
Incident Response Lead – Threat Intelligence
Posted 1 day ago

Posted 1 day ago
This is a fully remote position, open to applicants in Japan.
• Lead assigned projects, assisting clients by investigating, containing, and responding to cyber incidents, particularly in high-pressure and challenging situations. Note that work hours may occasionally differ from the norm.
• Conduct incident response investigations, containment, and root cause analysis across multiple platforms including Windows, Mac, and Linux/Unix.
• Utilize Sophos tools to perform extensive investigations and verify evidence from endpoints and networks.
• Oversee the entire client project and lead communication with senior stakeholders at the client’s organization.
• Collaborate with other internal teams to prioritize tasks as part of the incident response process.
• Provide effective reporting to Sophos senior management regarding client-related situations and concerns.
• Present high-quality documentation and verbal reports, recommendations, and findings to client stakeholders.
• Identify and categorize the TTP (tactics, techniques, and procedures) of attackers to inform current and future investigations and tool enhancements.
• Work with SophosLabs, the security team, and the IT team to implement corrective action plans in response to security incidents.
• Stay updated on the latest cybersecurity tools and threat trends, providing appropriate advice to clients.
• Serve as the primary contact for the internal threat intelligence team to reflect up-to-date information about attackers' tactics, techniques, and infrastructure in investigations and client deliverables, enhancing response strategies.
• Transform complex threat intelligence into clear and actionable insights for clients, aiding decision-making and improving their overall security posture by presenting trends, attacker behaviors, and potential attack scenarios.
• Proficiency in Japanese.
• Flexibility to respond to client incident needs outside of regular business hours, including weekends, holidays, and public holidays.
• Over 5 years of experience leading systematic incident response investigations within organizations, specifically targeting threats that impact client environments.
• Experience with the use of Encase, FTK, X-Ways, CYLR, Autopsy, Magnet Forensics, or one or more open-source forensic tools.
• Experience conducting forensic investigations within a Microsoft 365 environment.
• Deep understanding of security threats, vulnerabilities, and "Living off the Land" techniques.
• Ability to perform exceptionally well both as part of a team and individually.
• Demonstrated strong leadership in challenging situations while maintaining a professional, calm, and expert demeanor.
• Capability to leverage the strengths and skills of each team member to successfully manage incident response.
• Advanced technical understanding of modern threats, TTP (tactics, techniques, procedures), and the MITRE ATT&CK framework.
• Excellent report writing and communication skills.
• Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach.
• Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit.
• Employee-led diversity and inclusion networks that build community and provide education and advocacy.
• Annual charity and fundraising initiatives and volunteer days for employees to support local communities.
• Global employee sustainability initiatives to reduce our environmental footprint.
• Global fitness and trivia competitions to keep our bodies and minds sharp.
• Global wellbeing days for employees to relax and recharge.
• Monthly wellbeing webinars and training to support employee health and wellbeing.
FlexPoint
True Footage
Division of Student Life at the University of Tennessee, Knoxville
Get handpicked remote jobs straight to your inbox weekly.