Incident Response Engineer

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

At Rockwell Automation, we bring together the imaginations of people with the potential of technology to expand what is humanly possible, making the world more intelligent, more connected and more productive. Our mission is to improve the quality of life by making the world more productive and sustainable.

Our technologies are used globally to deliver important services, such as power and water, and to enable critical manufacturing. Reporting to the Global Incident Management Leader, you will work with a high-performing team of like-minded individuals passionate about ensuring that our products are delivered with the highest levels of security and safety. You will work with an array of technologies in software, IoT, cloud, and embedded systems. Join us in the Enterprise Cybersecurity Team as we deliver safe, and secure technologies to protect our global community and the important services and goods they provide.

Job Responsibilities Include:

• Monitor dashboards and intrusion detection and prevention systems (IDS/IPS)
• Perform initial analysis and investigation into alerts as they are seen (to include anti-virus and phishing alerts
• Perform initial malware analysis utilizing automated means
• Support cyber defense functions to protect our clients from cyber security incidents that have potential to cause negative impact
• Incident intake, ticket updates and reporting of cyber events
• Use SOC monitoring devices (SIEM, IDS, DLP) to review pre-defined events indicative of incidents
• Understand, identify and research IOCs
• Upload packets and evaluate source/destination activity and payloads
• Assist in recommendations for content to detect incidents, including IOCs for blocking and detection
• Participate in security incident response exercises and drills to ensure preparedness for real-world incidents.
• Stay informed about the latest cybersecurity threats, vulnerabilities, and trends.
• Collaborate with teams to enhance our overall security posture.
• Provide communication to team members regarding security incidents and remediation efforts.
• You will be asked to work a shift schedule and support coverage efforts on a 24x7x365 basis which includes work on holidays, nights, & weekends.

Basic Qualifications:

• Bachelor's Degree OR equivalent experience
• Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

Preferred Qualifications:

• Typically requires a minimum of 2 years in incident response
• Security+ Certification and 6+ months of Cyber or Help Desk IT Work Experience in a professional environment
• Experience monitoring Antivirus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools and other security tools found in large enterprise network environments
• Experience working with Security Information and Event Management (SIEM) solutions
• Familiarity with multiple network and host based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages. Host based forensics and malware analysis experience.
• Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC).
• Microsoft Sentinel
• SourceFire/FirePower/Snort
• Crowdstrike Falcon

What We Offer:

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

This position is part of a job family. Experience will be the determining factor. 

#LI-MG1

#LI-REMOTE

We are an Equal Opportunity Employer including disability and veterans. 

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.