Cybers Security Data Engineer, Contract Capabilities

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

As an OT Cybersecurity Data Engineer, you will manage the design, implementation, and testing of our Security Information and Event Management (SIEM) system with a specific focus on integrating and analyzing data from critical OT/ICS environments. You will work with cybersecurity teams to ensure the monitoring, detection, and reporting of security threats within industrial infrastructure. We ask that you have a understanding of SIEM and SOAR technologies, OT protocols, and cybersecurity best practices. You will report to the Global Engineering Manager, Contracts Capabilities and have a hybrid schedule working in Milwaukee, WI or Mayfield Heights, OH or any one of our business locations in the United States.

Your Responsibilities:

• Develop SIEM and SOAR solutions tailored for OT environments, considering the unique challenges and protocols involved.
• Integrate multiple OT data sources (e.g., IDS, EDR, control system logs, network traffic from industrial protocols) into the SIEM platform.
• Maintain custom parsers, normalizers, and correlation rules to effectively analyze OT-specific logs and events within the SIEM.
• Collaborate with OT operations and engineering teams to understand their systems, data sources, and security monitoring requirements.
• Configure and improve the SIEM platform for performance, scalability, and stability in an OT context.
• Maintain OT-focused dashboards and reports within the SIEM to provide applicable insights into security posture and potential threats.
• Tune and improve SIEM rules and alerts to minimize false positives and ensure high-fidelity detection of OT security incidents.
• Maintain documentation for the OT SIEM architecture, data sources, rules, and operational procedures.
• Collaborate with IT security teams to ensure seamless integration and correlation of security events across both IT and OT environments.
• Stay up-to-date on the latest OT cybersecurity threats, vulnerabilities, and SIEM capabilities relevant to industrial control systems.
• Recommend new SIEM features, integrations, and related security technologies for enhancing OT security monitoring.
• Provide training and support to security analysts and other stakeholders on the use of the OT SIEM

The Essentials - You Will Have:

• Bachelor's degree
• Legal authorization to work in the U.S. We will not sponsor individuals for employment visas, now or in the future, for this job opening.

The Preferred - You Might Also Have:

• Demonstrated experience working with SIEM platforms (e.g., Sumo Logic, Palo Alto Cortex XSOAR) and a strong understanding of their architecture, configuration, and rule development.
• Understanding of OT protocols (e.g., Modbus, DNP3, IEC 61850), industrial control systems (e.g., PLC, SCADA, DCS), and their logging mechanisms.
• 2+ years of experience in parsing and normalizing complex log formats, including those specific to OT devices and applications.
• Specific experience integrating OT data sources with enterprise SIEM platforms.
• Knowledge of security frameworks and standards relevant to OT (e.g., NIST SP 800-82, IEC 62443).
• Experience with scripting languages (e.g., Python, PowerShell) for SIEM automation and data manipulation.
• Relevant certifications such as GICSP, GRID, CISSP, or SIEM-specific certifications.
• Familiarity with threat intelligence platforms and their integration with SIEM for OT threat detection.

What We Offer:

• Health Insurance including Medical, Dental and Vision
• 401k
• Paid Time off
• Parental and Caregiver Leave
• Flexible Work Schedule where you will work with your manager to enjoy a work schedule that can be flexible with your personal life.
• To learn more about our benefits package, please visit at www.raquickfind.com.

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

This position is part of a job family. Experience will be the determining factor for position level and compensation.

#LI-Hybrid

#LI-AC1

We are an Equal Opportunity Employer including disability and veterans. 

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.