Objective: Work with AutomationDirect’s Cyber Security Manager and internal/external Product Development Teams to support the secure development of industrial automation products through vulnerability analysis, penetration testing, and risk assessments aligned with: ISA/IEC 62443 secure product development lifecycle principles and NIST risk management and control frameworks applicable to embedded and cyber-physical systems. This role is focused on industrial product security testing and secure product development, not enterprise IT infrastructure assessment. The selected candidate will support the identification, validation, documentation, and mitigation of product-level vulnerabilities within PLCs, embedded controllers, communication modules, industrial communication stacks, and associated engineering software. Responsibilities: Perform structured penetration testing and security evaluations of industrial automation products including: PLCs, Embedded controllers, Field communication modules, Engineering/configuration software, and Industrial protocol implementations (e.g., EtherNet/IP, Modbus/TCP, EtherCAT) Conduct vulnerability validation and root-cause analysis for internally discovered or externally disclosed issues in accordance with: ISA/IEC 62443-4-1 secure development practices, NIST SP 800-30 Risk Assessment methodology, and MITRE CWE classification guidance Utilize common industrial cybersecurity testing and evaluation tools, including but not limited to: Network and protocol analysis tools (Wireshark, tcpdump), Network discovery and enumeration tools (Nmap), Application and API testing tools (OWASP ZAP, Burp Suite), Industrial protocol testing frameworks, Fuzzing tools (network and protocol-level), USB and serial traffic analysis tools, and Static and dynamic analysis tools where applicable Evaluate product vulnerabilities for impact to: System Integrity, Resource Availability, Enforcement of Access Control, and Safety-relevant operational behaviors Coordinate with development teams to: Communicate technical risk in an industrial-system context, Support remediation strategy development, and Verify mitigation effectiveness through regression testing Assist in secure design reviews of: Authentication mechanisms, Industrial protocol implementations, Firmware update processes, and Device communications stacks Document findings clearly and thoroughly as part of Secure Development Lifecycle Assurance (SDLA) activities, including: Root cause analysis, Risk classification, Remediation validation evidence, Security test case development, and Traceability to product security requirements Contribute to the development and refinement of internal product-security testing methodologies aligned with: ISA/IEC 62443, NIST Secure Software Development Framework (SSDF), and NIST SP 800-82 (Industrial Control Systems Security)