Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

You will work with a high-performing team of like-minded individuals passionate about ensuring that our products are delivered with the highest levels of quality and security. Join our Software Development team to learn how we deliver safe, secure and resilient technologies to protect our global community and the critical services and goods they provide.

Reporting to Engineering Team Lead.

Your Responsibilities:

Software Development work: You'll design, implementation/coding and testing of new security features. You'll coach other members of the development team in understanding and applying Rockwell Automation internal security requirements. Once you gain knowledge, you'll apply security standards by assisting developers in addressing known vulnerabilities. You'll also review product artifacts for security compliance.Monitor Security Vulnerabilities collaborator: You'll collaborate with the Product Security Engineer (PSE) to assess and maintain accuracy of security anomalies through the resolution process.Support to maintain the Design for Security (DfS) Checklist: You'll support to gather compliance evidence. You'll work with Product Security Engineers and Product Security Leader (PSL) on reviews and maintain the security checklist for one or more products per release.Penetration Testing support: You will work alongside Security Engineers to ensure penetration tests are scheduled and coordinated with internal and external reach test teams and evaluate findings.Liaison Responsibilities: You'll guide communication between Software development team and other teams/internal entities on security matters (e.g., Office of Product Safety and Security, Product Security Engineering)Software Bill of Materials (SBOM) support: You'll work alongside Security Engineers to ensure the SBOM is produced and approved for each release. You'll help to create the Software Attribution List as part of the documentation.Threat-Modeling participation: You'll participate in threat modeling activities. You'll help ensure the threat model represents the code or subsystem being modeled, identify threats presented by the model and ensure gaps are addressed per Rockwell Automation's Secure Development Lifecycle. You'll improve the threat-modeling process. You'll coach members of development team on threat-modeling.Compliance Work support: You'll guide additional compliance activities such as CIS Benchmarks, Secure Software Development Framework (SSDF) and Cyber Resilience Act(CRA).

The Essentials - You Will Have:

Bachelor's degree in engineering or Equivalent Years of Relevant Work Experience.5 years' experience in Software Development. If you have additional skills in Software Application Security would be beneficial.Fluent in English to communicate with globally distributed team members and other partners.

It would be great if you have:

2 years of experience in Python, sh, PowerShell, TypeScript, Kotlin, Go, Angular, and node.js2 years of experience working with REST APIs, GitHub Actions and Dagger.io2+ years' experience for the following:Threat Modeling participationExperience understanding security possible effects for one or more products concerning how it is used, its architecture, attack vectors.Demonstrate an understanding of common ICS/OT threatsFollow current events and help apply lessons learned to developments (demonstrating ability to seek)Experience assessing compliance of both technical and process security requirements that need to be metExperience with assessments of newly identified vulnerabilities under the direction of a Product Security Incident Response (PSIRT) teamParticipated in supplier security risk assessments and external security audits.Understanding of DevSecOps, Compliance as Code, cloud platform development and security operations1 year experience using and interpreting results from the followg tools – SonarQube, Black Duck, Cybeats, Aqua, Wiz.io, Stack Hawk or similar tools1 year experience using GitHub actions, dagger.io1 year experience in Ethical hacking – automate security tests into pipeline, make penetration testing more agileCertified Ethical Hacker (CEH) certification or equivalent experience in ethical hacking and penetration testing1 year experience with cybersecurity standards around security development lifecycles such as IEC 62443, NIST SSDF, BSIMM, SOC 2, CRA, NIS2.

What We Offer:

Our benefits package includes …

Comprehensive mindfulness programs with premium membership to Calm.Volunteer Paid Time off available after 6 months of employment for eligible employeesCompany volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.Employee Assistance ProgramPersonalized wellbeing programs through our OnTrack programOn-demand digital course library for professional development... and other local benefits!

#LI-EV1

#LI-remote