Product Security Test Engineer

Verve Industrial Protection • Fulltime • Madison, WI, USA, United States • 3m ago

Verve, a Rockwell Automation Company, is on a mission to secure the world’s critical infrastructure providers by bringing the tools and techniques of defense-in-depth strategies employed by best-in-breed IT practices to OT (Operational Technology).

We’re a team of software developers, controls engineers, product managers, designers, and security professionals working to build software solutions that keep the bedrock of modern-day life safe: power, oil, gas, water, chemicals, medicine and other industries.

The Security Test Engineer will drive manual and automated security tests of Verve’s software products, and work with the broader development organization to verify and articulate findings.

What You’ll Do

Perform product vulnerability assessments, product security research, penetration tests, and exploratory security testing against Verve’s software products.
Assist with architecture development, design, and implementation of security test automation to support a continuous integration/DevSecOps product development cycle.
Work with development and software QA teams to stay aware of changes being made to the Verve products.
Coordinate with development and security leadership regarding findings, areas of concern, and opportunities for improvement related to product security.
Write detailed bug and vulnerability finding reports.

Requirements

Credible candidates will have:

At least 3 years experience as a pen tester, vulnerability analyst, or similar technical role related to software security.
Understanding of web application security, linux/unix system security, network security, and applied cryptography.
Familiarity with CVE, CPE, and CVSS.
Strong written & verbal communication skills.
Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

Ideal Candidates Will Have

Experience as a software developer or working closely with developers, ideally in a CI/CD environment.
Familiarity with OT devices and environments.
Experience using various security assessment tools (SCA, SAST, DAST, and vulnerability scanners).