AppSec Jobs
← Back to all jobs

Rockwell Automation

Senior Network Security Engineer

Milwaukee, WIWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Rockwell Automation

Rockwell Automation, Inc. is a global leader in industrial automation and digital transformation, based in Milwaukee, Wisconsin. Founded in 1903, the company has evolved significantly, becoming an independent entity focused on automation in the early 2000s. Rockwell Automation is known for its "Connected Enterprise"strategy, which integrates industrial automation solutions with the Industrial Internet of Things (IIoT). The company offers a wide range of integrated solutions, including hardware, software, and services for control systems, data analytics, and connectivity. Key products include Allen-Bradley branded industrial controls, such as programmable logic controllers (PLCs), the Logix control platform, and various safety components. Rockwell Software provides tools for control, simulation, and data access on the plant floor. Their services encompass engineering, system integration, and manufacturing information solutions, supporting industries like automotive, food processing, aerospace, and more. Rockwell Automation continues to lead in innovation, adapting to the evolving needs of the industrial sector.

Industry

machinery

Employees

27,000

6747 engineers

Revenue

$8.3B

Website

Visit →

Security at Rockwell Automation

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Rockwell Automation's Application Security (AppSec) approach is deeply integrated into its product development lifecycle, emphasizing a "security by design"philosophy. The company aligns its cybersecurity program with industry standards like the NIST Cybersecurity Framework and IEC 62443-4-1, focusing on identifying, protecting, detecting, responding to, and recovering from cyber threats across its infrastructure, products, and customer environments. Their stated AppSec mission is a holistic strategy to ensure safety, security, and resilience across infrastructure, products, and customers. They adopt an embedded, enabling approach to security, evidenced by an industry-certified secure software development lifecycle process. Their risk philosophy is based on a risk-based approach aligned with NIST CSF principles (Identify, Protect, Detect, Respond, Recover) and includes risk assessments in new product development. No public information was available regarding specific pain points or goals, and no significant contradictions were found.

Security Team

Rockwell Automation manages cybersecurity risk as part of its overall Enterprise Risk Management program, with strategy executed by security leaders including the CIO, CISO, and Chief Product Security Officer. The Office of Product Safety and Security reports directly to high-level executives. Key public-facing leaders include Stephen Ford (CISO, appointed March 2024) responsible for a holistic cybersecurity strategy, and Tony Baker (VP & Chief Product Security Officer) who leads product safety and security strategy. Specific team size is not publicly available. However, at least 4 relevant AppSec job postings were found as of, indicating a focus on skills like secure SW Engineering, threat modeling, secure coding practices, CI/CD, SAST/DAST tools, Python, DevSecOps tools (Jenkins, GitLab, Docker), Azure cloud, OWASP, NIST, IEC 62443, cryptographic primitives, and Hardware Security Modules (HSMs).

Key Initiatives

  • Rockwell Automation does not publicly provide information on a dedicated Security Champions Program.
  • They practice "Shift Left"by integrating security throughout the Software Development Life Cycle (SDLC), guided by NIST-800-218 SSDF, and emphasize this integration for DevSecOps engineers.
  • Their Vulnerability Management Process involves the Product Security Incident Response Team (PSIRT) for triage, establishing CVSS scores, and driving resolution, as well as gathering information from various sources.
  • They maintain an ISA/IEC 62443-4-1 certified SDLC process, which includes security requirements, secure design, implementation, verification, validation, defect/patch/vulnerability management, and product end-of-life management, alongside threat modeling for high-risk services.
  • A recent initiative (March 2024) was the appointment of Stephen Ford as CISO to develop and execute a holistic cybersecurity strategy.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.