Job Description

Rockwell Automation is a global technology leader focused on helping the world\xe2\x80\x99s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that\xe2\x80\x99s you we would love to have you join us! Responsibilities

• Investigate and escalate security events to as necessary.
• Participate in complex investigations at the direction of senior members of the CSIRT
• Help fine-tune SIEM rules by identifying false positive and remove false negatives.
• Assist in collecting threat intelligence based on analysis.
• Proactively research and monitor security information to identify potential threats that may impact the organization.
• Develop and distribute information and alerts on required corrective actions to the organization.
• Learn new attack patterns, actively participate in security forums.
• Work closely with Vulnerability Management and Insider Risk team.
• Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
• Understand the subject of EDR investigations and SIEM logic
• Perform threat intel research.
• Document investigations and participate in documentation maturity exercises.

• 2+ years of demonstrated experience in cybersecurity incident response.
• Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products.
• Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments.
• Experience investigation events in a fast paced, globally distributed team