IT - Incident Response Engineer

Job summary:

Identify, analyze, and respond to advanced cyber threats and incidents — across on-premises, hybrid, and multi-cloud environments — as a senior member of Eaton's Cyber Security Incident Response Team (CSIRT). Serve as a force-multiplier within the Prevent–Detect–Respond strategy, applying deep incident response and cloud security expertise while advancing the team's next-generation capabilities in agentic AI, automation, detection engineering, and insider threat program. Protect Eaton's intellectual property, operational technology, cloud workloads, and brand across a highly complex, global, multi-technology, regulated, and diversified business environment. This role requires hands-on response capabilities and the aptitude to elevate the broader team's technical maturity.

Job responsibilities
Responsible for the engineering, health, and continuous improvement of detection and response capabilities across cloud and on-premises estates — investigating, analyzing, containing, and remediating cyber threats and security incidents that could impact the organization, while building the automation and AI-enabled tooling that scales the Security Operations Center (SOC)

What you'll do:

Incident Response & Threat Hunting
• Provide 24/7/365 (on-call rotation) cyber security incident response, with a focus on responding to, containing, remediating, and recovering from cyber incidents across the global enterprise, including cloud-native and hybrid environments
• Respond to, investigate, and resolve information security issues in accordance with compliance, regulatory, and investigative standards
• Manage and coordinate response to malicious cyber activity inside or targeting Eaton's assets, including IT, cloud, and operational technology (OT) environments
• Perform proactive threat hunting based on emerging indicators of compromise, vulnerabilities, and threat intelligence
• Lead detection, investigation, and response for cloud security incidents across major platforms (Microsoft Azure, AWS, and/or Google Cloud), including identity, workload, container, and SaaS compromise scenarios
• Develop and tune cloud-native detections using cloud logging and telemetry
• Apply knowledge of cloud identity and access management, misconfigurations, and cloud attack paths to strengthen detection coverage and reduce exposure
• Partner with cloud platform and engineering teams to embed security into cloud architecture and support Cloud Security Posture Management (CSPM) and workload protection initiatives
• Track threat actors and campaigns relevant to Eaton's industry and geography; enrich incidents with contextual intelligence to drive faster, higher-confidence decisions
• Design, build, and enable agentic AI and automation workflows (SOAR, scripting, AI agents) to accelerate triage, investigation, containment, and reporting across cloud and on-premises estates
• Develop and maintain automated playbooks that reduce mean time to detect and respond and eliminate repetitive manual effort
• Contribute to securing Eaton's adoption of AI — assessing AI/LLM systems and agents for security risk, and supporting evaluation of AI-enabled SOC and managed services capabilities
• Conduct digital forensic analysis and eDiscovery in support of incident response, internal investigations, and legal/compliance requests, preserving evidence to investigative and chain-of-custody standards across endpoint and cloud sources
• Provide security engineering services, including deployment, configuration, management, and updating of the security tool stack across cloud and on-premises
• Develop advanced queries, correlation rules, and detections to enhance the organization's detection coverage and security posture
• Contribute to SIEM architecture — including cloud log onboarding, normalization, content lifecycle, and tuning to focus detection operations and reduce false positives

Qualifications:

Skills: