Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!
Job Description
We are looking for a Product Security Engineer to join Rockwell Automation Power Control Business. You will be responsible for providing product security expertise to product development teams throughout all phases of our security development lifecycle. You will lead development teams to improve adoption of security practices, provide mentoring and guidance on secure design, and lead efforts to address security issues across the portfolio . This ensures our commitment to continuously improve the security posture of our products and solutions.
You will report to the Sr. Engineering Manager Product Security, and work from Cambridge, ON.
Your Responsibilities:
- Perform threat modelling, security requirements review, secure code review and conduct vulnerability assessments.
- Lead security architecture and design review meetings. Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
- Ensure adherence to security standards and provide guidance and input to standards enhancements.
- Lead efforts with the development teams to quantify residual product risk and identification of security controls.
- Set the direction for security, both vulnerability remediation and features across the assigned portfolio.
- Provide architecture and best practices guidance in building secure products.
- Guide an effective resolution of vulnerability reports to support PSIRT
- Provide secure best practices to development teams to achieve IEC 62443-4-2 product level certifications.
- Maintain knowledge of security threats and vulnerabilities for OT environment.
- Provide product security related mentoring and security expertise.
- Participate in standards and research opportunities outside of RA.
- This job does not have managerial responsibilities.
The Essentials - You Will Have:
- Bachelor's Degree in relevant field.
- Legal authorization to work in the Canada is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
The Preferred - You Might Also Have:
- Bachelors Degree in Computer Engineering, Computer Science, Electrical Engineering, or similar discipline.
- Typically requires 8 years of experience.
- Experience in one of security domains: Secure SW Engineering, HW Security, Embedded Security, Wireless/Mobile Security, and other related fields.
- Experience developing embedded software/ software, automated tests and tools in object-oriented languages such as C++ or Python
- Embedded software/ software engineering experience with demonstrated professional development in software design and implementation
- Good understanding in disciplines such as Trusted platform module, Secure Boot, various cryptography technologies, web application security, network security, operating system internals and hardening. You're expected to have advanced knowledge in at least two or three of these areas.
- Experience working with development teams to review design, construct threat models and secure coding practices.
- Understanding of security by design principles and architecture level security concepts
- Understand and apply knowledge of object-oriented analysis, design, and programming techniques
- Experience with CI/CD environments, SAST and DAST tools
- Experience working in an Agile development setting and Agile project tools
- Experience of industrial protocols, especially Common Industrial Protocol (CIP)
- Industrial cybersecurity and/or information technology certifications such as 62443 CyberSecurity specialist, (ISC)² CISSP, or SANS GICSP - or you are ready to obtain it in the near future.
What We Offer:
- Health Insurance including Medical and Dental
- Health Care Spending Account (HCSA – dependent on the plan chosen)
- Employee Assistance Program (EAP)
- Retirement plans
- Paid Time off
- Volunteering Time off
- Employer Savings Plan Matching (includes RRSP, TFSA, and EPSP)
- Employer Paid DC Pension
- Maternity and Parental Leave Top-Up
- Fitness Reimbursement Program
- Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
#LI-Hybrid
#LI-PD1
We are an Equal Opportunity Employer including disability and veterans.
If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (519) 618-4899.
Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.