Senior Product Security Engineer
Rockwell Automation
full-time
Posted on:
Location Type: Remote
Location: Remote • Ohio, Wisconsin • 🇺🇸 United States
Visit company websiteSalary
💰 $135,920 - $203,880 per year
Job Level
Senior
Tech Stack
AngularCyber SecurityLinux.NETPythonTCP/IPUnix
About the role
- Drive software application security efforts across Verve's product development team
- Work closely with Verve's senior software engineering leadership and development teams
- Serve as the primary interface with security and compliance processes within Rockwell Automation
- Develop expertise in Rockwell's secure development processes
- Drive resolution of vulnerability reports for Rockwell's Product Security Incident Response Team (PSIRT)
- Coordinate incident management and security issues
- Drive risk reviews and risk analysis
- Mentor secure software development practices within teams
- Provide architecture and best practice guidance related to secure software development
- Maintain current knowledge of security threats and vulnerabilities
- Ensure adherence to security standards and provide guidance for enhancements
- Collaborate throughout the development lifecycle to improve software security
- Perform threat modeling, security requirements review, secure code review, and vulnerability assessments
- Lead security architecture and design review meetings
- Review product architectures for security gaps and consult with teams to remediate risks
- Quantify product risk and identify appropriate security controls
- Contribute to the continued development of the Verve software platform.
Requirements
- Bachelors degree
- Legal authorization to work in the U.S. (no sponsorship available)
- 5+ years professional experience, with at least 3 years of experience involving web applications
- BS in Computer Science or a similar field or equivalent experience
- Solid understanding of TCP/IP networking
- Strong foundational understanding of web application security, Linux/Unix system security, network security, applied cryptography, and OS-level hardening, with advanced knowledge in at least a few of these areas
- Experience working with development teams to review designs, construct threat models, and develop/maintain secure coding standards
- At least a basic understanding of object-oriented design and programming
- Familiarity with CVE, CPE, and CVSS
- Experience with Python, C#/.NET, and Angular
- Familiarity with OT devices and environments
- Experience with CI/CD environments
- Familiarity with containerization concepts
- Experience with various security assessment tools (SCA, SAST, DAST, and vulnerability scanners)
- Industrial cybersecurity and/or information technology certifications such as (ISC)2 CISSP, or CSSLP, SANS GICSP.
Benefits
- Health Insurance including Medical, Dental and Vision
- 401k
- Paid Time off
- Parental and Caregiver Leave
- Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
web application securityLinux/Unix system securitynetwork securityapplied cryptographyOS-level hardeningthreat modelingsecure coding standardsPythonC#/.NETAngular
Soft skills
mentoringcollaborationcommunicationleadershipproblem-solvingrisk analysisincident managementguidancearchitecture reviewconsultation
Certifications
(ISC)2 CISSPCSSLPSANS GICSP