Specialist II, Cybersecurity Operations/Incident Response

We are seeking a highly capable and motivated cybersecurity professional to play a key role in protecting Lincoln Electric's enterprise IT and shop floor environments. As a Specialist II, Cybersecurity Operations, you will serve as a core member of the incident response function while also leading and contributing to broader cybersecurity initiatives that strengthen detection, infrastructure security, and vulnerability management across the organization., * Execute end-to-end incident response across enterprise IT and OT environments, including investigation and remediation of security alerts escalated by MSSPs and internal detection platforms as part of an incident response team and on-call rotation.

• Document incident timelines, root cause analysis, and lessons learned to support compliance, audit, and continuous improvement.
• Analyze security alerts and logs using tools such as EDR, SIEM, email security platforms, and firewalls, leveraging threat intelligence and frameworks like MITRE ATT&CK to identify malicious activity, reduce false positives, and improve detection and response strategies.
• Contribute to the development, testing, and continuous improvement of incident response playbooks, tabletop exercises, and crisis management procedures.
• Apply hands-on experience with network security technologies, including firewalls, network segmentation, secure remote access, and network traffic analysis.
• Own and support assigned cybersecurity tools and platforms, including configuration, optimization, and ongoing operational effectiveness.
• Lead and execute cybersecurity initiatives beyond incident response by owning project-level efforts across detection, infrastructure security, and vulnerability management, aligned with business objectives and industry standards (e.g., NIST CSF).
• Partner with infrastructure, cloud, and application teams to implement secure configurations and remediate vulnerabilities across hybrid environments.
• Support audit and compliance activities related to controls, assessments, and remediation.
• Help manage vendor relationships related to cybersecurity solutions, controls, and services.
• Automating repetitive security tasks through scripting (e.g., PowerShell, Python, AI Workflows).
• Identify opportunities to improve operational efficiency through tool optimization, process improvements, and automation.
• Stay current on evolving threat landscapes, attacker techniques, and industry best practices to continuously improve Lincoln Electric's defensive posture.
• Perform other cybersecurity-related duties and responsibilities as assigned, based on organizational priorities and evolving security needs.

This role is suited for a hands-on security professional who thrives in complex, real-world environments and is energized by tackling meaningful security challenges. The successful candidate brings strong experience across incident response, detection and analysis, network and infrastructure security, and enterprise technologies, including environments that support manufacturing operations and legacy systems. Success in this role requires both technical depth and the ability to collaborate effectively across teams, communicate clearly, and drive continuous improvement in cybersecurity capabilities. This position offers the opportunity to own impactful security efforts, influence how security is implemented across the enterprise, and directly protect the systems critical to Lincoln Electric's business operations., * Bachelor's degree in Cybersecurity, Information Technology, Engineering, or a related field preferred.

• 5+ years of hands-on experience in cybersecurity operations and infrastructure with a minimum of 3 years experience in incident response in enterprise environments.
• Demonstrated experience responding to real-world security incidents beyond alert triage, including containment and remediation.
• Broad technical background across cybersecurity and IT disciplines (e.g., incident response, network security, endpoint protection, infrastructure).
• Hands-on experience with network security technologies such as firewalls, IDS/IPS, and network traffic analysis.
• Familiarity with cloud platforms and identity management systems such as Azure AD.
• Working knowledge of vulnerability management tools, remediation practices, and coordination with technical teams in enterprise environments.
• Ability to interpret and apply security frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001).
• Comfortable working in hybrid environments and engaging with cross-functional teams.
• Demonstrates flexibility in responding to unexpected demands. Contributes willingly during emergencies and other necessary situations during and/or after regular work hours.
• Strong written and verbal communication skills with the ability to work cross-functionally.
• Ability to work independently and collaboratively in a global, matrixed team environment.
• Relevant certifications preferred (e.g., GIAC, CISSP, CCNA, CCNP, CompTIA Security+)