Senior Product Security Engineer

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility -our people are energized problem solvers that take pride in how thework we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us!

Job Description

Our technologies are used globally to deliver critical services, such as power, water, and critical manufacturing. As Product Security Engineer reporting to a leader in Digital Trust, you will play an important part in enhancing our security frameworks, policy and standards management. You will provide product security expertise to product development teams throughout all phases of our security development lifecycle, improve adoption of security practices, provide mentoring and guidance on secure design across the portfolio. This ensures our commitment to improve the security posture of our products and solutions. You will collaborate with and support engineering communities working on the latest technologies in software, artificial intelligence, cloud, and embedded systems.

Join us in the Digital Trust organization as an individual contributor as we deliver safe, secure and resilient technologies to protect our global community and the critical services and goods they provide.

• Contribute to the refinement and rollout of security frameworks and policies.
• Participate in organization wide cybersecurity activities, including risk assessments, roadmap development, and stakeholder engagement.
• Partner with technical security thought leaders (e.g., benchmarking, conferences), to evolve the SDL strategy and direction.
• Represent the central security office function with external certifying bodies.
• Participate in security architecture and design review meetings. Review product architectures for security design gaps and vulnerabilities and consult with product teams to mitigate cyber risk.
• Develop and maintain solutions to automate security governance processes and workflows.
• Collaborate with DevSecOps and architecture teams to integrate automation into existing platforms and CI/CD pipelines.
• Maintain knowledge of security threats and vulnerabilities for OT environment.
• Provide product security related mentoring and security expertise.
• Participate in standards and research opportunities outside of RA.
• This job does not have managerial responsibilities.

The Essentials - You Will Have:

• Bachelor's Degree.
• Legal authorization to work in the US or Canada is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

The Preferred - You Might Also Have:

• Typically requires 5+ years of experience in relevant product security areas.
• Degree in Computer Engineering, Computer Science, Electrical Engineering, or similar discipline.
• Experience in Operational Technology cybersecurity
• Experience in one of security domains: Secure SW Engineering, HW Security, Embedded Security, and other related fields.
• Experience developing software, automated tests and tools in high-level languages like Python, with or without AI Augmentation.
• Good understanding in disciplines such as Trusted platform module, Secure Boot, different cryptography technologies, web application security, network security, operating system internals and hardening. You're expected to have advanced knowledge in at least two or three of these areas.
• Experience working with development teams to review design, construct threat models and secure coding practices.
• Understanding of security by design principles and architecture level security concepts
• Experience with CI/CD environments, SAST and DAST tools
• Experience of industrial protocols, especially Common Industrial Protocol (CIP)
• Industrial cybersecurity and/or information technology certifications such as 62443 CyberSecurity specialist, (ISC) CISSP, or SANS GICSP - or you are ready to obtain it shortly.
• Ability to travel, including internationally, up to 20% of time.

What We Offer:

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

#LI-Hybrid

#LifeAtROK

#LI-MG4

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation's hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.