Incident Response Engineer

Rockwell Automation
November 27, 2023
Offerd Salary:Negotiation
Working address:N/A
Contract Type:Other
Working Time:Negotigation
Working type:N/A
Ref info:N/A

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers – amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility – our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us!

Job Description

  • Prevent, detect, triage, respond, and recover from cybersecurity incidents across the organization.
  • Perform root cause analysis (RCA) and incident after-action reviews (AAR)
  • Implement and monitor security measures for the protection of corporate and production infrastructure.
  • Utilize multiple data sources for identification of tactics, techniques, and patterns of attack.
  • Contribute to planning, design, implementation, and updating or tuning of use cases in SIEM (Splunk)
  • Maintain and employ an understanding of advanced threats, response, and mitigation strategies.
  • Contribute to creation and maintenance of incident response playbooks.
  • Collaborate across teams to build and maintain creative solutions to security problems.
  • Effectively work on multiple objectives simultaneously
  • Actively pursue personal continuous learning, development of skills and knowledge in job-related technical and professional areas
  • Participate in global Computer Security Incident Response Team (CSIRT) 24/7 On-Call rotation.
  • Technical Qualifications:

  • 4+ years of demonstrated experience in cybersecurity incident response.
  • Knowledge of features, tools, and processes used for maintaining a secure environment:

  • Networking and Networking security architecture concepts

  • TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
  • Knowledge of Firewalls, Proxy/Content Filtering, Windows, Linux, SIEM, EDR, AV, NetFlow, O365, Authentication technologies, SIEM (Splunk)
  • Firsthand incident response experience with major cloud providers (AWS, Azure, Google Cloud)
  • Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
  • Experience with git-based code repositories
  • Knowledge of computer forensics, security vulnerabilities and attacker tools, techniques, and procedures (TTPs).
  • Familiar with Cyber Kill Chain and MITRE ATT&CK frameworks and implementation.
  • From this employer

    Recent blogs

    Recent news