Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Product Security Engineer

AutomationDirect.com, Inc.

Product Security Engineer
Objective:
Work with AutomationDirect's Cyber Security Manager and internal/external Product Development Teams to support the secure development of industrial automation products through vulnerability analysis, penetration testing, and risk assessments aligned with: ISA/IEC 62443 secure product development lifecycle principles and NIST risk management and control frameworks applicable to embedded and cyber-physical systems.This role is focused on industrial product security testing and secure product development, not enterprise IT infrastructure assessment. The selected candidate will support the identification, validation, documentation, and mitigation of product-level vulnerabilities within PLCs, embedded controllers, communication modules, industrial communication stacks, and associated engineering software.

Responsibilities:
  • Perform structured penetration testing and security evaluations of industrial automation products including: PLCs, Embedded controllers, Field communication modules, Engineering/configuration software, and Industrial protocol implementations (e.g., EtherNet/IP, Modbus/TCP, EtherCAT)
  • Conduct vulnerability validation and root-cause analysis for internally discovered or externally disclosed issues in accordance with: ISA/IEC 62443-4-1 secure development practices, NIST SP 800-30 Risk Assessment methodology, and MITRE CWE classification guidance
  • Utilize common industrial cybersecurity testing and evaluation tools, including but not limited to: Network and protocol analysis tools (Wireshark, tcpdump), Network discovery and enumeration tools (Nmap), Application and API testing tools (OWASP ZAP, Burp Suite), Industrial protocol testing frameworks, Fuzzing tools (network and protocol-level), USB and serial traffic analysis tools, and Static and dynamic analysis tools where applicable
  • Evaluate product vulnerabilities for impact to: System Integrity, Resource Availability, Enforcement of Access Control, and Safety-relevant operational behaviors
  • Coordinate with development teams to: Communicate technical risk in an industrial-system context, Support remediation strategy development, and Verify mitigation effectiveness through regression testing
  • Assist in secure design reviews of: Authentication mechanisms, Industrial protocol implementations, Firmware update processes, and Device communications stacks
  • Document findings clearly and thoroughly as part of Secure Development Lifecycle Assurance (SDLA) activities, including: Root cause analysis, Risk classification, Remediation validation evidence, Security test case development, and Traceability to product security requirements
  • Contribute to the development and refinement of internal product-security testing methodologies aligned with: ISA/IEC 62443, NIST Secure Software Development Framework (SSDF), and NIST SP 800-82 (Industrial Control Systems Security)

Quallifications:
  • Bachelor's Degree in Information Technology, Information/Security Assurance, Computer Science, Engineering or related field of study preferred, or any combination of relevant equivalent experience, education, and training
  • 2 - 4 years experienced required in one or more of the following: Embedded system testing, Product Security testing, Industrial control systems, Network protocol analysis, and Firmware or device communications debugging
  • Fundamental knowledge of networking (TCP/IP, UDP) required
  • Ability to perform vulnerability analysis beyond automated scanning tools required
  • Familiarity with risk-based security evaluation methodologies required. NIST RMA concepts preferred
  • Ability to produce structured technical documentation suitable for audit and compliance review required
  • Willingness to pursue security certifications (such as GSEC, GCIA or similar) required
  • Experience with scripting (Python, JavaScript or other similar) preferred
  • Experience using Wireshark for packet capture and TCP/UDP packet analysis preferred
  • Familiarity of TLS implementations used with MQTTS, STARTTLS and related certificate management (helpful for product enhancement and future development) preferred
  • Experience with security tools (Nmap, ncat, OWASP ZAP, etc...) and protocol fuzzing frameworks preferred
  • Experience with Industrial Communication protocols, USB and serial device communication, Debug interfaces (UART/JTAG), firmware extraction and basic reverse engineering concepts preferred
  • Experience in Operational Technology (OT) or industrial automation environments desired
  • Experience in manufacturing, energy, utilities, or process-control systems desired
  • Familiarity with ISA/IEC 62443 product certification concepts desired
  • Knowledge of NIST SP 800-82 Industrial Control Systems guidance desired
  • Experience applying CVSS scoring within safety-relevant or availability-sensitive environments desired
  • Participation in secure product lifecycle audits or compliance assessments desired
Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Product Security Engineer in Cumming, GA vacancy
  •  ...Job Title : Nuclear Engineer (Naval Reactors Engineer) Category / Component : Officer • Active Overview Design, regulate, and oversee...  ...officer qualification tests for officer programs Eligibility for a security clearance when required for your rating or designator... 
    Suggested
    Apprenticeship
    Work at office

    US Navy

    Cumming, GA
    4 days ago
  • $100k - $150k

     ...their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications. As we continue to grow, we’re looking for a skilled SAP Security & GRC Engineer to join our dynamic team and contribute to our mission of transforming... 
    Suggested
    Full time
    H1b
    Local area
    Immediate start
    Remote work
    Visa sponsorship
    Work visa

    Bright Vision Technologies

    Cumming, GA
    3 days ago
  • $100k - $160k

     ...currently seeking a Senior Microgrid Design Engineer (remote position) to support HESG...  ...Honeywell teams develop and maintain the right product messaging, customer support, and...  ...value propositions aligned with energy security, cost reduction, and ESG objectives.... 
    Suggested
    Contract work
    Temporary work
    Remote work
    Flexible hours
    Shift work

    Honeywell

    Cumming, GA
    1 day ago
  • $100k - $150k

     ...cutting-edge technologies to create scalable, secure, and user-friendly applications. As...  ...’re looking for a skilled QA Automation Engineer to join our dynamic team and contribute...  .... Perform root-cause analysis on production issues to drive lasting quality improvements... 
    Suggested
    Full time
    H1b
    Local area
    Immediate start
    Remote work
    Visa sponsorship
    Work visa
    Early shift

    Bright Vision Technologies

    Cumming, GA
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Product Security Engineer. Be the first to apply!