Identify, analyze, and respond to advanced cyber threats and incidents - across on-premises, hybrid, and multi-cloud environments - as a senior member of Eaton's Cyber Security Incident Response Team (CSIRT). Serve as a force-multiplier within the Prevent-Detect-Respond strategy, applying deep incident response and cloud security expertise while advancing the team's next-generation capabilities in agentic AI, automation, detection engineering, and insider threat program. Protect Eaton's intellectual property, operational technology, cloud workloads, and brand across a highly complex, global, multi-technology, regulated, and diversified business environment. This role requires hands-on response capabilities and the aptitude to elevate the broader team's technical maturity. Job responsibilities Responsible for the engineering, health, and continuous improvement of detection and response capabilities across cloud and on-premises estates - investigating, analyzing, containing, and remediating cyber threats and security incidents that could impact the organization, while building the automation and AI-enabled tooling that scales the Security Operations Center (SOC) What you'll do: Incident Response & Threat Hunting • Provide 24/7/365 (on-call rotation) cyber security incident response, with a focus on responding to, containing, remediating, and recovering from cyber incidents across the global enterprise, including cloud-native and hybrid environments • Respond to, investigate, and resolve information security issues in accordance with compliance, regulatory, and investigative standards • Manage and coordinate response to malicious cyber activity inside or targeting Eaton's assets, including IT, cloud, and operational technology (OT) environments • Perform proactive threat hunting based on emerging indicators of compromise, vulnerabilities, and threat intelligence • Lead detection, investigation, and response for cloud security incidents across major platforms (Microsoft Azure, AWS, and/or Google Cloud), including identity, workload, container, and SaaS compromise scenarios • Develop and tune cloud-native detections using cloud logging and telemetry • Apply knowledge of cloud identity and access management, misconfigurations, and cloud attack paths to strengthen detection coverage and reduce exposure • Partner with cloud platform and engineering teams to embed security into cloud architecture and support Cloud Security Posture Management (CSPM) and workload protection initiatives • Track threat actors and campaigns relevant to Eaton's industry and geography; enrich incidents with contextual intelligence to drive faster, higher-confidence decisions • Design, build, and enable agentic AI and automation workflows (SOAR, scripting, AI agents) to accelerate triage, investigation, containment, and reporting across cloud and on-premises estates • Develop and maintain automated playbooks that reduce mean time to detect and respond and eliminate repetitive manual effort • Contribute to securing Eaton's adoption of AI - assessing AI/LLM systems and agents for security risk, and supporting evaluation of AI-enabled SOC and managed services capabilities • Conduct digital forensic analysis and eDiscovery in support of incident response, internal investigations, and legal/compliance requests, preserving evidence to investigative and chain-of-custody standards across endpoint and cloud sources • Provide security engineering services, including deployment, configuration, management, and updating of the security tool stack across cloud and on-premises • Develop advanced queries, correlation rules, and detections to enhance the organization's detection coverage and security posture • Contribute to SIEM architecture - including cloud log onboarding, normalization, content lifecycle, and tuning to focus detection operations and reduce false positives Qualifications: Basic (required) Qualifications: • Bachelor's Degree from an accredited institution • Minimum seven (7) years in security operations, incident response, cloud security, e-Discovery, insider threat, security engineering or related field • No relocation is offered for this position. All candidates must currently reside within 50 miles of Beachwood, OH. • This position requires use of information or access to hardware which may be subject to the International Traffic in Arms Regulations (ITAR). All applicants must be U.S. persons within the meaning of ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. 'Green Card Holder'), Political Asylee, or Refugee. • Must be legally authorized to work in the United States without company sponsorship both now and in the future Preferred Qualifications: • Demonstrated hands-on experience leading or performing cyber security incident response, including containment, remediation, and recovery • Hands-on cloud security experience with one or more major platforms • Experience correlating events from multiple sources - including cloud-native sources - to detect suspicious and/or malicious activity • Detection engineering experience and SIEM content development and architecture • Experience building automation and/or agentic AI workflows (SOAR, scripting in Python/PowerShell, AI agents) to streamline security operations • Working knowledge of AI/LLM security concepts and the risks associated with enterprise AI adoption • Emphasis on experience with digital forensics and eDiscovery tools and methodologies • Solid understanding of adversary TTPs and the MITRE ATT&CK framework • Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies • Strong analytical and problem-solving skills Skills: Soft skills Exceptional communication skills are essential for this role. The analyst must communicate clearly, articulately, and with transparency across all levels of the organization - from technical peers and junior analysts to senior leadership and executives. This includes: • Translating complex technical findings into clear, business-relevant language for executive and non-technical audiences • Communicating incident status, risk, and impact with accuracy and transparency, especially under pressure during active incidents • Producing clear, concise written deliverables - incident reports, executive briefings, and documentation - that withstand scrutiny • Presenting confidently and credibly to senior leadership, and fostering open, honest communication that builds trust across the team and stakeholders • Excellent proficiency in English (written and verbal) • Strong analytical and problem-solving skills • Proven ability to mentor and upskill junior analysts • Strong project management, multitasking, and organizational skills All positions may require participation in video and in-person interviews as part of the hiring process. All candidates will be evaluated based on job-related competencies, and all candidates' privacy rights and data security will be protected in accordance with applicable laws. We know that good benefit programs are important to employees and their families. Eaton provides various Health and Welfare benefits as well as Retirement benefits, and several programs that provide for paid and unpaid time away from work. Click here for more detail: Eaton Benefits Overview. Please note that specific programs and options available to an employee may depend on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.