Job Description :
Job Summary : The person filling the Cybersecurity Operations Center Senior Analyst role will join 3M’s Information Security, Risk and Compliance organization as part of a team focused on the ongoing development and operations of 3M’s global Cybersecurity Operations Center.
You will help support day to day operations, monitoring and responding to security threats and risks, provide in-depth incident evaluation & analysis, and will provide pro-active threat hunting and intelligence research.
This position will be operating in our Cybersecurity Operations Center; some weekend and after hours work will be required.
Primary Responsibilities include but are not limited to the following : Provide advanced Cyber Incident analysis, handling and response activity Work in conjunction with Security Solutions Specialists to provide feedback and requirements on security technologies including Intrusion Detection and Prevention Systems, Firewalls and Log Analysis, SIEM, Network Behavior Analysis Tools, Antivirus, Network Packet Analyzers, Malware analysis, and Forensic tools Create and maintain automation scripts for incident data examination Work with Security Solutions Specialists to identify points where incident detection or response can be further automatized, or possible scenarios where a use case is giving false positives and a need for fine tuning Collaborate on Threat Hunting activities to evaluate and detect potential threat activity Provide digital forensic capabilities, relevant artifact identification and collection, and initial analysis Author Global Standard Operating Procedures and training documentation as needed Assist in training SOC team members Create and build runbooks for incident response process Basic Qualifications : University Degree in MIS, Computer Science / Engineering, or related field from a recognized college or university or equivalent work experience 2-3 years of security experience with at least of 5 years total IT background IT Security Operations Center environment experience (incident response) with security monitoring experience Fluent in speaking and writing English Preferred Qualifications : CISSP, SANS, InfoSec Certifications or other equivalents Experience performing Linux and Windows server administration Experience working with scripting languages such as Python Experience with SIEM administration and content (use cases) development Understanding and experience with Agile Framework Ability to identify and assess foreseeable internal and external risks to the security, confidentiality, and availability of information and systems using a documented process Experience with any of the following tools : Firewall, IPS, Email Security and / or Endpoint Protection Experience in Cloud technology platforms : AWS and Azure Strong problem solving, analytical, technical, and troubleshooting skills Ability to interact with vendors, clients, and internal teams in a professional and articulate way via spoken and written word Experience working in IT at a Global Organization