We are seeking an experienced Senior Software Architect with a strong technical security background that can be applied to the development of cloud and industrial IoT applications. This candidate would be part of a cross-organization architecture team responsible for driving the software architectural vision and strategy for the company. The security software architect will provide architectural guidance and enablement across Rockwell Automation's software product and platform portfolio.
The ideal candidate is a highly organized results driven team player with excellent communication skills. We are looking for proven track record in designing, configuring and implementing secure enterprise and industrial software solutions and security processes that span the design, operate and maintain phases of industrial automation.
The candidate will be expected to acquire or possess a deep technical understanding of the relevant products, technology stacks and challenges that especially bridge IT and OT networks. The candidate will need to collaborate and communicate effectively with other professionals, strategic partners and with customers in a thought-leading capacity. The individual should possess the business acumen to outline and communicate practical long- and near-term security strategies.
Serve as the cross-product architect for the software & cloud security domain in areas such as SDLC, Risk Modeling, Cloud Security architectures, Pen Testing, SOAR (Security Orchestration, Automation and Response)
Develop and lead a cross-product Security Architecture working group.
Serve as a key security-centric technical advocate and advisor on relevant M&A activities (including technical evaluations) and partner engagements
Provide technical leadership and collaborate on key architectural decisions and design considerations with regards to secure software development and secure architectural/solution designs
Participate in application and cloud/edge infrastructure projects to provide security -planning guidance and governance
Coordinate with DevOps teams to advocate secure coding practices
Work with relevant product managers, product architects, and business managers to champion and help deliver and assess security-related initiatives
Serve as security liaison with corporate security IT teams
Maintain deep knowledge of security threats and vulnerabilities across product portfolio and helps drive remediation and resolution of potential high profile/critical security vulnerabilities
Mentor development teams globally (i.e. demonstrate good and secure coding practices and helping them architect code)
Contribute to and promote good software engineering practices across the team.
Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening
4+ years' experience in secure product/project engineering
3+ years of a hands-on Solution Architect/Software Architect/Technical Lead role
Understanding of software security architecture and design, SDLC and best practices in application security
Experience with security compliance process implementation and/or governance (e.g. SOC 2, ISO 27001)
Experienced with Application Security Testing Tools and Techniques such as Vulnerability Databases (NVD, CVE CWE), Software Composition Analysis (SCA), Software Bill of Materials (SBOM), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Integration of Security tools in CI/CD environments, Application Threat Modelling
Experienced with Web Single Sign-on (SSO), specifically on Authentication Protocols, Authentication (authn) Methods, Federation Protocols, SSO Solutions (KeyCloak, PingFederate, Okta, ADFS) and Authorization (authz) Methods, Policy Management (OPA)
Experienced with Cryptographic Algorithms and Methods
Experienced with Identity Management (IdM) such as Active Directory, ADFS, Kerberos, LDAP
Experience with Microsoft Azure and related analytics and infrastructure services
Experience with industrial automation/OT communications protocols such as CIP and OPC-UA and their security implications.
Deep understanding of Internet Protocols and Security Implications
Familiarity with Cloud Infrastructure and Security Implications for Virtual Machines, Serverless Designs, Container technology (Docker/Kubernetes), Orchestration, Software Defined Networks
Familiarity with cyber security practices like Red Team/ Blue team and related Incident Management
Familiarity with Internet of Things Edge Hardware platforms, especially design for cloud connectivity
Familiarity with methods for securely storing secrets such as Credential vaults, Database encryption and Keystores
Excellent problem-solving skills and ability to break down complexity.
Ability to see multiple solutions to problems and choose the most appropriate one for the situation
Excellent written and oral communication skills with the ability and patience to explain complex security concepts to non-technical audiences
Excellent team player
We are an Equal Opportunity Employer including disability and veterans.
If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7427.
Rockwell Automation is the largest company in the world dedicated to industrial automation and information. Here, we connect the imaginations of people with the potential of technology to make the world more intelligent, more connected and more productive.
From improving the production of medicines that boost human health to reducing waste in an oil and gas plant, the work we do changes how we live. We truly believe we are doing things never before possible. And we need the brightest minds to help make that happen – the makers, the forward thinkers, the problem solvers.
Join a team of more than 23,000 global employees in 100+ countries as we work together to expand human possibility.