Product Security Test Engineer

Mayfield Heights, Ohio, United States

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility -our people are energized problem solvers that take pride in how thework we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us.

Job Description

As a Product Security Test Engineer, you will conduct penetration testing and evaluate security risks on products including software and embedded technologies. You will be a member of a medium-sized global multi-location group responsible for providing security test support for the products within the Software and Control organization in Rockwell Automation. You will need the use of Commercially-of-the-Shelf (COTS) tooling and a comfortable working knowledge of adapting tooling to proprietary products. You will be based in Mayfield Heights, OH with flexible work environment option available.

When you join our product security test group, you become part of a team that believes in knowledge sharing and collaboration and that is committed to using reliable and well-thought-out engineering practices and technology to overcome any challenges. You will also seek knowledge of new cybersecurity developments related to Industrial Control Systems. You will report to the Engineering Manager, Product Security Architecture.

Your Responsibilities:

• Improve the proper application of security principles, techniques, and tools with product teams within the Software and Control organization in Rockwell Automation.
• Research current security trends in Industrial Control Systems and collaborate with security experts to ensure security requirements are put in place.
• Perform penetration testing, report the findings, and hold debriefings to communicate the results.
• Develop and implement solutions to many difficult problems.
• Participate in product design and implementation reviews as they relate to security.
• Contribute to the design and implementation of product and system test set-ups as related to security.
• Stay on top of the "vulnerability landscape" and up to date on current/potential attacks. Where applicable, evaluate the potential impact of publicly identified attacks on our product portfolio.
• Evaluate security risks on multiple products and provide guidance to product teams on risks and mitigations.
• Think outside the box and be willing to research and explore new avenues to by using the latest technologies and standards.
• Demonstrated knowledge in the application of security principles, theories, concepts, and techniques.
• Demonstrated knowledge in penetration testing, exploit development, vulnerability scanning, and fuzzing framework.
• Demonstrated knowledge of product security test techniques.
• Demonstrated analytical, collaborative, problem solving, skills.
• Understand Control system concepts.
• Work within a global remote team environment.
• Working knowledge of languages like Python, C/C , .NET, and JavaScript.
• Proficient in Windows and Linux operating systems.

The Essentials - You Will Have:

• Bachelor's Degree or equivalent years of relevant work experience.
• Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

The Preferred - You Might Also Have:

• Bachelor's degree in Cyber Security, Computer Science, Computer Engineering, or equivalent.
• 2+ years of development experience in a professional setting.
• 2+ years of experience in demonstrating Security Development Lifecycle concepts (i.e., secure coding principles and practices, reviews, threat modeling, security testing).
• Demonstrated knowledge of common security vulnerabilities in Industrial Control Systems.
• Demonstrated knowledge of communication protocols Ethernet and Common Industrial Protocol (CIP).
• Experience with binary analysis and reverse engineering techniques with tools such as Ghidra and IDA Pro.
• Experience with cloud platforms such as AWS and Azure, including implementing security best practices.
• Experience with firmware reverse engineering and hardware hacking.
• Demonstrated knowledge of security standards such as the NIST Cybersecurity Framework and IEC 62443.
• Security certification(s) such as OSCP, CEH, CySec Specialist (TUV Rheinland), or equivalent.
• Participation in CTFs and contribution to open-source projects.

What We Offer:

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at .

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

You will be part of a job family. Experience will be the determining factor for position level and compensation.

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 .

Rockwell Automation's hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.