Rockwell Automation, the world's largest company dedicated to industrial automation, makes its customers more productive and the world more sustainable. Throughout the world, our flagship Allen-Bradley(r) and Rockwell Software(r) product brands are recognized for innovation and excellence.
When you choose Rockwell Automation, you join countless talented employees who have helped us establish our leadership position in the automation industry over the past century.
You join a diverse, inclusive, and global community with a passion for innovation. A place where you can partner with great minds and inspiring people. And a corporation backed by the financial strength that drives growth - and career opportunities.
As much as we focus on our customers, we know our employees are key to our success and future. Helping you develop a rewarding career is a top priority. Because when you succeed, we succeed.
Are you interested in shaping a highly effective agile organization? Are you excited about the opportunity to influence and lead other skilled technical contributors? Are you passionate about fostering vital connections and developing a team who will help to make our company, partners, and customers more productive and profitable? If your answer is yes to any of these questions, this is your opportunity to join an innovative and dynamic team. As a member of the Rockwell Automation IT organization, you will join our transformation journey as we seek to improve and push boundaries.
Rockwell Automation's Cyber Defense team is seeking an experienced Senior Incident Response Engineer to join our team.
Reporting to the Manager, IT Security, in this role you will:
Prevent, detect, triage, respond, and recover from cybersecurity incidents across the organization
Perform root cause analysis (RCA) and incident after-action reviews (AAR)
Implement and monitor security measures for the protection of corporate and production infrastructure
Utilize multiple data sources for identification of tactics, techniques, and patterns of attack
Contribute to planning, design, implementation, and updating or tuning of use cases in SIEM (Splunk)
Maintain and employ an understanding of advanced threats, response, and mitigation strategies
Lead response and investigation efforts into advanced/targeted attacks
Contribute to creation and maintenance of incident response playbooks
Collaborate across teams to build and maintain creative solutions to security problems
Effectively work on multiple objectives simultaneously
Actively pursue personal continuous learning, development of skills and knowledge in job-related technical and professional areas
Participate in global Computer Security Incident Response Team (CSIRT) 24/7 On-Call rotation
5+ years of demonstrated experience in cybersecurity incident response.
Knowledge of features, tools, and processes used for maintaining a secure environment:
Networking and Networking security architecture concepts
TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
Firsthand incident response experience with major cloud providers (AWS, Azure, Google Cloud)
Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
Experience with git-based code repositories
Knowledge of computer forensics, security vulnerabilities and attacker tools, techniques, and procedures (TTPs)
Familiar with Cyber Kill Chain and MITRE ATT&CK frameworks and implementation
Act as a mentor to other members of the Computer Security Incident Response Team (CSIRT) and provide feedback to advance their skills
Maintain a sense of urgency in driving assignments to completion
Maintain a presence of calm during uncertainty, conflict, and stress
Collaborate across teams gaining the cooperation of others to complete goals
Demonstrate complex problem-solving skills with the keen ability to rapidly define problems, collect data, establish facts, and draw conclusions
Maintain confidentiality of information and compartmented team activities
Explain technical concepts to non-technical people
Strong customer interaction skills, written and verbal communication
Ability to work with global team members in a collaborative and respectful manner
Bachelors or equivalent experience; preferred Bachelor's degree in Computer Science, Management Information Systems, Engineering, Mathematics or other related field.
One or more of the following certification designations is a plus:
Certified Information Systems Security Professional - CISSP
Security+, GCIA, GCIH
Other Technical Certifications considered
Would consider Europe full-time remote for the right candidate.
Internal Number: R21-9200
About Rockwell Automation
Rockwell Automation is the largest company in the world dedicated to industrial automation and information. Here, we connect the imaginations of people with the potential of technology to make the world more intelligent, more connected and more productive.
From improving the production of medicines that boost human health to reducing waste in an oil and gas plant, the work we do changes how we live. We truly believe we are doing things never before possible. And we need the brightest minds to help make that happen – the makers, the forward thinkers, the problem solvers.
Join a team of more than 23,000 global employees in 100+ countries as we work together to expand human possibility.