Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

You will work with a high-performing team of like-minded individuals passionate about ensuring that our products are delivered with the highest levels of security. Join our Software Development team as we deliver safe, secure and resilient technologies to protect our global community and the critical services and goods they provide.

This is a hybrid role, and you'll work from one of our offices listed in the job posting

Reporting to Engineering Team Lead

Your Responsibilities:Software Security Development work: You'll Design, implementation/coding and testing of new security features. You'll coach other members of development team in understanding and applying Rockwell Automation internal security requirements. You'll apply security expertise by assisting developers in addressing known vulnerabilities. You'll review product artifacts for security compliance.Monitor Security Vulnerabilities: You'll collaborate with the Product Security Engineer (PSE) to assess and maintain accuracy of security anomalies through the resolution processMaintain the Design for Security (DfS) Checklist: You'll gather compliance evidence. You'll work with Product Security Engineers and Product Security Leader (PSL) on reviews and maintain the security checklist for one or more products per release.Penetration Testing: You will ensure penetration tests are scheduled and coordinated with internal and external reach test teams and evaluate findingsLiaison Responsibilities: You'll guide communication between Software development team and other teams/internal entities on security matters (e.g., Office of Product Safety and Security, Product Security Engineering)Software Bill of Materials (SBOM): You'll ensure the SBOM is produced and approved for each release. You'll create the Software Attribution List as part of the documentation.Threat-Modeling: You'll participate in threat modeling activities. You'll help ensure the threat model represents the code or subsystem being modeled, identify threats presented by the model and ensure gaps are addressed per Rockwell Automation's Secure Development Lifecycle. You'll improve the threat-modeling process. You'll coach members of development team on threat-modelingCompliance Work: You'll guide additional compliance activities such as CIS Benchmarks, Secure Software Development Framework (SSDF) and Cyber Resilience Act(CRA).

The Essentials - You Will Have:Bachelor's Degree in Engineering or Equivalent Years of Relevant Work ExperienceLegal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening5 years' experience in Software Application Security & Software DevelopmentFluent in English to communicate with globally distributed team members and other partnersThe Preferred - You Might Also Have:2 years of experience in Python, sh, PowerShell, TypeScript, Kotlin, Go, Angular, and node.js2 years of experience working with REST APIs, GitHub Actions and Dagger.io2+ years' experience for the following:Threat Modeling participationExperience understanding security possible effects for one or more products concerning how it is used, its architecture, attack vectors.Demonstrate an understanding of common ICS/OT threatsFollow current events and help apply lessons learned to developments (demonstrating ability to seek)Experience assessing compliance of both technical and process security requirements that need to be metExperience with assessments of newly identified vulnerabilities under the direction of a Product Security Incident Response (PSIRT) teamParticipated in supplier security risk assessments and external security audits.Understanding of DevSecOps, Compliance as Code, cloud platform development and security operations1 year experience using and interpreting results from the followg tools – SonarQube, Black Duck, Cybeats, Aqua, Wiz.io, Stack Hawk or similar tools1 year experience using GitHub actions, dagger.io1 year experience in Ethical hacking – automate security tests into pipeline, make penetration testing more agileCertified Ethical Hacker (CEH) certification or equivalent experience in ethical hacking and penetration testing1 year experience with cybersecurity standards around security development lifecycles such as IEC 62443, NIST SSDF, BSIMM, SOC 2, CRA, NIS2.What We Offer:

Our benefits package includes …

Comprehensive mindfulness programs with a premium membership to CalmVolunteer Paid Time off available after 6 months of employment for eligible employeesCompany volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.Employee Assistance ProgramPersonalized wellbeing programs through our OnTrack programOn-demand digital course library for professional development... and other local benefits!

We believe that employee diversity is an important element of our common future. We provide opportunities for talent growth with the entire organization. We support equality by celebrating the individuality of every person, regardless of their origin and identity. We appreciate the unique cultural pattern and variety of experiences in each of us. We invite all who want to join and change the world of our organization.

#LI-PT2

#LI-hybrid