Rockwell Automation is a global technology leader focused on helping the
world's manufacturers be more productive, sustainable, and agile. With more
than 28,000 employees who make the world better every day, we know we have
something special. Behind our customers – amazing companies that help feed the
world, provide life-saving medicine on a global scale, and focus on clean
water and green mobility – our people are energized problem solvers that take
pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking
for a place to do their best work. And if that's you we would love to have you
join us!
Job Description
Responsibilities
Investigate and escalate security events to as necessary.
Participate in complex investigations at the direction of senior members
of the CSIRT
Help fine-tune SIEM rules by identifying false positive and remove false
negatives.
Assist in collecting threat intelligence based on analysis.
Proactively research and monitor security information to identify
potential threats that may impact the organization.
Develop and distribute information and alerts on required corrective
actions to the organization.
Learn new attack patterns, actively participate in security forums.
Work closely with Vulnerability Management and Insider Risk team.
Understand the structure and the meaning of logs from different log
sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware
software, email security etc.
Understand the subject of EDR investigations and SIEM logic
Perform threat intel research.
Document investigations and participate in documentation maturity
exercises.
Essential Skills
2+ years of demonstrated experience in cybersecurity incident response.
Knowledge and hands-on experience of implementation and management of
IDS/IPS, Firewall, VPN, and other security products.
Experience with Security Information Event Management (SIEM) tools,
creating advanced co-relation rules, administration of SIEM, system
hardening, and Vulnerability Assessments.
Experience investigation events in a fast paced, globally distributed team
