workday
Posted 1 week ago
Third Party Product Security Engineer
Job description
Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us! Job Description Summary: As a Third-Party Product Security Engineer, you will play a critical role in Third party risk & compliance (TPRC) program to strengthen supply chain security, product compliance, and secure qualification of third-party components. You will lead supplier security assessments with closed-loop remediation, support secure product qualification, and drive supplier improvements across the ecosystem. This role requires close collaboration with Business Units, Product Security, and global suppliers to embed secure development practices and operationalize regulatory requirements (e.g ..EU CRA, MR, NIS2), while driving continuous improvement. Strong stakeholder engagement and influencing skills are critical to building partnerships and advancing supply chain security outcomes. Your
Responsibilities
Lead evaluation, risk-based qualification, and onboarding of suppliers and partners, ensuring understanding of TPRC frameworks and product security requirements Conduct supplier security assessments with closed-loop remediation tracking, improving and compliance with Secure Development Lifecycle (SDL) and regulatory requirements (e.g., EU CRA, NIS2) Review supplier design controls and secure software development practices (verification and validation, risk management, configuration management, build/release governance) to ensure understanding of industry and product security standards Partner with Business Units, Product Security, and cross-functional teams. Together, perform Threat Analysis & Risk Assessments (TARA), design-for-security reviews, and secure qualification of third-party software and firmware components. Collaborate with other teams and suppliers to guide enterprise-wide adoption of supply chain security requirements Work with Sourcing and Legal teams to support Quality and Security Agreements, and strengthen supplier governance and purchasing controls Lead investigation of security and quality issues, ensuring root cause analysis (RCA), CAPA execution, risk mitigation, and closure Promote understanding of strategic suppliers on product security standards, processes, and compliance expectations Ensure readiness transition of suppliers from development to production across security, quality, and compliance requirements Support post-market product security activities, including software anomalies, complaint handling, RCFA, and CAPA closure Deliver training, workshops, and enablement sessions to other teams and suppliers to guide adoption of security and compliance practices Maintain accountability for execution, ensuring you manage and resolve risks improving product security. Influence and collaborate across a global, matrixed organisation to lead risk reduction and secure product outcomes Ensure end-to-end understanding across the Secure Development Lifecycle (SDL) and supplier lifecycle Present risk, quality, and compliance insights to leadership, including supplier performance, assessment outcomes, and remediation progress The Essentials – You Will Have: Bachelor's degree in Electrical/Electronics Engineering, Computer Science, or a related field 5+ years of experience in Product Security, Cybersecurity, Software Engineering, Software QA, or Systems Engineering 5+ years of experience conducting supplier security assessments, audits, and SDLC/SDL evaluations Hands-on experience with Secure Development Lifecycle (SDL) and frameworks such as NIST SSDF (800-218), IEC 62443-4-1/4-2, or equivalent
Experience
in risk-based assessments, remediation tracking, and programme governance
Experience
supporting regulatory compliance (e.g., EU CRA, NIS2, ISO 27001)
Experience
influencing and driving outcomes across a global, matrixed environment The Preferred – You Might Also Have: Certification in Lean / Six Sigma (Green Belt / Black Belt)
Experience
with Agile methodologies (Scrum, SAFe, Lean)
Experience
in Third-Party Risk Management (TPRM) and supplier/OEM ecosystems Familiarity with software/firmware product qualification and security/compliance tools (e.g., Jira, OneTrust, GRC platforms) Exposure to regulatory frameworks such as EU CRA, NIS2, or similar global compliance standards
What We Offer
Our benefits package includes … Comprehensive mindfulness programmes with a premium membership to Calm Volunteer Paid Time off available after 6 months of employment for eligible employees Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation. Employee Assistance Program Personalised wellbeing programmes through our OnTrack programme On-demand digital course library for professional development ... and other local benefits! At Rockwell Automation, we are dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles. #LI-Hybrid #LI-SK2 Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office. Rockwell Automation, Inc. (NYSE: ROK), is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more productive and more sustainable. Headquartered in Milwaukee, Wisconsin, Rockwell Automation employs approximately 28,000 problem solvers dedicated to our customers in more than 100 countries. To learn more about how we are bringing the Connected Enterprise to life across industrial enterprises, visit www.rockwellautomation.com. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!
Skills and functions
- Software Engineering