Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!
Job Description
Summary:
As a Third-Party Product Security Engineer, you will play a critical role in Third party risk & compliance (TPRC) program to strengthen supply chain security, product compliance, and secure qualification of third-party components.
You will lead supplier security assessments with closed-loop remediation, support secure product qualification, and drive supplier improvements across the ecosystem.
This role requires close collaboration with Business Units, Product Security, and global suppliers to embed secure development practices and operationalize regulatory requirements (e.g ..EU CRA, MR, NIS2), while driving continuous improvement.
Strong stakeholder engagement and influencing skills are critical to building partnerships and advancing supply chain security outcomes.
Your Responsibilities:
- Lead evaluation, risk-based qualification, and onboarding of suppliers and partners, ensuring understanding of TPRC frameworks and product security requirements
- Conduct supplier security assessments with closed-loop remediation tracking, improving and compliance with Secure Development Lifecycle (SDL) and regulatory requirements (e.g., EU CRA, NIS2)
- Review supplier design controls and secure software development practices (verification and validation, risk management, configuration management, build/release governance) to ensure understanding of industry and product security standards
- Partner with Business Units, Product Security, and cross-functional teams. Together, perform Threat Analysis & Risk Assessments (TARA), design-for-security reviews, and secure qualification of third-party software and firmware components.
- Collaborate with other teams and suppliers to guide enterprise-wide adoption of supply chain security requirements
- Work with Sourcing and Legal teams to support Quality and Security Agreements, and strengthen supplier governance and purchasing controls
- Lead investigation of security and quality issues, ensuring root cause analysis (RCA), CAPA execution, risk mitigation, and closure
- Promote understanding of strategic suppliers on product security standards, processes, and compliance expectations
- Ensure readiness transition of suppliers from development to production across security, quality, and compliance requirements
- Support post-market product security activities, including software anomalies, complaint handling, RCFA, and CAPA closure
- Deliver training, workshops, and enablement sessions to other teams and suppliers to guide adoption of security and compliance practices
- Maintain accountability for execution, ensuring you manage and resolve risks improving product security.
- Influence and collaborate across a global, matrixed organisation to lead risk reduction and secure product outcomes
- Ensure end-to-end understanding across the Secure Development Lifecycle (SDL) and supplier lifecycle
- Present risk, quality, and compliance insights to leadership, including supplier performance, assessment outcomes, and remediation progress
The Essentials – You Will Have:
- Bachelor's degree in Electrical/Electronics Engineering, Computer Science, or a related field
- 5+ years of experience in Product Security, Cybersecurity, Software Engineering, Software QA, or Systems Engineering
- 5+ years of experience conducting supplier security assessments, audits, and SDLC/SDL evaluations
- Hands-on experience with Secure Development Lifecycle (SDL) and frameworks such as NIST SSDF (800-218), IEC 62443-4-1/4-2, or equivalent
- Experience in risk-based assessments, remediation tracking, and programme governance
- Experience supporting regulatory compliance (e.g., EU CRA, NIS2, ISO 27001)
- Experience influencing and driving outcomes across a global, matrixed environment
The Preferred – You Might Also Have:
- Certification in Lean / Six Sigma (Green Belt / Black Belt)
- Experience with Agile methodologies (Scrum, SAFe, Lean)
- Experience in Third-Party Risk Management (TPRM) and supplier/OEM ecosystems
- Familiarity with software/firmware product qualification and security/compliance tools (e.g., Jira, OneTrust, GRC platforms)
- Exposure to regulatory frameworks such as EU CRA, NIS2, or similar global compliance standards
What We Offer:
Our benefits package includes …
- Comprehensive mindfulness programmes with a premium membership to Calm
- Volunteer Paid Time off available after 6 months of employment for eligible employees
- Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
- Employee Assistance Program
- Personalised wellbeing programmes through our OnTrack programme
- On-demand digital course library for professional development
... and other local benefits!
At Rockwell Automation, we are dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.
#LI-Hybrid
#LI-SK2
Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.
