Senior Product Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Rockwell Automation · 10 hours ago

Senior Product Security Engineer

positionMilwaukee, WI
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
date8+ years exp

Rockwell Automation is a global technology leader focused on enhancing manufacturing productivity and sustainability. The Senior Product Security Engineer is responsible for securing embedded products and firmware throughout their lifecycle, collaborating with engineering teams to implement security controls and assess vulnerabilities.

HardwareIndustrial AutomationSales AutomationSoftware
badNo H1Bnote

Responsibilities

Design, review, and improve security controls for firmware, bootloaders, trusted hardware, and cryptographic modules
Analyze firmware and binaries using tools such as Ghidra, IDA Pro, Binary Ninja, or similar
Support secure coding practices for C/C++ and embedded operating systems
Partner with architects and engineering leads to apply secure design principles
Support architecture reviews and technical discussions for products in the entire spectrum of their life cycle from cradle to grave
Align engineering teams with secure development frameworks such as SSDF, DSOD, and secure lifecycle processes
Provide applicable recommendations and rationale to help resolve security design decisions
Support threat models components as part of the Secure Development Life Cycle process
Identify attack surfaces, trust boundaries, misuse cases, and system risks
Evaluate SBOM data, CVEs, CWE/CAPEC mappings, and analysis reports
Document risk summaries and security requirements that guide engineering
Reproduce reported vulnerabilities using debugging, tracing, instrumentation, or reverse engineering techniques
Build proof-of-concept straw men to validate solutions, estimate severity and support prioritization
Partner with firmware and hardware teams to design and verify mitigations
Contribute to secure build processes, CI/CD workflows, and automated testing
Support verification and validation of security controls across development, testing, and manufacturing
Review ICS/OT interfaces and protocols such as CIP, CAN, SPI, I2C, UART/RS-485, IO-Link, and Modbus
Support secure integration for industrial sensing, safety, and communication products
Communicate security risks, mitigations, and recommendations clearly to multiple audiences
Participate in secure design reviews, internal audits, and compliance activities
Mentor engineers and help develop the cyber competency of the security champions

Qualification

Embedded SystemsFirmware SecurityThreat ModelingVulnerability AnalysisC/C++Secure ArchitectureDevSecOpsIndustrial ProtocolsTechnical DiscussionsCommunication SkillsMentoringCollaborationProblem Solving

Required

Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, or a related field
Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening

Preferred

Typically requires 8+ years of experience in embedded systems, firmware development, cybersecurity, or product security
Proficiency in C/C++, embedded operating systems, microcontrollers, Linux, Infrastructure as Code and device drivers
Your experience with secure boot, TPM, cryptography, and firmware signing will be critical to project success
Experience using debugging, tracing, or reverse engineering tools
Experience performing vulnerability analysis or threat modeling
You will need to explain complex issues to both technical and non-technical audiences
You will collaborate across discipline teams. You will help set priorities for project deliverables
Experience with industrial or real-time embedded systems
Experience with IEC 62443, NIST 800-53, NIST 800-82, or Common Criteria
Experience with fuzzing, dynamic testing, exploit analysis, or binary instrumentation
Experience with secure build systems, CI/CD pipelines, or DevSecOps tools like Puppet, Ansible, Coverity, Blackduck, Jfrog, Cybeats, and Jenkins
Knowledge of ICS protocols such as CIP, CAN, SPI, I2C, UART, Modbus, or IO-Link
Security certifications such as CISSP, CSSLP, OSCP, GPEN, GREM, or IEC 62443
Experience mentoring engineers or supporting security champions
Travel, including internationally, up to 25% of time

Benefits

Health, Medical, Dental, Vision, Life & Disability Insurance
401k
Paid Time off
Parental and Caregiver Leave
Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.

Company

Rockwell Automation

twittertwittertwitter
Glassdoor4.0
company-logo
Rockwell Automation specializes in industrial automation and information, makes its customers more productive.
dateFounded in 1903
location
Milwaukee, Wisconsin, USA
people-size10001+ employees
web-link
http://www.rockwellautomation.com

Funding

Current Stage
Public Company
Total Funding
$500M
Key Investors
Public Service Commission of Wisconsin
2025-05-16Post Ipo Debt· $500M
2023-07-12Grant
1978-01-13IPO

Leadership Team

leader-logo
Blake Moret
Chairman and Chief Executive Officer
linkedin
leader-logo
Christian Rothe
Senior Vice President & Chief Financial Officer
linkedin

Recent News

The Motley Fool
Is Lucid Group Stock a Buy Now -- or an Easy "No" for 2026?​
2026-01-25
Techcircle
DSCI and Rockwell Automation launch OT cybersecurity lab
2026-01-23
The Motley Fool
Why Did Lucid Stock Soar This Week?
2026-01-23
Company data provided by crunchbase