Senior SIEM Engineer

Milwaukee, Wisconsin, United States
Ohio, United States
Houston, Texas, United States

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility -our people are energized problem solvers that take pride in how thework we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us!

Job Description

You will be an important contributor to the IT organization. You will have a demonstrated understanding of Information Security, Computer Networking, the Software Development Life Cycle (SDLC) and experience working with customers. You have Security Information and Event Management (SIEM) expertise and be willing to train on our company platform and products. You will report to Manager Cyber Threat Intelligence. You will work Hybrid in Milwaukee, WI, United States.

Primary Responsibilities

• Lead the deployment and configuration of Microsoft Sentinel to monitor security events across a diverse infrastructure.
• Integrate and onboard different data sources (e.g., firewalls, servers, endpoints, cloud platforms) into Microsoft Sentinel for comprehensive security monitoring.
• Oversee the collection, parsing, and normalization of logs for security event analysis, ensuring comprehensive and accurate data ingestion.
• Develop alerts, reports, data models, dashboards, and connectors to support custom user requirements and continuous security monitoring.
• Build and optimize playbooks within Microsoft Sentinel to automate common security workflows and incident response procedures.
• Use Microsoft Sentinel's capabilities to conduct proactive threat hunting, identifying latest attack patterns, and building custom detection rules.
• Collaborate with Incident Response, Threat Intelligence, Threat Hunting, Infrastructure, and Cloud teams to ensure comprehensive and seamless security coverage across all environments, both on-premises and in the cloud.
• Develop recommendations in collaboration with other team members to maximize Enterprise capabilities in prevention, detection, analysis, containment, eradication, and recovery from cyber-attacks.
• Leverage automation and orchestration solutions to automate repetitive tasks.
• Stay up-to-date with latest security threats, trends, and tools, and incorporate new insights into the Sentinel environment for improved protection.

• Bachelor's Degree or Equivalent Years of Relevant Work Experience
• Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

Preferred Qualifications

• Typically requires a minimum of 5 years of experience in the Information Security field
• 1+ years of experience with SIEM and UEBA solutions such as Splunk, LogRhythm, Elastic
• Microsoft Sentinel certifications.
• Understanding of log collection methodologies and aggregation techniques such as Syslog, NXlog, Windows Event Forwarding
• Working knowledge of cloud platforms such as AWS, Azure and GCP
• Strong knowledge of at least one programming or scripting language (ex. Python, PowerShell, PHP, Perl).
• Understanding of security models and frameworks (ex. MITRE ATT&CK, MITRE D3FEND, Cyber Kill Chain (CKC))
• Demonstrated experience providing customer-focused solutions, support, or service
• Security certifications (Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
• Familiar with Risk Based Alerting (RBA) frameworks and implementation
• Experience architecting, planning, deploying, and using SIEM or UEBA platforms
• Experience integrating or using endpoint security and host-based intrusion detection solutions
• Demonstrated experience in one of the following fields Cyber Threat Intelligence, Incident Response, or Computer Forensics
• Strongly prefer candidates who have solid knowledge of one or more programming or scripting language such as PHP, Perl, Python, PowerShell

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

#LI-Hybrid

#LI-SS1

#lifeatrok

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation's hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.