Work In Tech

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

As a Product Security Test Engineer with Rockwell Automation, you will improve the proper application of security principles, techniques, and tools with product teams within the Software and Control organization. Research current security trends in Industrial Control Systems, hardware, embedded systems, and interfaces to higher-level products and collaborate with security experts to ensure security requirements are put in place. As part of the Software and Control division, you will report to the Engineering Manager, Product Security Architecture.

Your Responsibilities:

• Bachelor's degree in Cyber Security, Electrical Engineering, Computer Engineering, or equivalent.
• 4+ years of hardware/embedded software development experience in a professional setting.
• 4+ years of experience demonstrating Security Development Lifecycle concepts (i.e., secure coding principles and practices, reviews, threat modeling, security testing).
• Demonstrated knowledge in the application of embedded software/hardware engineering and security principles, theories, concepts, and techniques related to Industrial Control Systems.
• Demonstrated knowledge of communication buses and interfaces, such as SPI, I2C, JTAG, and UART.
• Demonstrated proficiency using tools such as meters, scopes, logic and protocol analyzers, JTAGulator, Bus Pirate.
• Demonstrated skills with firmware binary analysis and reverse engineering techniques with tools such as Ghidra and IDA Pro.
• Demonstrated knowledge of product security test techniques.
• Demonstrated knowledge in penetration testing, exploit development, vulnerability scanning, and fuzzing framework.
• Understand control system concepts and work in ambiguous situations.
• Work within a global remote team environment.
• Excellent interpersonal, written, and verbal communications skills in English.
• Strong working knowledge of languages such as Python, C, C++, and Assembly.
• Proficient in Windows and Linux operating systems.
• Perform SMT soldering and knowledge of accessing PCB traces.
• Develop and program on single board computers like Arduino or Raspberry Pi.
• Read board schematics and document findings to hardware product teams.
• Understanding of industrial protocols like Modbus and Common Industrial Protocol (CIP).
• Previous experience working with ICS/SCADA equipment.

The Essentials - You Will Have:

• Bachelor's Degree or equivalent years of relevant work experience.
• Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

The Preferred - You Might Also Have:

• In-depth knowledge of common security vulnerabilities in Industrial Control Systems.
• In-depth knowledge of communication protocols, preferably Ethernet and/or CIP.
• In-depth knowledge of ARM architectures and related ASIC security features.
• In-depth knowledge of secure boot, key storage, and firmware encryption.
• In-depth knowledge of cryptographic algorithms such as RSA and AES.
• Demonstrated knowledge of differential power analysis, fault injection, and other related side channel attack techniques using tools such as Chip Whisperer (Husky Plus).
• Demonstrated knowledge of working with hardware roots-of-trust and secure booting mechanisms.
• Understanding and proven experience with regard to implementing security standards such as the NIST Cybersecurity Framework and/or IEC 62443.
• Security certification(s) such as CISSP, CEH, Applicable GIAC Certifications, OSCP, CySec Specialist (TÜV Rheinland), or an advanced degree in cybersecurity.
• Advanced coursework and/or training related to hardware hacking, embedded systems, and/or securing operating systems.

What We Offer:

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

#LI-LifeatRok

#LI-Hybrid

#LI-AO1

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.