Cyber Investigations Lead

Job Description:

Investigations Lead

Collaborate with Innovative 3Mers Around the World

Choosing where to start and grow your career has a major impact on your professional and personal life, so it's equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a wide variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

The Impact You Will Make in this Role

The Investigations Lead will serve as the central point of accountability for leading Digital Forensics and Incident Response (DFIR) activities and executing complex security investigations, driving end-to-end response efforts, and strengthening organizational readiness. You will collaborate across security operations, legal, compliance, and business teams to manage major incidents, ensure forensic rigor, and improve detection and response capabilities.

Key Responsibilities:

Management

• Lead end-to-end DFIR investigations for major incidents, coordinating across internal and external stakeholders.
• Own and refine investigation playbooks, escalation paths, and response workflows aligned with industry frameworks (NIST, SANS).
• Coach and mentor other investigations staff, driving technical skill development and case quality.
• Lead post-incident reviews and tabletop exercises to improve response maturity.
• Ensure all investigative activities comply with legal, regulatory, and internal policy requirements.

Technical

• Conduct forensic acquisition and analysis across endpoints, servers, networks, and cloud (AWS, Azure, M365).
• Perform memory analysis, disk forensics, log correlation, and malware reverse engineering to support incident containment, eradication, and recovery.
• Reconstruct attack chains, identify root cause, and assess lateral movement by correlating SIEM, EDR/XDR, packet captures, and threat intelligence sources.
• Maintain chain-of-custody and evidentiary standards for legal and regulatory needs.
• Document investigations with clear timelines, evidence, and technical conclusions.

Organizational

• Act as the primary point of contact for high-severity investigations, providing timely updates to leadership.
• Work closely with Legal, HR, Compliance, and IT on internal and sensitive cases.
• Deliver investigation reports and briefings tailored to technical and executive audiences.
• Support audits, regulatory reviews, and law enforcement with evidence and documentation.
• Strengthen partnerships with MSSPs, threat intel vendors, and forensic service providers.

Your Skills and Expertise

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor's degree in Cybersecurity, Digital Forensics, Information Technology or Computer Science (completed and verified prior to start)
• Six (6) or more years of experience in cybersecurity investigations, digital forensics, or incident response in a private, public, government or military environment
• One or more certifications involving incident response, cyber security (GCIH, E CEH, E CIH), or network forensics (GIAC Network Forensic Analyst (GNFA), NICCS Certified Network Forensics Examiner (CNFE)

Additional qualifications that could help you succeed even further in this role include:

• Strong investigative mindset with experience leading complex cyber investigations
• Proficient in digital forensics tools and techniques across Windows, Linux, and cloud environments
• Familiar with legal and regulatory considerations related to evidence handling and privacy
• Effective communicator with the ability to present findings to executive and legal audiences
• Collaborative and discreet, with a high degree of integrity and professionalism
• Strong analytical and critical thinking skills with attention to detail
• Experience in manufacturing or industrial environments is a plus
• Drives continuous process improvement
• Demonstrates excellent analytical and problem-solving skills
• Demonstrates and encourages innovative thinking, continuous learning and sharing of best practices
• Demonstrated knowledge of Incident Response and Investigative Methodology.
• Prior experience serving as an expert witness in legal proceedings.
• Demonstrate advanced proficiency in utilizing common digital forensic artifacts and tools such as ELK, Axiom, Encase, FTK (Forensic Toolkit), Open-Source, or comparable industry-standard tools.
• Familiarity with compliance frameworks such as NIST, ISO 27001, and industry-specific regulations.
• Highest level of integrity and management of confidential information.

Work location: On site in Austin TX

Travel: May include up to 10% domestic and international

Relocation Assistance: Is Authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

Supporting Your Well-being

3M offers many programs to help you live your best life - both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.

Chat with Max

For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on 3M.com/careers.

Applicable to US Applicants Only:The expected compensation range for this position is $212,947 - $260,268, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate's relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: _careers-working-at-3m/benefits/.

Good Faith Posting Date Range 07/16/2025 To 08/15/2025 Or until filled

All US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M. This agreement lays out key terms on using 3M Confidential Information and Trade Secrets. It also has provisions discussing conflicts of interest and how inventions are assigned. Employees that are Job Grade 7 or equivalent and above may also have obligations to not compete against 3M or solicit its employees or customers, both during their employment, and for a period after they leave 3M.

Learn more about 3M's creative solutions to the world's problems at or on Instagram, Facebook, and LinkedIn @3M.

Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.

Safety is a core value at 3M. All employees are expected to contribute to a strong EHS culture by following safety policies, identifying hazards, and engaging in continuous improvement.

Pay & Benefits Overview: _careers-working-at-3m/benefits/

3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.