Software Supply Chain Security Engineer

About the position

If you are a professional in Software Security or Cyber Security looking for an opportunity to grow, Emerson has an opportunity for you! In either our Shakopee MN or Boulder, CO office, we are hiring for the role of Software Supply Chain Security Engineer. You will play a pivotal role in ensuring the security and integrity of the software supply chain across the organization. This position will focus on Software Bill of Materials (SBOM) management, secure software supply chain practices, and multi-functional collaboration to strengthen cybersecurity across all Emerson software products. While this role is deeply integrated with SDLC processes, it does not directly manage them but works closely with development, security, and operations teams to drive adoption of standard processes in secure software supply chain management.

Responsibilities

• Lead SBOM Management Across the Organization: Develop and implement SBOM policies and governance to improve software supply chain transparency. Support product teams in crafting, maintaining, and analyzing SBOMs, ensuring compliance with security and regulatory requirements. Provide insights on vulnerabilities, licensing risks, and component dependencies across product portfolios.
• Enhance Secure Software Supply Chain Practices: Establish and promote standard processes for securing third-party and open-source software components across Emerson's software ecosystem. Ensure alignment with emerging industry regulations, executive orders, and security frameworks (NIST SSDF, ISO 27001, IEC 62443, etc.). Work closely with product security teams to identify gaps in software supply chain security and provide recommendations for improvement.
• Collaborate with Development and Security Teams: Partner with engineering, DevOps, and security teams to integrate secure software supply chain practices without redefining workflows. Act as a trusted advisor on software supply chain risks, ensuring secure development and deployment practices.
• Drive Compliance and Governance Efforts: Align Emerson's software security policies with SBOM-related regulatory requirements (e.g., U.S. Executive Order 14028, NIST guidance, and emerging global regulations). Conduct security assessments to evaluate supply chain risks and help teams implement mitigation strategies. Support audit readiness by providing accurate SBOM documentation and vulnerability management reports.
• Foster a Culture of Secure Software Development: Develop and deliver training programs and best practice guides on software supply chain security. Stay ahead of emerging threats, attack vectors, and industry trends to continuously improve security strategies.

Requirements

• Bachelor's degree in Engineering, Computer Science, Software Engineering, Cybersecurity, or related field.
• Minimum of four (4) years of experience in an engineering field.
• Minimum of two (2) years of experience in software security, software supply chain security, or related fields.
• Ability to travel up to 20%.
• Legal authorization to work in the United States without sponsorship now or in the future.

Nice-to-haves

• Six (6) or more years of industry experience in software security or cybersecurity governance.
• Certifications such as CISSP, CSSLP, CISM, or relevant software security credentials.
• Experience with automated SBOM generation tools (e.g., CycloneDX, SPDX, Dependency-Track, or OWASP Dependency-Check).
• Familiarity with CI/CD security tools and practices (e.g., GitHub Actions, GitLab CI/CD, Jenkins, Azure DevOps, SAST, DAST, container security).
• Knowledge of container security, software signing, and secure software distribution methods.
• Experience in vendor risk management and third-party software assessments.

Benefits

• Competitive base salary within the local market.
• Annual merit review process for performance rewards.
• Flexible, competitive benefits plans including medical insurance, dental and vision coverage.
• Employee Assistance Program.
• 401(k) plan.
• Tuition reimbursement.
• Employee resource groups and recognition programs.
• Flexible time off plans including paid parental leave, vacation, and holiday leave.