3M
Investigations Lead
Investigations Lead will serve as the central point of accountability for leading Digital Forensics and Incident Response (DFIR) activities and executing complex security investigations, driving end-to-end response efforts, and strengthening organizational readiness. You will collaborate across security operations, legal, compliance, and business teams to manage major incidents, ensure forensic rigor, and improve detection and response capabilities. Key Responsibilities: Lead end-to-end DFIR investigations for major incidents, coordinating across internal and external stakeholders. Own and refine investigation playbooks, escalation paths, and response workflows aligned with industry frameworks (NIST, SANS). Coach and mentor other investigations staff, driving technical skill development and case quality. Lead post-incident reviews and tabletop exercises to improve response maturity. Ensure all investigative activities comply with legal, regulatory, and internal policy requirements. Conduct forensic acquisition and analysis across endpoints, servers, networks, and cloud (AWS, Azure, M365). Perform memory analysis, disk forensics, log correlation, and malware reverse engineering to support incident containment, eradication, and recovery. Reconstruct attack chains, identify root cause, and assess lateral movement by correlating SIEM, EDR/XDR, packet captures, and threat intelligence sources. Maintain chain-of-custody and evidentiary standards for legal and regulatory needs. Document investigations with clear timelines, evidence, and technical conclusions. Act as the primary point of contact for high-severity investigations, providing timely updates to leadership. Work closely with Legal, HR, Compliance, and IT on internal and sensitive cases. Deliver investigation reports and briefings tailored to technical and executive audiences. Support audits, regulatory reviews, and law enforcement with evidence and documentation. Strengthen partnerships with MSSPs, threat intel vendors, and forensic service providers. Your Skills and Expertise: Bachelor's degree in Cybersecurity, Digital Forensics, Information Technology or Computer Science (completed and verified prior to start) Six (6) or more years of experience in cybersecurity investigations, digital forensics, or incident response in a private, public, government or military environment One or more certifications involving incident response, cyber security (GCIH, E CEH, E CIH), or network forensics (GIAC Network Forensic Analyst (GNFA), NICCS Certified Network Forensics Examiner (CNFE) Work location: On site in Austin TX Travel: May include up to 10% domestic and international Relocation Assistance: Is Authorized Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status). Supporting Your Well-being 3M offers many programs to help you live your best life
both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope. Chat with Max For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on
3M.com/careers. Applicable to US Applicants Only: The expected compensation range for this position is $212,947 - $260,268, which includes base pay plus variable incentive pay, if eligible. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate's relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.).
Investigations Lead will serve as the central point of accountability for leading Digital Forensics and Incident Response (DFIR) activities and executing complex security investigations, driving end-to-end response efforts, and strengthening organizational readiness. You will collaborate across security operations, legal, compliance, and business teams to manage major incidents, ensure forensic rigor, and improve detection and response capabilities. Key Responsibilities: Lead end-to-end DFIR investigations for major incidents, coordinating across internal and external stakeholders. Own and refine investigation playbooks, escalation paths, and response workflows aligned with industry frameworks (NIST, SANS). Coach and mentor other investigations staff, driving technical skill development and case quality. Lead post-incident reviews and tabletop exercises to improve response maturity. Ensure all investigative activities comply with legal, regulatory, and internal policy requirements. Conduct forensic acquisition and analysis across endpoints, servers, networks, and cloud (AWS, Azure, M365). Perform memory analysis, disk forensics, log correlation, and malware reverse engineering to support incident containment, eradication, and recovery. Reconstruct attack chains, identify root cause, and assess lateral movement by correlating SIEM, EDR/XDR, packet captures, and threat intelligence sources. Maintain chain-of-custody and evidentiary standards for legal and regulatory needs. Document investigations with clear timelines, evidence, and technical conclusions. Act as the primary point of contact for high-severity investigations, providing timely updates to leadership. Work closely with Legal, HR, Compliance, and IT on internal and sensitive cases. Deliver investigation reports and briefings tailored to technical and executive audiences. Support audits, regulatory reviews, and law enforcement with evidence and documentation. Strengthen partnerships with MSSPs, threat intel vendors, and forensic service providers. Your Skills and Expertise: Bachelor's degree in Cybersecurity, Digital Forensics, Information Technology or Computer Science (completed and verified prior to start) Six (6) or more years of experience in cybersecurity investigations, digital forensics, or incident response in a private, public, government or military environment One or more certifications involving incident response, cyber security (GCIH, E CEH, E CIH), or network forensics (GIAC Network Forensic Analyst (GNFA), NICCS Certified Network Forensics Examiner (CNFE) Work location: On site in Austin TX Travel: May include up to 10% domestic and international Relocation Assistance: Is Authorized Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status). Supporting Your Well-being 3M offers many programs to help you live your best life
both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope. Chat with Max For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on
3M.com/careers. Applicable to US Applicants Only: The expected compensation range for this position is $212,947 - $260,268, which includes base pay plus variable incentive pay, if eligible. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate's relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.).