SIEM Content Specialist* (Maplewood, MN preferred, but open to remote locations in the contiguous US)

Full Time
Maplewood, MN
report a problem

At 3M, your ideas matter.
Here, you go.

At 3M, we apply science in collaborative ways to improve lives daily. With $30 billion in sales, our 90,000 employees connect with customers all around the world.


3M has a long-standing reputation as a company committed to innovation.  We provide the freedom to explore and encourage curiosity and creativity.  We gain new insight from diverse thinking, and take risks on new ideas.


Here, you can apply your talent in bold ways that matter.

Job Description:

3M is seeking a SIEM Content Specialist for the IT Security & Compliance Corporate Staffing team located in Maplewood, MN. At 3M, you can apply your talent in bold ways that matter.  Here, you go.

Job Summary:

Well-rounded IT professional needed to own and evolve the governance framework to driving security content into the next generation Security Information Event Management (SIEM) platform. This position is responsible for generating content and rules to be consumed by SIEM. May include using traditional SIEM tools as well as mining data out of large data lakes for correlation.  Candidate must be adaptable, and demonstrate the ability to understand, assess and implement new technologies. Strong organizational, document management, and communication skills required.  

Big picture thinking coupled with deep security knowledge and the ability to perform hands-on engineering tasks. Able to understand and solve business problems while managing associated risks and compliance requirements.

Primary Responsibilities include but are not limited to the following:

  • Content Development (rules, lists, reports, queries, dashboards, etc.) in SIEM
  • Event correlation analysis on very large data sets in SIEM or data lakes
  • Technical generation and implementation of rules (use cases) from conceptual documented requirements
  • Tuning to reduce or eliminate false positives in SIEM solution 
  • Provide documentation of all rules, content, and workflow integrated with the system
  • Provide training to global team members on the rules, content and workflows
  • Fostering a clear understanding of business direction and strategy to help drive content decisions within the SIEM and Open Source Platforms
  • Working with relevant project leads, assess the impact to the content as a result of on-boarding and off-boarding, and changes to, security devices across the evolving customer environment
  • Testing of new content rules, adding, changing or removing rules, and documenting the content rules
  • Providing reports on a monthly basis or ad hoc communicating the changes in the content in the SIEM platform
  • Coordinating Content Validation Testing in a blue team / red team approach, working with the test team to ensure content rules remain effective as well as remediating issues when they are discovered
  • Applying cyber threat intelligence from internal and external sources to the existing content library to perform gap analysis focused on identifying the need for expansion of the existing content library
  • Gathering, analyzing, understanding and applying contextual and business information supporting the function of the 3M Information Security Risk & Compliance Security Operation Center
  • Contribute to support and maintaining additional reports and metrics across the content components of the Managed Security Services Program
  • Active participation in while providing input to 3M’s overall regulatory compliance

Basic Qualifications:

  • High School Diploma/GED or higher from an accredited learning institution
  • Minimum of five (5) years of experience working within information security
  • Minimum of three (3) years of SIEM Content Development experience
  • Experience with SIEM and log management technologies (e.g. Arcsight, ELK, etc.)
  • Experience working with Linux and Windows OS
  • Experience working with Java, Python, and Perl scripting
  • Experience working with Relational Database Management Systems (RDBMS)

Preferred Qualifications:

  • Minimum of five or more (5+) years of SIEM Content Development experience
  • Strong analysis and design skills with the ability to devise creative technical solutions
  • Ability to convey a strong presence, professional image, and deal confidently with complex technical problems
  • Understanding of big data solutions; Data Lakes (Hadoop)
  • Understanding of Automation Orchestration frameworks
  • Experience integrating new log sources and data correlation rules into the SIEM
  • Understanding of Open Source data lake solutions
  • Knowledge of security analytics and reporting
  • Experience working in a customer facing role, preferably manufacturing
  • Minimum of seven or more (7+) years of experience within the information security field
  • Professional certifications to include CEH, CISSP, etc


Location: Maplewood, MN preferred, but open to remote locations in the contiguous US

Travel: May include up to 5% domestic/international

Relocation Benefits: Are authorized for this position          


Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status)


Responsibilities of this position may include direct and/or indirect physical or logical access to information, systems, technologies subjected to the regulations/compliance with U.S. Export Control Laws.


U.S. Export Control laws and U.S. Government Department of Defense contracts and sub-contracts impose certain restrictions on companies and their ability to share export-controlled and other technology and services with certain "non-U.S. persons" (persons who are not U.S. citizens or nationals, lawful permanent residents of the U.S., refugees, "Temporary Residents" (granted Amnesty or Special Agricultural Worker provisions), or persons granted asylum (but excluding persons in nonimmigrant status such as H-1B, L-1, F-1, etc.) or non-U.S. citizens.


To comply with these laws, and in conjunction with the review of candidates for those positions within 3M that may present access to export controlled technical data, 3M must assess employees' U.S. person status, as well as citizenship(s).


The questions asked in this application are intended to assess this and will be used for evaluation purposes only.  Failure to provide the necessary information in this regard will result in our inability to consider you further for this particular position.  The decision whether or not to file or pursue an export license application is at 3M Company's sole election.



Learn more about 3M’s creative solutions to the world’s problems at or on Twitter @3M or @3MNewsroom.



3M is an equal opportunity employer.  3M  will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.


Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.


3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.


Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the terms.

Share this job:


3M touches virtually every part of your life. Our people and technology make the impossible, possible. Every day we apply our science to enhance people’s lives. This is 3M Science. Applied to Life.™ Join the conversation and tell us what #LifeWith3M means to you!

Innovation, Collaboration, Global, Diverse Career Opportunities
Visit 3M's Social Media pages:
Company Industry: Mechanical or Industrial Engineering
Company Type: Public Company
Company Size: 10,001+