IT - Incident Response Engineer

About The Position

Requirements

• Bachelor’s Degree from an accredited institution
• Minimum seven (7) years in security operations, incident response, cloud security, e-Discovery, insider threat, security engineering or related field
• No relocation is offered for this position. All candidates must currently reside within 50 miles of Beachwood, OH.
• This position requires use of information or access to hardware which may be subject to the International Traffic in Arms Regulations (ITAR). All applicants must be U.S. persons within the meaning of ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. 'Green Card Holder'), Political Asylee, or Refugee.
• Must be legally authorized to work in the United States without company sponsorship both now and in the future

Nice To Haves

• Demonstrated hands-on experience leading or performing cyber security incident response, including containment, remediation, and recovery
• Hands-on cloud security experience with one or more major platforms
• Experience correlating events from multiple sources — including cloud-native sources — to detect suspicious and/or malicious activity
• Detection engineering experience and SIEM content development and architecture
• Experience building automation and/or agentic AI workflows (SOAR, scripting in Python/PowerShell, AI agents) to streamline security operations
• Working knowledge of AI/LLM security concepts and the risks associated with enterprise AI adoption
• Emphasis on experience with digital forensics and eDiscovery tools and methodologies
• Solid understanding of adversary TTPs and the MITRE ATT&CK framework
• Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies
• Strong analytical and problem-solving skills
• Exceptional communication skills are essential for this role. The analyst must communicate clearly, articulately, and with transparency across all levels of the organization — from technical peers and junior analysts to senior leadership and executives.
• Translating complex technical findings into clear, business-relevant language for executive and non-technical audiences
• Communicating incident status, risk, and impact with accuracy and transparency, especially under pressure during active incidents
• Producing clear, concise written deliverables — incident reports, executive briefings, and documentation — that withstand scrutiny
• Presenting confidently and credibly to senior leadership, and fostering open, honest communication that builds trust across the team and stakeholders
• Excellent proficiency in English (written and verbal)
• Strong analytical and problem-solving skills
• Proven ability to mentor and upskill junior analysts
• Strong project management, multitasking, and organizational skills

Responsibilities

• Responsible for the engineering, health, and continuous improvement of detection and response capabilities across cloud and on-premises estates — investigating, analyzing, containing, and remediating cyber threats and security incidents that could impact the organization, while building the automation and AI-enabled tooling that scales the Security Operations Center (SOC)
• Provide 24/7/365 (on-call rotation) cyber security incident response, with a focus on responding to, containing, remediating, and recovering from cyber incidents across the global enterprise, including cloud-native and hybrid environments
• Respond to, investigate, and resolve information security issues in accordance with compliance, regulatory, and investigative standards
• Manage and coordinate response to malicious cyber activity inside or targeting Eaton's assets, including IT, cloud, and operational technology (OT) environments
• Perform proactive threat hunting based on emerging indicators of compromise, vulnerabilities, and threat intelligence
• Lead detection, investigation, and response for cloud security incidents across major platforms (Microsoft Azure, AWS, and/or Google Cloud), including identity, workload, container, and SaaS compromise scenarios
• Develop and tune cloud-native detections using cloud logging and telemetry
• Apply knowledge of cloud identity and access management, misconfigurations, and cloud attack paths to strengthen detection coverage and reduce exposure
• Partner with cloud platform and engineering teams to embed security into cloud architecture and support Cloud Security Posture Management (CSPM) and workload protection initiatives
• Track threat actors and campaigns relevant to Eaton's industry and geography; enrich incidents with contextual intelligence to drive faster, higher-confidence decisions
• Design, build, and enable agentic AI and automation workflows (SOAR, scripting, AI agents) to accelerate triage, investigation, containment, and reporting across cloud and on-premises estates
• Develop and maintain automated playbooks that reduce mean time to detect and respond and eliminate repetitive manual effort
• Contribute to securing Eaton's adoption of AI — assessing AI/LLM systems and agents for security risk, and supporting evaluation of AI-enabled SOC and managed services capabilities
• Conduct digital forensic analysis and eDiscovery in support of incident response, internal investigations, and legal/compliance requests, preserving evidence to investigative and chain-of-custody standards across endpoint and cloud sources
• Provide security engineering services, including deployment, configuration, management, and updating of the security tool stack across cloud and on-premises
• Develop advanced queries, correlation rules, and detections to enhance the organization's detection coverage and security posture
• Contribute to SIEM architecture — including cloud log onboarding, normalization, content lifecycle, and tuning to focus detection operations and reduce false positives

Benefits

• Health and Welfare benefits
• Retirement benefits
• Programs that provide for paid and unpaid time away from work