IT Audit, Cybersecurity & Risk Advisory Manager – SOC Focus
Baker Tilly US
CloudCyber Security
Senior Product Security Engineer
Rockwell Automation
full-time
Posted on:
Location Type: Hybrid
Location: Milwaukee • Ohio, Wisconsin • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
AngularCyber SecurityLinux.NETPythonTCP/IPUnix
About the role
- Drive software application security efforts across Verve's product development team.
- Work closely with Verve's senior software engineering leadership.
- Direct interaction with Verve's development teams.
- Serve as the primary interface with the broader security and compliance processes and teams within Verve's parent company, Rockwell Automation.
- Report to the Team Lead, Staff Software Engineer.
- Develop a deep expertise in Rockwell's established secure development processes.
- Be the primary interface between Verve's development organization and Rockwell's secure development assurance processes.
- Drive timely and effective resolution of vulnerability reports in support of Rockwell's Product Security Incident Response Team (PSIRT).
- Coordinate incident management and other reported security issues.
- Drive risk reviews and risk analysis to identify systematic issues.
- Evangelize and mentor secure software development practices within Verve's software product development teams.
- Provide architecture and best practice guidance related to secure software development to product teams.
- Assist teams in process evolution required to achieve and maintain IEC 62443 certification.
- Maintain current knowledge of security threats and vulnerabilities that could impact products.
- Ensure adherence to security standards and provide guidance and input to standards enhancements.
- Collaborate throughout the development lifecycle to verify and improve software security.
- Perform threat modeling, security requirements review, secure code review and vulnerability assessments.
- Lead and participate in security architecture and design review meetings.
- Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
- Lead efforts with the development teams to quantify residual product risk and identification of appropriate security controls.
- Contribute as appropriate to the continued development of the Verve software platform.
Requirements
- Bachelors degree
- Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
- 5+ years professional experience, with at least 3 years of experience, ideally involving web applications.
- A BS in Computer Science or a similar field or equivalent experience.
- Solid understanding of TCP/IP networking.
- Strong foundational understanding of web application security, linux/unix system security, network security, applied cryptography, and OS-level hardening, with advanced knowledge in at least a few of these areas.
- Experience working with development teams to review designs, construct threat models, and develop/maintain secure coding standards.
- At least a basic understanding of object-oriented design and programming.
- Familiarity with CVE, CPE, and CVSS.
- Experience with Python, C#/.NET, and Angular.
- A familiarity with OT devices and environments.
- Experience with CI/CD environments.
- Familiarity with containerization concepts.
- Experience with various security assessment tools (SCA, SAST, DAST, and vulnerability scanners).
- Industrial cybersecurity and/or information technology certifications such as (ISC)2 CISSP, or CSSLP, SANS GICSP.
Benefits
- Health Insurance including Medical, Dental and Vision
- 401k
- Paid Time off
- Parental and Caregiver Leave
- Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
web application securitylinux/unix system securitynetwork securityapplied cryptographyOS-level hardeningthreat modelingsecure coding standardsPythonC#/.NETAngular
Soft skills
mentoringcollaborationcommunicationleadershipproblem-solvingrisk analysisincident managementarchitecture guidanceprocess evolutionevangelizing best practices
Certifications
(ISC)2 CISSPCSSLPSANS GICSP
