Threat Response

**Job Description**:
Job Summary:
The person filling the position of Threat Response (CSOC) Analyst will join 3M's Information Security, Risk and Compliance organization as part of a team focused on the ongoing development and operations of 3M's global Cyber Fusion Center.
They will be engaged to respond, scope, mitigate, and remediate the most complex cybersecurity incidents.
They will be expected to utilize forensic methodologies to investigate potential cybersecurity incidents to include: evidence handling/chain of custody; acquiring data remotely in a forensically sound manner; utilizing multiple artifacts to identify threat actor/malware activity, analyzing output from various technologies in order to effectively investigate potential compromise; and delivering clear written reports to the cybersecurity team.
Primary Responsibilities include but are not limited to the following:

- Responsible for leading incident response and cyber forensic investigations for the most complex cybersecurity incidents, including developing a detailed case timeline tracking relevant log artifacts.
- Collect and investigate host-based forensic artifacts to determine threat actor and/or malware activity on a suspected compromised host.
- Utilize host, identity, and network artifacts to track lateral movement activity.
- Identify the root cause of complex cyber incidents and develop recommendations to prevent recurrence.
- Provide feedback to security solutions specialists on cyber defense best practices to combat dynamic cyber threats.
- Provide Subject Matter Expertise on relevant cyber threat actor methodologies, including recommendations for detection and prevention.
- Provide guidance, training, and feedback to CSOC analysts.
Basic Qualifications:

- 5-6 years of security experience with at least 4 of those years within cyber incident response
- 2 years of cyber forensic response
- Expert knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence, and coordinate a unified security response.
- Experience using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.
- Experience leading technical incident response assessment during high stress crisis events
- SANS GCFA (Certified Forensic Analyst)
- Strong knowledge of host, identity, and network artifacts utilized during IR
- Strong knowledge of network protocols and ability to perform analysis of associated network logs.
- Fluent in speaking and writing English.
Preferred Qualifications:

- University Degree in MIS, Computer Science, or related field from a recognized college or university
- Experience automating processes with scripting languages such as Python and PowerShell
- Experience working with RESTful APIs
- CISSP or related certification

Supporting Your Well-being

3M offers many programs to help you live your best life - both physically and financially.
To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.
Imagine your future in 3M.
3M es un empleador que ofrece las mismas oportunidades.
3M no discriminará a ningún solicitante de empleo por razones de raza, color, edad, religión, sexo, orientación sexual, identidad o expresión de género, origen nacional, discapacidad o estado de veterano.
Our approach to flexibility is called Work Your Way, which puts employees first and drives well-being in ways that enable 3M's business and performance goals.
You have flexibility in where and when work gets done.
It all depends on where and when you can do your best work.
3M Global Terms of Use and Privacy Statement