Cyber Security Data Engineer, Contract Capabilities

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

As an OT Cybersecurity Data Engineer, you will manage the design, implementation, and testing of our Security Information and Event Management (SIEM) system with a specific focus on integrating and analyzing data from critical OT/ICS environments. You will work with cybersecurity teams to ensure the monitoring, detection, and reporting of security threats within industrial infrastructure. We are looking for an understanding of SIEM and SOAR technologies, OT protocols, and cybersecurity best practices.

Resource experienced in SIEM (Security Info Events Management) engineering to develop and accelerate ingestion of new data sources\logs (for the SMR services), you will expedite the scaling of RA capabilities to provide wider and better OT environment security visibility, i.e., the front-log—new customers who are looking for someone to manage their OT security. Help operate the cyber monitoring offering, such as continuous improvement (for example, reporting) or change management of the SIEM.

Reporting to Global Engineering Manager.

• You will design SIEM and SOAR solutions tailored for OT environments, considering the unique challenges and protocols involved.
• You will integrate multiple OT data sources (e.g., IDS, EDR, control system logs, network traffic from industrial protocols) into the SIEM platform.
• You will maintain custom parsers, normalizers, and correlation rules to analyze OT-specific logs and events within the SIEM.
• You will collaborate with OT operations and engineering teams to understand their systems, data sources, and security monitoring requirements.
• You will configure and increase the SIEM platform for performance, scalability, and stability in an OT context.
• You will maintain OT-focused dashboards and reports within the SIEM to provide applicable insights into security posture and potential threats.
• You will tune and improve SIEM rules and alerts to minimize false positives and ensure high-fidelity detection of OT security incidents.
• You will maintain documentation for the OT SIEM architecture, data sources, rules, and operational procedures.
• You will collaborate with IT security teams to ensure seamless integration and correlation of security events across both IT and OT environments.
• You will stay up-to-date on the latest OT cybersecurity threats, vulnerabilities, and SIEM capabilities relevant to industrial control systems.
• You will recommend new SIEM features, integrations, and related security technologies forenhancing OT security monitoring.
• You will provide training and support to security analysts and other partners on the use of the OT SIEM.

• Bachelor's degree in engineering or any other field with equivalent experience.

• Demonstrated experience working with SIEM platforms (e.g., Sumo Logic, Palo Alto Cortex XSOAR) and a understanding of their architecture, configuration, and rule development.
• Understanding of OT protocols (e.g., Modbus, DNP3, IEC 61850), industrial control systems (e.g., PLC, SCADA, DCS), and their logging mechanisms.
• 5+ years of experience parsing and normalizing complex log formats, including those specific to OT devices and applications.
• Specific experience integrating OT data sources with enterprise SIEM platforms.
• Knowledge of security frameworks and standards relevant to OT (e.g., NIST SP 800-82, IEC 62443).
• Experience with scripting languages (e.g., Python, PowerShell) for SIEM automation and data manipulation.
• Relevant certifications such as GICSP, GRID, CISSP, or SIEM-specific certifications.
• Familiarity with threat intelligence platforms and their integration with SIEM for OT threat detection

• Comprehensive mindfulness programs with a premium membership to Calm
• Volunteer Paid Time off available after 6 months of employment for eligible employees
• Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development... and other local benefits!

#LI-PT2

#LI-remote

At Rockwell Automation, we connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more intelligent, more connected, and more productive.

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report . NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.