3M Intermediate SOC Analyst L2 

United States, Texas, Austin 

925142281

Job Description:

Intermediate SOC Analyst (L2)

Key Responsibilities:

• Monitor and analyze security alerts from SIEM, EDR, and other security platforms to identify potential threats.
• Perform in-depth investigation of suspicious activity, correlating data across multiple sources to determine scope and impact.
• Lead the resolution of low to moderately complex security incidents, including containment, eradication, and recovery actions.
• Escalate confirmed incidents to L3 analysts or incident response teams with detailed documentation and recommendations.
• Support containment and remediation efforts during active incidents.
• Conduct initial root cause analysis and contribute to post-incident reviews to identify gaps and improve future response efforts.

• Leverage threat intelligence, behavioral analytics, and contextual data to enhance detection, investigation, and resolution capabilities.
• Collaborate with detection engineering teams to develop, test, and tune detection rules and use cases.
• Perform basic malware analysis, log correlation, and network traffic inspection to support incident resolution.
• Maintain up-to-date knowledge of the threat landscape, including attacker tactics, techniques, and procedures (TTPs), and apply this knowledge to improve incident handling.

• Work closely with IT, OT, and business units to validate alerts, gather context, and coordinate incident resolution efforts.
• Document investigation steps, findings, and resolution actions in a clear, structured, and timely manner.
• Participate in SOC shift rotations to ensure 24/7 monitoring and rapid response to security events.
• Contribute to the continuous improvement of SOC processes, playbooks, and knowledge base, with a focus on enhancing incident resolution workflows

Your Skills and Expertise

To set you up for success in this role from day one, 3M requires
(at a minimum) the following qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or Computer Science (completed and verified prior to start)
• Two (2) years of experience in a SOC or cybersecurity operations role in a private, public, government or military environment

Additional qualifications that could help you succeed even further in this role include:

• Effective communicator with the ability to document investigations and collaborate with cross-functional teams
• Certifications such as CompTIA Security+, CySA+, or GCIH

• Proficiency in analyzing alerts from SIEM, EDR, and network monitoring tools
• Familiarity with threat intelligence, basic malware analysis, and log correlation techniques
• Understanding of common attack vectors, threat actor behaviors, and frameworks like MITRE ATT&CK
• Strong analytical and problem-solving skills with attention to detail
• Experienced in triaging and investigating security alerts across SIEM, EDR, and network platforms
• Skilled in correlating data from multiple sources to identify and escalate confirmed threats
• Proficient in supporting incident response efforts and conducting initial root cause analysis
• Strong understanding of threat intelligence and its application in operational workflows
• Effective communicator with the ability to document investigations clearly and collaborate across teams
• Committed to continuous learning and development in threat detection and response
• Analytical thinker with a proactive approach to identifying and mitigating risks
• Reliable team player in a 24/7 SOC environment, contributing to operational excellence

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

Please access the linked document by clicking select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.