Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Job Summary:

We are looking for a passionate Product Security Engineer to join Rockwell Automation Asia Pacific Business Center. You will be responsible for providing product security expertise to product development teams throughout all phases of our security development lifecycle. This role will support development teams to drive consistent adoption of security practices, provide guidance on designs, and lead efforts to address security issues across the portfolio to ensure that we are continuously increasing the security posture of our products and solutions. You will report to Engineering Manager, Product Security & Devsecops and will be based in Singapore working in hybrid work schedule.

Your Responsibilities:

• Perform threat modeling, security requirements reviews, secure code reviews, risk assessments, and vulnerability assessments to identify and address potential security risks within products.
• Participate in security functional and design review meetings, evaluate products for security design gaps and vulnerabilities, and consult with product teams to remediate or mitigate cyber risks.
• Lead collaborative efforts with development teams to quantify residual product risk and determine appropriate security controls to effectively manage those risks.
• Drive the timely and effective resolution of vulnerability reports in support of the Product Security Incident Response Team (PSIRT).
• Provide guidance on secure best practices to development teams to ensure products are developed securely, achieving IEC 62443 product-level certifications and compliance with regulatory security requirements.
• Maintain up-to-date knowledge of security threats and vulnerabilities that could impact products, ensuring proactive risk management.
• Offer product security coaching and mentoring to junior engineers to build their expertise and support a strong security culture.
• Ensure adherence to established security standards, providing guidance and input to enhance those standards as needed.
• Participate in standards development and research opportunities outside of Rockwell Automation to contribute to broader industry advancements.

The Essentials - You Will Have:

• Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, or a related discipline.
• At least five years of embedded software or software engineering experience, demonstrating proficiency in software design and implementation and expertise in C and C++.

The Preferred - You Might Also Have:

• Strong knowledge and understanding on security disciplines, such as Trusted Platform Module (TPM), Secure Boot, cryptographic technologies, web application security, network security, operating system internals, and system hardening.
• Experience working collaboratively with development teams to review designs, construct threat models, and promote secure coding practices.
• Familiarity with Continuous Integration/Continuous Deployment (CI/CD) environments, as well as experience using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools, is required.
• Knowledge of industrial protocols, especially the Common Industrial Protocol (CIP), is highly valued for this role.
• Experience working within Agile development settings and utilizing Agile project management tools is beneficial.
• Candidates with industrial cybersecurity or information technology certifications such as (ISC)² CISSP, CSSLP, SANS GICSP, or those prepared to obtain such certifications in the near future, are preferred.

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programs with a premium membership to Calm
• Volunteer Paid Time off available after 6 months of employment for eligible employees.
• Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development

... and other local benefits!

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

#LI-Hybrid

#LI-DB2

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.