Job Description

Rockwell Automation is a global technology leader focused on helping the world\xe2\x80\x99s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that\xe2\x80\x99s you we would love to have you join us!



Reporting to the Manager, IT Security, in this role you will:

• Prevent, detect, triage, respond, and recover from cybersecurity incidents across the organization
• Perform root cause analysis (RCA) and incident after-action reviews (AAR)
• Implement and monitor security measures for the protection of corporate and production infrastructure
• Utilize multiple data sources for identification of tactics, techniques, and patterns of attack
• Contribute to planning, design, implementation, and updating or tuning of use cases in SIEM (Splunk)
• Maintain and employ an understanding of advanced threats, response, and mitigation strategies
• Contribute to creation and maintenance of incident response playbooks
• Collaborate across teams to build and maintain creative solutions to security problems
• Effectively work on multiple objectives simultaneously
• Actively pursue personal continuous learning, development of skills and knowledge in job-related technical and professional areas
• Participate in global Computer Security Incident Response Team (CSIRT) 24/7 On-Call rotation

• 4+ years of demonstrated experience in cybersecurity incident response.
• Knowledge of features, tools, and processes used for maintaining a secure environment:

• Networking and Networking security architecture concepts
• TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
• Knowledge of Firewalls, Proxy/Content Filtering, Windows, Linux, SIEM, EDR, AV, NetFlow, O365, Authentication technologies, SIEM (Splunk)
• Firsthand incident response experience with major cloud providers (AWS, Azure, Google Cloud)
• Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
• Experience with git-based code repositories
• Knowledge of computer forensics, security vulnerabilities and attacker tools, techniques, and procedures (TTPs).
• Familiar with Cyber Kill Chain and MITRE ATT&CK frameworks and implementation.

• Maintain a sense of urgency in driving assignments to completion
• Maintain a presence of calm during uncertainty, conflict, and stress
• Collaborate across teams gaining the cooperation of others to complete goals
• Demonstrate problem-solving skills to collect data, establish facts, and draw conclusions
• Maintain confidentiality of information and compartmented team activities
• Explain technical concepts to non-technical people

• Strong customer interaction skills, written and verbal communication
• Ability to work with global team members in a collaborative and respectful manner

• Bachelors or equivalent experience; preferred Bachelor\xe2\x80\x99s degree in Computer Science, Management Information Systems, Engineering, Mathematics or other related field.
• One or more of the following certification designations is a plus:

• Certified Information Systems Security Professional \xe2\x80\x93 CISSP
• Security+, GCIA, GCIH
• Other Technical Certifications considered

Rockwell Automation