Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

As an OT Cybersecurity Data Engineer, you will manage the design, implementation, and testing of our Security Information and Event Management (SIEM) system with a specific focus on integrating and analyzing data from critical OT/ICS environments. You will work with cybersecurity teams to ensure the monitoring, detection, and reporting of security threats within industrial infrastructure. We are looking for an understanding of SIEM and SOAR technologies, OT protocols, and cybersecurity best practices.

Resource experienced in SIEM (Security Info Events Management) engineering to develop and accelerate ingestion of new data sources\logs (for the SMR services), you will expedite the scaling of RA capabilities to provide wider and better OT environment security visibility, i.e., the front-log—new customers who are looking for someone to manage their OT security. Help operate the cyber monitoring offering, such as continuous improvement (for example, reporting) or change management of the SIEM.

Reporting to Global Engineering Manager.

Your Responsibilities:You will design SIEM and SOAR solutions tailored for OT environments, considering the unique challenges and protocols involved.You will integrate multiple OT data sources (e.g., IDS, EDR, control system logs, network traffic from industrial protocols) into the SIEM platform.You will maintain custom parsers, normalizers, and correlation rules to analyze OT-specific logs and events within the SIEM.You will collaborate with OT operations and engineering teams to understand their systems, data sources, and security monitoring requirements.You will configure and increase the SIEM platform for performance, scalability, and stability in an OT context.You will maintain OT-focused dashboards and reports within the SIEM to provide applicable insights into security posture and potential threats.You will tune and improve SIEM rules and alerts to minimize false positives and ensure high-fidelity detection of OT security incidents.You will maintain documentation for the OT SIEM architecture, data sources, rules, and operational procedures.You will collaborate with IT security teams to ensure seamless integration and correlation of security events across both IT and OT environments.You will stay up-to-date on the latest OT cybersecurity threats, vulnerabilities, and SIEM capabilities relevant to industrial control systems.You will recommend new SIEM features, integrations, and related security technologies forenhancing OT security monitoring.You will provide training and support to security analysts and other partners on the use of the OT SIEM.

The Essentials - You Will Have:Bachelor's degree in engineering or any other field with equivalent experience.The Preferred - You Might Also Have:Demonstrated experience working with SIEM platforms (e.g., Sumo Logic, Palo Alto Cortex XSOAR) and a understanding of their architecture, configuration, and rule development.Understanding of OT protocols (e.g., Modbus, DNP3, IEC 61850), industrial control systems (e.g., PLC, SCADA, DCS), and their logging mechanisms.5+ years of experience parsing and normalizing complex log formats, including those specific to OT devices and applications.Specific experience integrating OT data sources with enterprise SIEM platforms.Knowledge of security frameworks and standards relevant to OT (e.g., NIST SP 800-82, IEC 62443).Experience with scripting languages (e.g., Python, PowerShell) for SIEM automation and data manipulation.Relevant certifications such as GICSP, GRID, CISSP, or SIEM-specific certifications.Familiarity with threat intelligence platforms and their integration with SIEM for OT threat detection

What We Offer:

Our benefits package includes …

Comprehensive mindfulness programs with a premium membership to CalmVolunteer Paid Time off available after 6 months of employment for eligible employeesCompany volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.Employee Assistance ProgramPersonalized wellbeing programs through our OnTrack programOn-demand digital course library for professional development... and other local benefits!

#LI-PT2

#LI-remote