coding and testing of new security features. You'll coach other members of the development team in understanding and applying Rockwell Automation internal security requirements. Once you gain knowledge, you'll apply security standards by assisting developers in addressing known vulnerabilities. You'll also review product artifacts for security compliance.
• Monitor Security Vulnerabilities collaborator: You'll collaborate with the Product Security Engineer (PSE) to assess and maintain accuracy of security anomalies through the resolution process.
• Support to maintain the Design for Security (DfS) Checklist: You'll support to gather compliance evidence. You'll work with Product Security Engineers and Product Security Leader (PSL) on reviews and maintain the security checklist for one or more products per release.
• Penetration Testing support: You will work alongside Security Engineers to ensure penetration tests are scheduled and coordinated with internal and external reach test teams and evaluate findings.
• Liaison Responsibilities: You'll guide communication between Software development team and other teams/internal entities on security matters (e.g., Office of Product Safety and Security, Product Security Engineering)
• Software Bill of Materials (SBOM) support: You'll work alongside Security Engineers to ensure the SBOM is produced and approved for each release. You'll help to create the Software Attribution List as part of the documentation.
• Threat-Modeling participation: You'll participate in threat modeling activities. You'll help ensure the threat model represents the code or subsystem being modeled, identify threats presented by the model and ensure gaps are addressed per Rockwell Automation's Secure Development Lifecycle. You'll improve the threat-modeling process. You'll coach members of development team on threat-modeling.
• Compliance Work support: You'll guide additional compliance activities such as CIS Benchmarks, Secure Software Development Framework (SSDF) and Cyber Resilience Act(CRA).

The Essentials - You Will Have:

• Bachelor's degree in engineering or Equivalent Years of Relevant Work Experience.
• 5 years' experience in Software Development. If you have additional skills in Software Application Security would be beneficial.
• Fluent in English to communicate with globally distributed team members and other partners.

It would be great if you have:

• 2 years of experience in Python, sh, PowerShell, TypeScript, Kotlin, Go, Angular, and node.js
• 2 years of experience working with REST APIs, GitHub Actions and Dagger.io
• 2+ years' experience for the following:
• Threat Modeling participation
• Experience understanding security possible effects for one or more products concerning how it is used, its architecture, attack vectors.
• Demonstrate an understanding of common ICS/OT threats
• Follow current events and help apply lessons learned to developments (demonstrating ability to seek)
• Experience assessing compliance of both technical and process security requirements that need to be met
• Experience with assessments of newly identified vulnerabilities under the direction of a Product Security Incident Response (PSIRT) team
• Participated in supplier security risk assessments and external security audits.
• Understanding of DevSecOps, Compliance as Code, cloud platform development and security operations
• 1 year experience using and interpreting results from the followg tools – SonarQube, Black Duck, Cybeats, Aqua, Wiz.io, Stack Hawk or similar tools
• 1 year experience using GitHub actions, dagger.io
• 1 year experience in Ethical hacking – automate security tests into pipeline, make penetration testing more agile
• Certified Ethical Hacker (CEH) certification or equivalent experience in ethical hacking and penetration testing
• 1 year experience with cybersecurity standards around security development lifecycles such as IEC 62443, NIST SSDF, BSIMM, SOC 2, CRA, NIS2.

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programs with premium membership to Calm.
• Volunteer Paid Time off available after 6 months of employment for eligible employees
• Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development... and other local benefits!

#LI-EV1

#LI-remote