- Lead and coordinate the response to cybersecurity incidents, including detection, containment, eradication, and recovery, while ensuring clear communication and collaboration across teams.
- Analyze logs from various sources (e.g., firewalls, SIEM, IDS/IPS, endpoint detection tools) to identify threats, investigate anomalies, and determine the scope and impact of incidents.
- Perform digital forensic investigations on compromised systems, including memory dumps, disk images, and network traffic, while preserving evidence in accordance with legal and organizational requirements.
- Use tools to quickly analyze malicious files, scripts, and executables to identify indicators of compromise (IOCs) and take necessary actions for containment, blocking, and mitigation.
- Prepare detailed incident reports, including root cause analysis, impact assessments, and recommendations for improvement, and communicate findings to stakeholders, including technical teams and management.
- Proactively identify and recommend improvements to security controls, processes, and tools to reduce the likelihood of future incidents, and conduct threat hunting activities to mitigate risks.
- Provide guidance and training to internal teams on incident response best practices and stay up-to-date with the latest cybersecurity trends, tools, and techniques.

- Degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
- 3+ years of experience in cybersecurity, with a focus on incident response, digital forensics, or threat detection.
- Strong knowledge of security tools and technologies, such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability scanners.
- Proficiency in log analysis and familiarity with log formats (e.g., syslog, Windows Event Logs).
- Hands-on experience with Incident Response (IR) processes and methodologies.
- Familiarity with scripting and automation (e.g., Python, PowerShell, Bash) to streamline incident response processes.
- Strong sense of ownership and responsibility.
- Excellent problem-solving, analytical, and communication skills.
- Ability to work under pressure and handle multiple incidents simultaneously.
Other Qualifications:
- Relevant certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), or Certified Ethical Hacker (CEH).
- Experience handling escalated cases from a Security Operations Center (SOC).
- Hands-on experience with forensic tools (e.g., EnCase, FTK, Volatility) and malware analysis tools (e.g., Cuckoo Sandbox, VirusTotal).
- Experience with cloud security and incident response in cloud environments (e.g., AWS, Azure, Google Cloud).
- Knowledge of MITRE ATT&CK framework and its application in threat detection and response.
- Fluent in Japanese.