Senior Product Security Engineer (PSE)
Description:
Job Description
Verve, a Rockwell Automation Company, is on a mission to secure the world's critical infrastructure providers by bringing the tools and techniques of defense-in-depth strategies employed by best-in-breed IT practices to OT (Operational Technology).
We're a team of software developers, controls engineers, product managers, designers, and security professionals working to build software solutions that keep the bedrock of modern-day life safe: power, oil, gas, water, chemicals, medicine and other industries.
The Senior Product Security Engineer will drive software application security efforts across Verve's product development team. This will involve working closely with Verve's senior software engineering leadership, direct interaction with Verve's development teams, and serving as the primary interface with the broader security and compliance processes and teams within Verve's parent company, Rockwell Automation.What You'll Do
Develop a deep expertise in Rockwell's established secure development processes. This position will be the primary interface between Verve's development organization and Rockwell's secure development assurance processes.
Drive timely and effective resolution of vulnerability reports in support of Rockwell's Product Security Incident Response Team (PSIRT).
Coordinate incident management and other reported security issues.
Drive risk reviews and risk analysis to identify systematic issues.
Evangelize and mentor secure software development practices within Verve's software product development teams.
Provide architecture and best practice guidance related to secure software development to product teams. Assist teams in process evolution required to achieve and maintain IEC 62443 certification.
Maintain current knowledge of security threats and vulnerabilities that could impact products.
Ensure adherence to security standards and provide guidance and input to standards enhancements.
Collaborate throughout the development lifecycle to verify and improve software security.
Perform threat modeling, security requirements review, secure code review and vulnerability assessments.
Lead and participate in security architecture and design review meetings. Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
Lead efforts with the development teams to quantify residual product risk and identification of appropriate security controls.
Contribute as appropriate to the continued development of the Verve software platform.Requirements
Credible candidates will have:
8+ years professional experience, with at least 3-5 years of software development experience, ideally involving web applications.
Solid understanding of TCP/IP networking.
A BS in Computer Science or a similar field or equivalent experience.
Strong foundational understanding of web application security, linux/unix system security, network security, applied cryptography, and OS-level hardening, with advanced knowledge in at least a few of these areas.
Experience working with development teams to review designs, construct threat models, and develop/maintain secure coding standards.
At least a basic understanding of object-oriented design and programming.
Familiarity with CVE, CPE, and CVSS.
An ability to work with minimal supervision on a number of efforts in parallel.
Strong written & verbal communication skills.
Legal authorization to work in the US is required. We will not sponsor individuals for
employment visas, now or in the future, for this job opening.Ideal Candidates Will Have
Experience with Python, C#/.NET, and Angular.
A familiarity with OT devices and environments.
Experience with CI/CD environments.
Familiarity with containerization concepts.
Experience with various security assessment tools (SCA, SAST, DAST, and vulnerability scanners).
Industrial cybersecurity and/or information technology certifications such as (ISC)2 CISSP, or CSSLP, SANS GICSP.