3M
Overview
Intermediate SOC Analyst (L2) at 3M. The L2 SOC Analyst collaborates with the Cyber Defense Organization to analyze security events, escalate incidents, and support incident response. This mid-tier role bridges initial triage and advanced investigation. The ideal candidate will have a strong technical foundation, analytical mindset, and a proactive approach to identifying and mitigating threats across enterprise and industrial environments.
Responsibilities
Management
— Monitor and analyze security alerts from SIEM, EDR, and other security platforms to identify potential threats.
Management
— Perform in-depth investigation of suspicious activity, correlating data across multiple sources to determine scope and impact.
Management
— Lead the resolution of low to moderately complex security incidents, including containment, eradication, and recovery actions.
Management
— Escalate confirmed incidents to L3 analysts or incident response teams with detailed documentation and recommendations.
Management
— Support containment and remediation efforts during active incidents.
Management
— Conduct initial root cause analysis and contribute to post-incident reviews to identify gaps and improve future response.
Technical
— Leverage threat intelligence, behavioral analytics, and contextual data to enhance detection, investigation, and resolution capabilities.
Technical
— Collaborate with detection engineering teams to develop, test, and tune detection rules and use cases.
Technical
— Perform basic malware analysis, log correlation, and network traffic inspection to support incident resolution.
Technical
— Maintain up-to-date knowledge of the threat landscape, including attacker tactics, techniques, and procedures (TTPs), and apply this knowledge to improve incident handling.
Organizational
— Work closely with IT, OT, and business units to validate alerts, gather context, and coordinate incident resolution efforts.
Organizational
— Document investigation steps, findings, and resolution actions in a clear, structured, and timely manner.
Organizational
— Participate in SOC shift rotations to ensure 24/7 monitoring and rapid response to security events.
Organizational
— Contribute to the continuous improvement of SOC processes, playbooks, and knowledge base, focusing on improving incident resolution workflows.
Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, or Computer Science (completed and verified prior to start).
Two (2) years of experience in a SOC or cybersecurity operations role in a private, public, government or military environment.
Additional qualifications
Effective communicator with the ability to document investigations and collaborate with cross-functional teams.
Certifications such as CompTIA Security+, CySA+, or GCIH.
Proficiency in analyzing alerts from SIEM, EDR, and network monitoring tools.
Familiarity with threat intelligence, basic malware analysis, and log correlation techniques.
Understanding of MITRE ATT&CK and common attack vectors.
Strong analytical and problem-solving skills with attention to detail.
Experience in triaging and investigating security alerts across SIEM, EDR, and network platforms.
Proficient in supporting incident response efforts and conducting initial root cause analysis.
Strong understanding of threat intelligence and its application in operational workflows.
Committed to continuous learning and development in threat detection and response.
Analytical thinker with a proactive approach to identifying and mitigating risks.
Reliable team player in a 24/7 SOC environment, contributing to operational excellence.
Work location On site in Austin, TX
Travel May include up to 10% domestic and international
Relocation Assistance Authorized
Eligibility to work Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B).
Compensation and benefits Applicable to US Applicants Only: The expected compensation range for this position is $164,612 - $201,193, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including the candidate’s knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at 3M Benefits.
EEO statement 3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.
Important notices 3M Global Terms of Use and Privacy Statement: Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms. Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.
Seniority level Mid-Senior level
Employment type Full-time
Job function Information Technology
Industries Industrial Machinery Manufacturing
#J-18808-Ljbffr
Responsibilities
Management
— Monitor and analyze security alerts from SIEM, EDR, and other security platforms to identify potential threats.
Management
— Perform in-depth investigation of suspicious activity, correlating data across multiple sources to determine scope and impact.
Management
— Lead the resolution of low to moderately complex security incidents, including containment, eradication, and recovery actions.
Management
— Escalate confirmed incidents to L3 analysts or incident response teams with detailed documentation and recommendations.
Management
— Support containment and remediation efforts during active incidents.
Management
— Conduct initial root cause analysis and contribute to post-incident reviews to identify gaps and improve future response.
Technical
— Leverage threat intelligence, behavioral analytics, and contextual data to enhance detection, investigation, and resolution capabilities.
Technical
— Collaborate with detection engineering teams to develop, test, and tune detection rules and use cases.
Technical
— Perform basic malware analysis, log correlation, and network traffic inspection to support incident resolution.
Technical
— Maintain up-to-date knowledge of the threat landscape, including attacker tactics, techniques, and procedures (TTPs), and apply this knowledge to improve incident handling.
Organizational
— Work closely with IT, OT, and business units to validate alerts, gather context, and coordinate incident resolution efforts.
Organizational
— Document investigation steps, findings, and resolution actions in a clear, structured, and timely manner.
Organizational
— Participate in SOC shift rotations to ensure 24/7 monitoring and rapid response to security events.
Organizational
— Contribute to the continuous improvement of SOC processes, playbooks, and knowledge base, focusing on improving incident resolution workflows.
Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, or Computer Science (completed and verified prior to start).
Two (2) years of experience in a SOC or cybersecurity operations role in a private, public, government or military environment.
Additional qualifications
Effective communicator with the ability to document investigations and collaborate with cross-functional teams.
Certifications such as CompTIA Security+, CySA+, or GCIH.
Proficiency in analyzing alerts from SIEM, EDR, and network monitoring tools.
Familiarity with threat intelligence, basic malware analysis, and log correlation techniques.
Understanding of MITRE ATT&CK and common attack vectors.
Strong analytical and problem-solving skills with attention to detail.
Experience in triaging and investigating security alerts across SIEM, EDR, and network platforms.
Proficient in supporting incident response efforts and conducting initial root cause analysis.
Strong understanding of threat intelligence and its application in operational workflows.
Committed to continuous learning and development in threat detection and response.
Analytical thinker with a proactive approach to identifying and mitigating risks.
Reliable team player in a 24/7 SOC environment, contributing to operational excellence.
Work location On site in Austin, TX
Travel May include up to 10% domestic and international
Relocation Assistance Authorized
Eligibility to work Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B).
Compensation and benefits Applicable to US Applicants Only: The expected compensation range for this position is $164,612 - $201,193, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including the candidate’s knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at 3M Benefits.
EEO statement 3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.
Important notices 3M Global Terms of Use and Privacy Statement: Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms. Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.
Seniority level Mid-Senior level
Employment type Full-time
Job function Information Technology
Industries Industrial Machinery Manufacturing
#J-18808-Ljbffr