Senior Product Security Engineer

Senior Product Security Engineer – Rockwell Automation

The Senior Product Security Engineer will drive software application security efforts across Verve's product development team. You will work closely with senior software engineering leadership, interact directly with development teams, and serve as the primary interface with Rockwell Automation’s broader security and compliance processes. Reports will be made to the Team Lead, Staff Software Engineer. This is a remote position open to candidates located anywhere in the United States.

• Develop deep expertise in Rockwell’s secure development processes and act as the primary liaison between Verve’s development organization and Rockwell’s secure development assurance processes.
  • Drive timely and effective resolution of vulnerability reports in support of Rockwell’s Product Security Incident Response Team (PSIRT).
  • Coordinate incident management and other reported security issues.
  • Lead risk reviews and risk analysis to identify systematic security issues.
• Evangelize and mentor secure software development practices within Verve’s product teams.
  • Provide architecture and best‑practice guidance related to secure software development; assist teams in evolving processes required to maintain IEC 62443 certification.
  • Maintain current knowledge of security threats and vulnerabilities that could impact products.
  • Ensure adherence to security standards and contribute to standards enhancements.
• Collaborate throughout the development life‑cycle to verify and improve software security.
  • Perform threat modeling, security‑requirements review, secure code review, and vulnerability assessments.
  • Lead and participate in security architecture and design‑review meetings; identify security gaps and advise remediation or mitigation efforts.
  • Quantify residual product risk with development teams and define appropriate security controls.
• Contribute as appropriate to the continued development of the Verve software platform.

• Bachelor’s degree.
• Legal authorization to work in the U.S. (no visa sponsorship).

• 5+ years of professional experience, including at least 3 years in web‑application security.
• A BS in Computer Science or a related field (or equivalent experience).
• Solid understanding of TCP/IP networking.
• Strong foundational knowledge of web‑application security, Linux/Unix system security, network security, applied cryptography, and OS‑level hardening, with advanced knowledge in at least a few areas.
• Experience working with development teams to review designs, construct threat models, and maintain secure coding standards.
• Basic understanding of object‑oriented design and programming.
• Familiarity with CVE, CPE, and CVSS.
• Proficiency with Python, C#/.NET, and Angular.
• Experience with OT devices and environments.
• Experience with CI/CD environments and containerization concepts.
• Proficiency with security assessment tools (SCA, SAST, DAST, vulnerability scanners).
• Relevant certifications such as CISSP, CSSLP, or SANS GICSP.

• Health insurance (medical, dental, vision)
• 401(k) plan
• Paid time off
• Parental and caregiver leave
• Flexible work schedule
• Access to Rockwell’s benefits portal for additional details.

Base salary ranges from $ to $ USD annually, with a target bonus of 5% of base salary.

We are an Equal Opportunity Employer, including individuals with disabilities and veterans. If you need reasonable accommodations during the application process, please contact our services team at .

• Mid‑Senior level

• Full‑time

• Information Technology
• Automation, Machinery, Manufacturing

Remote – U.S. based.