Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description:

Job Summary:

As an OT Cybersecurity Data Engineer, you will be responsible for the design, implementation, configuration, and testing of our Security Information and Event Management (SIEM) system with a specific focus on integrating and analyzing data from critical OT/ICS environments. You will work closely with cybersecurity teams to ensure the effective monitoring, detection, and reporting of security threats within industrial infrastructure. This role requires a strong understanding of SIEM and SOAR technologies, OT protocols, and cybersecurity best practices.

You will report to the Execution Manager.

Your Responsibilities:

• Design, implement, and test SIEM and SOAR solutions tailored for OT environments, considering the unique challenges and protocols involved.
• Integrate various OT data sources (e.g., IDS, EDR, control system logs, network traffic from industrial protocols) into the SIEM platform.
• Develop and maintain custom parsers, normalizers, and correlation rules to effectively analyze OT-specific logs and events within the SIEM.
• Collaborate with OT operations and engineering teams to understand their systems, data sources, and security monitoring requirements.
• Configure and optimize the SIEM platform for performance, scalability, and stability in an OT context.
• Develop and maintain OT-focused dashboards and reports within the SIEM to provide actionable insights into security posture and potential threats.
• Tune and optimize SIEM rules and alerts to minimize false positives and ensure high-fidelity detection of OT security incidents.
• Develop and maintain documentation for the OT SIEM architecture, data sources, rules, and operational procedures.
• Collaborate with IT security teams to ensure seamless integration and correlation of security events across both IT and OT environments.
• Stay up-to-date on the latest OT cybersecurity threats, vulnerabilities, and SIEM capabilities relevant to industrial control systems.
• Evaluate and recommend new SIEM features, integrations, and related security technologies for enhancing OT security monitoring.
• Provide training and support to security analysts and other stakeholders on the use of the OT SIEM.

The Essentials

You Will Have:

• Demonstrated experience working with SIEM platforms (e.g., Sumo Logic, Palo Alto Cortex XSOAR) and a strong understanding of their architecture, configuration, and rule development.
• Understanding of OT protocols (e.g., Modbus, DNP3, IEC 61850), industrial control systems (e.g., PLC, SCADA, DCS), and their logging mechanisms.
• Experienced in parsing and normalizing complex log formats, including those specific to OT devices and applications.
• 5+ years of experience integrating OT data sources with enterprise SIEM platforms.
• Knowledge of security frameworks and standards relevant to OT (e.g., NIST SP 800-82, IEC 62443).
• Experienced in scripting languages (e.g., Python, PowerShell) for SIEM automation and data manipulation.
• Relevant certifications such as GICSP, GRID, CISSP, or SIEM-specific certifications.
• Familiarity with threat intelligence platforms and their integration with SIEM for OT threat detection.
• Willing to work with shift timings: 12:00 PM to 09:00 PM.

The Preferred

You Might Also Have:

• Will require high level of IPC to keep up with evolving technology, understand complex technology dependency and working across a range of service offerings that may leverage a wide array of technologies and partners.
• Work across multiple business units with different goals and objectives.

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programmes with a premium membership to Calm.
• Volunteer Paid Time off available after 6 months of employment for eligible employees.
• Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program.
• Personalised wellbeing programs through our On Track programme.
• On-demand digital course library for professional development.

... and other local benefits!

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.