Job
Description
Job Summary As an OT Cybersecurity Data Engineer, you will manage the design, implementation, and testing of our Security Information and Event Management (SIEM) system with a specific focus on integrating and analyzing data from critical OT/ICS environments. You will work with cybersecurity teams to ensure the monitoring, detection, and reporting of security threats within industrial infrastructure. We are looking for a understanding of SIEM and SOAR technologies, OT protocols, and cybersecurity best practices. You will report to the Cyber Team Leader and have a hybrid schedule working in Hinjewadi-Pune. Your Responsibilities: Develop SIEM and SOAR solutions tailored for OT environments, considering the unique challenges and protocols involved. Integrate multiple OT data sources (e.g., IDS, EDR, control system logs, network traffic from industrial protocols) into the SIEM platform. Maintain custom parsers, normalizers, and correlation rules to analyze OT-specific logs and events within the SIEM. Collaborate with OT operations and engineering teams to understand their systems, data sources, and security monitoring requirements. Configure and improve the SIEM platform for performance, scalability, and stability in an OT context. Maintain OT-focused dashboards and reports within the SIEM to provide actionable insights into security posture and potential threats. Tune and optimize SIEM rules and alerts to minimize false positives and ensure high-fidelity detection of OT security incidents. Maintain documentation for the OT SIEM architecture, data sources, rules, and operational procedures. Recommend new SIEM features, integrations, and related security technologies for enhancing OT security monitoring. The Essentials - You Will Have: Have 4-5years of demonstrated experience working with SIEM platforms (e.g., Sumo Logic, Palo Alto Cortex XSOAR) and a understanding of their architecture, configuration, and rule development. Understanding of OT protocols (e.g., Modbus, DNP3, IEC 61850), industrial control systems (e.g., PLC, SCADA, DCS), and their logging mechanisms. Experience parsing and normalising complex log formats, including those specific to OT devices and applications and, in the context of security event analysis, technical information to both technical and non-technical audiences and as part of a team in a environment. Specific experience integrating OT data sources with enterprise SIEM platforms. Knowledge of security frameworks and standards relevant to OT (e.g., NIST SP 800- 82, IEC 62443). Experience with scripting languages (e.g., Python, PowerShell) for SIEM automation and data manipulation. Relevant certifications such as GICSP, GRID, CISSP, or SIEM-specific certifications. Familiarity with threat intelligence platforms and their integration with SIEM for OT threat detection. The Preferred - You Might Also Have: You will have to understand relevant evolving technology, understand complex technology dependency and working across a range of service offerings that may leverage a wide array of technologies and partners. Develop key product service launches Collaborative culture across the automation engineering team while meeting CI objectives Adopt technology best practices around technology vendor evaluation and managing maintenance of technology platforms. What We Offer: Our benefits package includes Comprehensive mindfulness programmes with a premium membership to Calm Volunteer Paid Time off available after 6 months of employment for eligible employees Company volunteer and donation matching program - Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation. Employee Assistance Program Personalized wellbeing programmes through our OnTrack program On-demand digital course library for professional development ... and other local benefits! At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if youre excited about this role but your experience doesnt align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles. #LI-Hybrid #LI-SM1 Rockwell Automation s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.
