Rockwell Automation is a global technology leader focused on helping the
world's manufacturers be more productive, sustainable, and agile. With more
than 28,000 employees who make the world better every day, we know we have
something special. Behind our customers – amazing companies that help feed the
world, provide life-saving medicine on a global scale, and focus on clean
water and green mobility – our people are energized problem solvers that take
pride in how the work we do changes the world for the better.
We welcome all makers, forward thinkers, and problem solvers who are looking
for a place to do their best work. And if that's you we would love to have you
join us!
Job Description
In this role, you will be an integral part of the IT organization. The ideal
candidate will have a demonstrated understanding of Information Security,
Computer Networking, the Software Development Life Cycle (SDLC) and
extensive experience interacting with customers. Candidate must have Security
Information and Event Management (SIEM) expertise and be willing to train on
the company platform and products.
Primary Responsibilities
This is a technical, hands-on role that will focus on maintaining the SIEM
platform, working alongside team members and stakeholders as well as
training and enabling teams for successful adoption of the SIEM platform
Manage platform, agent, and appadd-on log source integration upgrades
Develop alerts, reports, data models, dashboards, and connectors to
support custom user requirements
Recognize patterns and inconsistencies that could indicate complex cyber-
attacks
Develop SIEM correlation rules to detect new threats beyond current
capabilities
Assist with designing and documenting work processes
Perform log file analysis as needed
Develop recommendations in collaboration with other team members to
maximize Enterprise capabilities in prevention, detection, analysis,
containment, eradication, and recovery from cyber-attacks.
Contribute to CTI (Cyber Threat Intelligence) data gathering, reporting,
and analysis activities
Leverage automation and orchestration solutions to automate repetitive
tasks
Research and explore new avenues to overcome obstacles by utilizing the
latest technologies and cybersecurity standards
Basic Requirements
Bachelor's degree in Cyber Security, Computer Science, Information
Systems, Software Engineering, Computer Engineering or related field, or
equivalent work experience
Preferred Qualifications
Typically requires a minimum of 5 years of experience in the Information
Security field
1+ years of experience with SIEM and UEBA solutions such as Splunk,
LogRhythm, Elastic
Understanding of log collection methodologies and aggregation techniques
such as Syslog, NXlog, Windows Event Forwarding
Working knowledge of cloud platforms such as AWS, Azure and GCP
Strong knowledge of at least one programming or scripting language (ex.
Python, PowerShell, PHP, Perl)
Understanding of security models and frameworks (ex. MITRE ATT&CK, MITRE
D3FEND, Cyber Kill Chain (CKC))
Demonstrated experience providing customer-driven solutions, support, or
service
Ability to communicate effectively with all levels of an organization from
Engineering, Operations to C-level audiences
Security certifications (Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
Sentinel and Datalake Experience
Familiar with Risk Based Alerting (RBA) frameworks and implementation
Experience architecting, planning, deploying, and using SIEM or UEBA
platforms
Experience integrating or using endpoint security and host-based intrusion
detection solutions
Extensive knowledge and understanding of directory services
Demonstrated experience in one of the following fields Cyber Threat
Intelligence, Incident Response, or Computer Forensics
Strongly prefer candidates who have solid knowledge of one or more
programming or scripting language such as Python, PowerShell, PHP, Perl.
