Job Description

Job Summary

:

As an OT Cybersecurity Data Engineer, you will be responsible for the design, implementation, configuration, and testing of our Security Information and Event Management (SIEM) system with a specific focus on integrating and analyzing data from critical OT/ICS environments. You will work closely with cybersecurity teams to ensure the effective monitoring, detection, and reporting of security threats within industrial infrastructure. This role requires a strong understanding of SIEM and SOAR technologies, OT protocols, and cybersecurity best practices.

You will report to the Execution Manager.

Your Responsibilities:

  • Design, implement, and test SIEM and SOAR solutions tailored for OT environments, considering the unique challenges and protocols involved.
  • Integrate various OT data sources (e.g., IDS, EDR, control system logs, network traffic from industrial protocols) into the SIEM platform.
  • Develop and maintain custom parsers, normalizers, and correlation rules to effectively analyze OT-specific logs and events within the SIEM.
  • Collaborate with OT operations and engineering teams to understand their systems, data sources, and security monitoring requirements.
  • Configure and optimize the SIEM platform for performance, scalability, and stability in an OT context.
  • Develop and maintain OT-focused dashboards and reports within the SIEM to provide actionable insights into security posture and potential threats.
  • Tune and optimize SIEM rules and alerts to minimize false positives and ensure high-fidelity detection of OT security incidents.
  • Develop and maintain documentation for the OT SIEM architecture, data sources, rules, and operational procedures.
  • Collaborate with IT security teams to ensure seamless integration and correlation of security events across both IT and OT environments.
  • Stay up-to-date on the latest OT cybersecurity threats, vulnerabilities, and SIEM capabilities relevant to industrial control systems.
  • Evaluate and recommend new SIEM features, integrations, and related security technologies for enhancing OT security monitoring.
  • Provide training and support to security analysts and other stakeholders on the use of the OT SIEM.

    • The Essentials - You Will Have:

  • Demonstrated experience working with SIEM platforms (e.g., Sumo Logic, Palo Alto Cortex XSOAR) and a strong understanding of their architecture, configuration, and rule development.
  • Understanding of OT protocols (e.g., Modbus, DNP3, IEC 61850), industrial control systems (e.g., PLC, SCADA, DCS), and their logging mechanisms.
  • Experienced in parsing and normalizing complex log formats, including those specific to OT devices and applications.
  • 5+ years of experience integrating OT data sources with enterprise SIEM platforms.
  • Knowledge of security frameworks and standards relevant to OT (e.g., NIST SP 800-82, IEC 62443).
  • Experienced in scripting languages (e.g., Python, PowerShell) for SIEM automation and data manipulation.
  • Relevant certifications such as GICSP, GRID, CISSP, or SIEM-specific certifications.
  • Familiarity with threat intelligence platforms and their integration with SIEM for OT threat detection.
  • Willing to work with shift timings: 12:00 PM to 09:00 PM.

    • The Preferred - You Might Also Have:

  • Will require high level of IPC to keep up with evolving technology, understand complex technology dependency and working across a range of service offerings that may leverage a wide array of technologies and partners.
  • Work across multiple business units with different goals and objectives.

    • What We Offer:

    Our benefits package includes …

  • Comprehensive mindfulness programmes with a premium membership to Calm.
  • Volunteer Paid Time off available after 6 months of employment for eligible employees.
  • Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
  • Employee Assistance Program.
  • Personalised wellbeing programs through our OnTrack programme.
  • On-demand digital course library for professional development.

    • ... and other local benefits!

    #LI-Hybrid

    #LI-RS1

    Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.

    Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application