11 mar
Rockwell Automation
Medellín
Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers
- amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility
- our people are energized problem solvers that take pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us! Job Description
You will work with a high-performing team of like-minded individuals passionate about ensuring that our products are delivered with the highest levels of security. Join our Software Development team as we deliver safe, secure and resilient technologies to protect our global community and the critical services and goods they provide. This is a hybrid role, and you'll work from one of our offices listed in the job posting.
Reporting to: Engineering Team Lead Your Responsibilities:
- Software Security Development work: You'll design, implement/coding and test new security features.
You'll coach other members of the development team in understanding and applying Rockwell Automation internal security requirements. You'll apply security expertise by assisting developers in addressing known vulnerabilities. You'll review product artifacts for security compliance.
- Monitor Security Vulnerabilities: You'll collaborate with the Product Security Engineer (PSE) to assess and maintain accuracy of security anomalies through the resolution process.
- Maintain the Design for Security (DfS) Checklist:
You'll gather compliance evidence.
You'll work with Product Security Engineers and Product Security Leader (PSL) on reviews and maintain the security checklist for one or more products per release.
- Penetration Testing: You'll ensure penetration tests are scheduled and coordinated with internal and external reach test teams and evaluate findings.
- Liaison Responsibilities: You'll guide communication between the Software development team and other teams/internal entities on security matters (e.g., Office of Product Safety and Security, Product Security Engineering).
- Software Bill of Materials (SBOM): You'll ensure the SBOM is produced and approved for each release.
You'll create the Software Attribution List as part of the documentation.
- Threat-Modeling: You'll participate in threat modeling activities.
You'll help ensure the threat model represents the code or subsystem being modeled, identify threats presented by the model and ensure gaps are addressed per Rockwell Automation's Secure Development Lifecycle. You'll improve the threat-modeling process. You'll coach members of the development team on threat-modeling.
- Compliance
Work: You'll guide additional compliance activities such as CIS Benchmarks, Secure Software Development Framework (SSDF) and Cyber Resilience Act (CRA). The Essentials
- You
Will Have:
- Bachelor's Degree in Engineering or Equivalent Years of Relevant
Work Experience.
- Legal authorization to work in the US is required.
We will not sponsor individuals for employment visas, now or in the future, for this job opening.
- 5 years' experience in Software Application Security & Software Development.
- Fluent in English to communicate with globally distributed team members and other partners.
The Preferred
- You
Might Also Have:
- 2 years of experience in Python, sh, PowerShell, TypeScript, Kotlin, Go, Angular, and node.js.
- 2 years of experience working with REST APIs, GitHub Actions and Dagger.io.
- 2+ years' experience in the following:
- Threat Modeling participation.
- Experience understanding security possible effects for one or more products concerning how it is used, its architecture, attack vectors.
- Demonstrate an understanding of common ICS/OT threats.
- Follow current events and help apply lessons learned to developments (demonstrating ability to seek).
- Experience assessing compliance of both technical and process security requirements that need to be met.
- Experience with assessments of newly identified vulnerabilities under the direction of a Product Security Incident Response (PSIRT) team.
- Participated in supplier security risk assessments and external security audits.
- Understanding of DevSecOps, Compliance as Code, cloud platform development and security operations.
- 1 year experience using and interpreting results from the following tools – SonarQube, Black Duck, Cybeats, Aqua, Wiz.io, Stack Hawk or similar tools.
- 1 year experience using GitHub actions, dagger.io.
- 1 year experience in Ethical hacking – automate security tests into the pipeline, make penetration testing more agile.
- Certified Ethical Hacker (CEH) certification or equivalent experience in ethical hacking and penetration testing.
- 1 year experience with cybersecurity standards around security development lifecycles such as IEC 62443, NIST SSDF, BSIMM, SOC 2, CRA, NIS2.
What We Offer: Our benefits package includes:
- Comprehensive mindfulness programs with a premium membership to Calm.
- Volunteer Paid Time off available after 6 months of employment for eligible employees.
- Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
- Employee Assistance Program.
- Personalized wellbeing programs through our OnTrack program.
- On-demand digital course library for professional development... and other local benefits!
We believe that employee diversity is an important element of our common future. We provide opportunities for talent growth with the entire organization. We support equality by celebrating the individuality of every person,
regardless of their origin and identity. We appreciate the unique cultural pattern and variety of experiences in each of us. We invite all who want to join and change the world of our organization. #LI-PT2 #LI-hybrid #J-18808-Ljbffr
IT
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.