Rockwell Automation is a global technology leader focused on helping the
world's manufacturers be more productive, sustainable, and agile. With more
than 28,000 employees who make the world better every day, we know we have
something special. Behind our customers – amazing companies that help feed the
world, provide life-saving medicine on a global scale, and focus on clean
water and green mobility – our people are energized problem solvers that take
pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking
for a place to do their best work. And if that's you we would love to have you
join us!
Job Description
Prevent, detect, triage, respond, and recover from cybersecurity incidents
across the organization.
Perform root cause analysis (RCA) and incident after-action reviews
(AAR)
Implement and monitor security measures for the protection of corporate
and production infrastructure.
Utilize multiple data sources for identification of tactics, techniques,
and patterns of attack.
Contribute to planning, design, implementation, and updating or tuning of
use cases in SIEM (Splunk)
Maintain and employ an understanding of advanced threats, response, and
mitigation strategies.
Contribute to creation and maintenance of incident response playbooks.
Collaborate across teams to build and maintain creative solutions to
security problems.
Effectively work on multiple objectives simultaneously
Actively pursue personal continuous learning, development of skills and
knowledge in job-related technical and professional areas
Participate in global Computer Security Incident Response Team (CSIRT)
24/7 On-Call rotation.
Technical Qualifications:
4+ years of demonstrated experience in cybersecurity incident response.
Knowledge of features, tools, and processes used for maintaining a secure
environment:
Networking and Networking security architecture concepts
TCP/IP communications & knowledge of how common protocols and applications
work at the network level, including DNS, HTTP, and SMB
Knowledge of Firewalls, Proxy/Content Filtering, Windows, Linux, SIEM,
EDR, AV, NetFlow, O365, Authentication technologies, SIEM (Splunk)
Firsthand incident response experience with major cloud providers (AWS,
Azure, Google Cloud)
Experience with one or more scripting languages (PowerShell, Python,
Bash, etc.)
Experience with git-based code repositories
Knowledge of computer forensics, security vulnerabilities and attacker
tools, techniques, and procedures (TTPs).
Familiar with Cyber Kill Chain and MITRE ATT&CK frameworks and
implementation.