Manager, IT Security Incident Response Team (SIRT) Job in Milwaukee 53201, Wisconsin US
Rockwell Automation (NYSE: ROK) is a leading global provider of automation, power, control and information solutions that help manufacturers achieve a competitive advantage in their businesses. With a focus on always putting customers first, anywhere in the world, the company helps manufacturers use automation and intelligent motor control and conversion technology as a means to get their products and services to market faster, reduce their total cost of ownership, better utilize power and plant-floor assets, and minimize the risks in their manufacturing environments.
Capabilities extend through partnerships with a network of 5,600 reliable, local companies in distribution, software and product referencing. Leading brands and strategic partnerships uniquely qualify Rockwell Automation to deliver industry solutions to 80 countries around the world.
Provide overall direction and management for the IT Security Incident Response Team (SIRT) and Managed Service Providers including Threat Intelligence, Forensics, Incident Response and
Security Monitoring Event Management. This position will work closely with the appropriate stakeholders in identifying threats, risks and determining the appropriate security responses needed to mitigate, reduce or remove the identified risks. Duties include:
• Performs intelligence analysis of cyber threats to high profile business assets and external aggressors. Performs campaign management and threat actor group associations. Attends threat briefings on highly targeted IP, programs, and pursuits. Consolidate and analyze threat intelligence from a number of external information sharing environments to include industry, local, state, and federal law enforcement agencies, and other related sources.
• Highly specialized analysis to support investigation of digital artifacts. Expert in disk, memory, host, and network based forensics techniques. Performs reverse engineering of advanced malware, and assists in malware attribution and threat research.
• Performs formal Incident Response and case management including scope assessment, containment, and restoration of business continuity of information assets and services. Coordinates with all SIRT team business unit liaisons, performs after-incident case reviews, lessons learned, and collects incident metrics.
• Collects, analyzes and escalates security events, focused on discerning real incidents from routine events. Performs proactive threat identification and remediation activities, to include initial threat assessment, event triage, and coordinates escalation of significant events immediately. Routinely performs monitoring of dashboards, manages blocklists, tuning of custom detection rules, and assists in vulnerability mitigation activities.
• Develops and supports technologies core to the SIRT team operations. Rapid signature development, test, and implementation for immediate detection and prevention of advanced threats. Performs custom tool development, scripting, solutions integration between SIRT technologies, signature testing and implementation, and platform administration and support.
• Investigating opportunities to improve system capabilities based on observed risks or gaps.
• Ensuring timely reporting remediation of security control gaps and vulnerabilities to the environment.
• Keeping up with evolving risks, new developments in the security industry, and industry best practices in risk management techniques.
• Responsible for on-going status communications to IT and business unit management.
This position will manage 5 - 10 professional employees, contractors, and vendor relationships.
EDUCATION REQUIREMENTS:
* Bachelors or equivalent experience; preferred Bachelor’s Degree in Computer Science or Management Information Systems.
* MBA desirable.
* CISA, CISM, CISSP certification preferred.
* U.S. Government Security Clearance, and/or capability to obtain clearance, preferred.
EXPERIENCE REQUIREMENTS:
* Typically requires 5+ years of related experience, with at least 3 years in an IT Lead position.
* Minimum 3 years experience developing security practices.
DESIRED QUALIFICATIONS:
* Experience working in a regulated environment (SOX) subject to compliance controls
* Demonstrated expertise in project management and SLA / Customer management
Rockwell Automation is an Equal Opportunity Employer