Incident Response Engineer

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us

Job Description

We are seeking an experienced Level 3 Cybersecurity Analyst to join our Cybersecurity Security Incident Response Team (CSIRT). This senior-level role is responsible for advanced threat detection, incident response, and security operations, ensuring the integrity and availability of enterprise systems. The Level 3 analyst will act as an escalation point for complex security incidents, lead investigations, and contribute to the continuous improvement of cybersecurity processes and defenses.

Your Responsibilities

Threat Detection & Incident Response

• Lead the investigation, containment, eradication, and recovery of advanced cyber threats and security incidents.

• Serve as the final escalation point for Level 1 and Level 2 analysts, providing guidance and mentorship.

• Utilize threat intelligence, SIEM platforms, EDR solutions, and other security tools to analyze and mitigate security events.

• Conduct root cause analysis (RCA) and forensic investigations to determine attack vectors and impact.

• Develop and implement advanced detection rules, correlation searches, and playbooks for threat hunting.

Security Operations & Monitoring

• Oversee real-time monitoring of security alerts and ensure rapid response to potential threats.

• Maintain and optimize security monitoring tools such as SIEM, SOAR, and EDR solutions.

• Perform proactive threat hunting to identify undetected malicious activities.

Threat Intelligence & Research

• Analyze emerging threats, vulnerabilities, and attack techniques to improve defenses.

• Leverage threat intelligence platforms (TIPs) and external sources (MITRE ATT&CK, TTPs) to enhance security posture.

• Work with internal functions and external business partners to support Risk assessments to validate detection capabilities and response procedures.

Security Engineering & Automation

• Develop and fine-tune security rules, alerts, and automation plans to improve efficiency.

• Help design and improve security controls across cloud and on-premises environments.

• Collaborate with DevOps and IT teams to implement secure configurations and best practices.

Compliance & Reporting

• Ensure adherence to security policies, regulatory frameworks (NIST, ISO 27001, CIS, etc.), and industry best practices.

• Prepare detailed reports and post-incident documentation for executive leadership and team members.

• Participate in security audits, risk assessments, tabletop exercises, and post-incident activities.

Required Qualifications

• Education: Bachelor's degree in Cybersecurity, Computer Science, Information Security, or related field (or equivalent experience).

• Experience: Minimum 5+ years of hands-on experience in cybersecurity operations, SOC, or threat intelligence.

• Certifications (Preferred):

• Required: Security+ / CySA+ / SSCP

• Preferred: CISSP, CISM, CEH, GCIH, GCFA, GCIA, and OSCP

Technical Skills & Expertise

• Proficiency with SIEM platform (Sentinel or other SIEMs).

• Experience with EDR/XDR solutions (CrowdStrike, Defender for Endpoint).

• Hands-on experience with IDS/IPS, SOAR, and forensic tools (Wireshark, VIRUSTOTAL, Microsoft Sentinel SOAR).

• Strong knowledge of email security platforms and threat intelligence frameworks (Proofpoint, MITRE ATT&CK, Cyber Kill Chain).

• Familiarity with cloud security (AWS, Azure, GCP) and container security (Kubernetes, Docker).

• Proficiency in scripting & automation (Python, PowerShell, Bash) for security automation.

• Strong understanding of network security, firewalls, and intrusion detection systems .

• Candidate will report to Manager IT.

Soft Skills

• Excellent problem-solving and analytical skills.

• Strong communication and leadership abilities.

• Ability to work under pressure in high-stakes security incidents.

• Have a passion for cybersecurity and continuous learning.

Why Join Us?

• Work with cutting-edge cybersecurity technologies and methodologies.

• Engage in challenging and impactful security investigations.

• Collaborate with top-tier cybersecurity professionals.

• Competitive salary, benefits, and professional development opportunities.

If you are a cybersecurity expert ready to take on advanced threats and lead critical investigations, we encourage you to apply

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programs with a premium membership to Calm
• Volunteer Paid Time off available after 6 months of employment for eligible employees
• Company volunteer and donation matching program – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development and other local benefits

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

Rockwell Automation's hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.