Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Position Summary:

The Product Security Engineer secures embedded products, firmware, and industrial components across the full product lifecycle. Your role combines firmware security, secure architecture, reverse engineering, and secure development lifecycle practices. You will report to the Product Security Leader/Officer (PSL) and partner with engineering teams through the engineering Vee to mature security controls in high-visibility industrial products used worldwide.

This role is not in IT security, nor Operational Security. You will work with Product Engineering Teams. You will get to see your secured products manufactured then sold and placed into Operational Technology Environments.

You will assess vulnerabilities, analyze SBOM and CVE data, model threats, score risk, and support secure-by-design decisions. You will help create and refine security controls such as secure boot, trusted hardware, cryptographic protections, and secure update mechanisms. You will also assist teams during design reviews, testing, debugging, and remediation activities.

You will evaluate diagnostics, logs, test results, and firmware images to identify weaknesses or anomalies. You will have lifecycle responsibility for threat model components which will be used by Security Champions for Models. The components will use VAST, LINDDUN, IEC 62443, NIST 800-53/800-82, and Common Criteria evaluation techniques. You will lead evaluations of Threat model Dispositions. You will help ensure products meet secure software development framework (SSDF) DevSecOps processes and support operational security requirements for products which are deployed in OT environments.

This is a product security engineering role focused on embedded systems, firmware, industrial protocols, and secure architecture. It is not an IT Security, Network Security, or Operational Security role. The work directly supports downstream SOC, audit, and enterprise cybersecurity teams by ensuring products are secure from the start.

Your Responsibilities:

Embedded & Firmware Security

• Design, review, and improve security controls for firmware, bootloaders, trusted hardware, and cryptographic modules.
• Analyze firmware and binaries using tools such as Ghidra, IDA Pro, Binary Ninja, or similar.
• Support secure coding practices for C/C++ and embedded operating systems.

Security Architecture & Cross-Team Collaboration

• Partner with architects and engineering leads to apply secure design principles.
• Support architecture reviews and technical discussions for products in the entire spectrum of their life cycle from cradle to grave.
• Align engineering teams with secure development frameworks such as SSDF, DSOD, and secure lifecycle processes.
• Provide applicable recommendations and rationale to help resolve security design decisions.

Threat Modeling & Vulnerability Analysis

• You will support threat models components as part of the Secure Development Life Cycle process. Your components will use VAST, LINDDUN, IEC 62443, NIST 800-53/82, CAPEC, Emb3d, ATT&CK, OWASP and Common Criteria frameworks.
• Identify attack surfaces, trust boundaries, misuse cases, and system risks.
• Evaluate SBOM data, CVEs, CWE/CAPEC mappings, and analysis reports.
• Document risk summaries and security requirements that guide engineering.

Offensive Security & Validation

• Reproduce reported vulnerabilities using debugging, tracing, instrumentation, or reverse engineering techniques.
• Build proof-of-concept straw men to validate solutions, estimate severity and support prioritization.
• Partner with firmware and hardware teams to design and verify mitigations.

DevSecOps & Lifecycle Support

• Contribute to secure build processes, CI/CD workflows, and automated testing.
• Support verification and validation of security controls across development, testing, and manufacturing.

ICS/OT Secure Design

• Review ICS/OT interfaces and protocols such as CIP, CAN, SPI, I2C, UART/RS-485, IO-Link, and Modbus.
• Support secure integration for industrial sensing, safety, and communication products.

Leadership & PSL Partnership

• Communicate security risks, mitigations, and recommendations clearly to multiple audiences.
• Participate in secure design reviews, internal audits, and compliance activities.
• You will mentor engineers and help development the cyber competency of the security champions.

The Essentials - You Will Have:

• Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, or a related field.
• Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

The Preferred - You Might Also Have:

• Typically requires 8+ years of experience in embedded systems, firmware development, cybersecurity, or product security.
• Proficiency in C/C++, embedded operating systems, microcontrollers, Linux, Infrastructure as Code and device drivers.
• Your experience with secure boot, TPM, cryptography, and firmware signing will be critical to project success.
• Experience using debugging, tracing, or reverse engineering tools.
• Experience performing vulnerability analysis or threat modeling.
• You will need to explain complex issues to both technical and non-technical audiences.
• You will collaborate across discipline teams. You will help set priorities for project deliverables.
• Experience with industrial or real-time embedded systems.
• Experience with IEC 62443, NIST 800-53, NIST 800-82, or Common Criteria.
• Experience with fuzzing, dynamic testing, exploit analysis, or binary instrumentation.
• Experience with secure build systems, CI/CD pipelines, or DevSecOps tools like Puppet, Ansible, Coverity, Blackduck, Jfrog, Cybeats, and Jenkins.
• Knowledge of ICS protocols such as CIP, CAN, SPI, I2C, UART, Modbus, or IO-Link.
• Security certifications such as CISSP, CSSLP, OSCP, GPEN, GREM, or IEC 62443.
• Experience mentoring engineers or supporting security champions.
• Travel, including internationally, up to 25% of time.

What We Offer:

• Health, Medical, Dental, Vision, Life & Disability Insurance
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• Opportunities to influence secure product architecture and embedded cybersecurity for global OT systems.
• To learn more about our benefits package, please visit at www.raquickfind.com.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

#LI-MG4

#LI-Hybrid

#LifeAtROK

We are an Equal Opportunity Employer including disability and veterans. 

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.