Threat Analyst 2 (Japan)

About Us

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

As a Threat Analyst - Tier II on our Managed Detection and Response (MDR) team, you will provide best-in-class monitoring, detection, and response services to proactively defend customer environments before attacks prevail. You will work alongside and contribute to a team of cyber threat hunters, incident response analysts, engineers, and ethical hackers by using enterprise, log analysis and endpoint collection systems to facilitate investigations, identification, and neutralization of cyber threats.

マネージド検知および対応（MDR）チームの**脅威アナリスト（Tier II）**として、攻撃が成功する前にお客様の環境を積極的に防御するため、最高水準の監視、検知、対応サービスを提供していただきます。

サイバー脅威ハンター、インシデント対応アナリスト、エンジニア、エシカルハッカーと連携し、エンタープライズ向けのログ分析やエンドポイント収集システムを活用して、調査、脅威の特定、無力化を行います。

この役割は、サイバーセキュリティの最前線で活躍し、組織の安全を守る重要なポジションです。

詳細については、以下のリンクをご参照ください。

• Monitor, investigate, and respond to alerts generated by the Sophos security stack (including EDR/XDR capabilities)
• Lead and mentor Tier I Analysts through escalated cases, ensuring thorough and accurate investigation practices.
• Perform end-to-end analysis on suspicious activity to assess scope, impact, and risk
• Identify and respond to cyber threats across customer environments using approved playbooks and tooling
• Accurately document findings, investigative steps, and outcomes in the MDR case management platform
• Conduct threat hunting to identify potential threats throughout the MDR customer base
• Investigate phishing emails, suspicious binaries, and behavioral anomalies
• Support detection tuning by identifying recurring false positives and suggesting improvements
• Stay informed on threat actor behaviors, MITRE ATT&CK techniques, and Sophos threat research updates
• Proactively research emerging IOCs, active exploits, and vulnerabilities to stay ahead of evolving threats
• Contribute to internal knowledge bases, documentation, and continuous improvement initiatives
• Participate in shift rotations and ensure timely, detailed handovers between global teams
• Provide detection and response support for active security incidents
• Manage case workflows: create cases, track progress, and follow up with clients until resolution
• Engage with clients via email, phone, and tickets as part of case handling
• Assist with developing and refining Security Operations processes, playbooks, and tooling feedback

• ソフォスのセキュリティスタック（EDR/XDR 機能を含む）から生成されるアラートの監視、調査、対応
• エスカレーションされたケースを通じて、Tier I アナリストを指導し、徹底的かつ正確な調査を実施する。
• 疑わしい活動に関するエンドツーエンドの分析を実施し、範囲、影響、リスクを評価する
• 承認済みのプレイブックとツールを使用して、顧客環境全体のサイバー脅威を特定し、対応する
• MDR ケース管理プラットフォームにおいて、調査結果、調査手順、結果を正確に文書化する
• MDR の顧客ベース全体を通して潜在的な脅威を特定する脅威ハンティングを実施する
• フィッシングメール、不審なバイナリ、行動異常の調査
• 繰り返される誤検知を特定し、改善策を提案することで、検知のチューニングをサポート
• 脅威要因の行動、MITRE ATT&CK テクニック、ソフォスの脅威リサーチアップデートに関する情報を常に入手
• 新たな IOC、アクティブなエクスプロイト、脆弱性を積極的に調査し、進化する脅威に先手を打つ
• 社内のナレッジベース、ドキュメント、継続的な改善イニシアティブに貢献する
• シフトローテーションに参加し、グローバルチーム間のタイムリーで詳細な引継ぎを確実に行う
• アクティブなセキュリティインシデントの検出と対応サポートを提供する
• ケースのワークフローを管理する：ケースを作成し、進捗を追跡し、解決までクライアントをフォローする
• ケース処理の一環として、電子メール、電話、チケットを介してクライアントに関与する
• セキュリティ運用プロセス、プレイブック、ツールの開発および改良を支援する フィードバック

• 2+ years of hands-on experience in a Security Operations Center (SOC), Managed Detection and Response (MDR) environment, or cybersecurity-focused IT role
• Proficient in the use of endpoint and network security tools (e.g., EDR, IDS/IPS, malware detection platforms) with the ability to validate and triage complex alerts
• Working knowledge of Windows operating systems (both workstation and server), with additional experience in Linux (Ubuntu, Debian, RedHat) or macOS environments
• Ability to interpret and analyze Windows event logs and other telemetry data
• Understanding of core network concepts including TCP/IP, protocols, routing, and traffic analysis
• Demonstrated experience contributing to real-time incident response efforts and threat investigations
• Exposure to threat hunting methodologies and an understanding of attacker behavior and patterns
• Experience handling active threats, including containment, mitigation, and recovery efforts during security incidents
• Familiar with techniques such as persistence, privilege escalation, lateral movement, and defense evasion, and able to identify these in real-world environments
• Familiarity with common incident response workflows and security operations processes
• Strong analytical thinking and troubleshooting skills, with attention to detail in investigations and case documentation
• Excellent communication skills, with the ability to clearly explain findings to both technical and non-technical audiences
• Customer-first mindset with professionalism and a focus on service excellence
• Must thrive within a team environment as well as on an individual basis
• Natural curiosity and willingness to learn in a fast-paced, ever-changing threat landscape
• A passion for cybersecurity, continuous improvement, and staying current on threat trends
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field, or equivalent practical experience
• Willingness to work from 0630 to 1500 JST, with the flexbility to adjust to business requirements.
• Willingness to participate in rotating weekend and holiday coverage (our MDR service is 24x7x365)

• セキュリティ・オペレーション・センター（SOC）、マネージド・ディテクション・アンド・レスポンス（MDR）環境、またはサイバーセキュリティに特化した IT 部門における 2 年以上の実務経験
• エンドポイントおよびネットワーク・セキュリティ・ツール（例．EDR、IDS/IPS、マルウェア検出プラットフォーム）の使用に習熟しており、複雑なアラートを検証し、トリアージする能力を有すること
• Windows オペレーティングシステム（ワークステーションとサーバーの両方）の実務知識があり、Linux（Ubuntu、Debian、RedHat）または macOS 環境での経験もあること
• Windows イベントログおよびその他の遠隔測定データを解釈し、分析する能力を有すること
• TCP/IP、プロトコル、ルーティング、トラフィック分析を含むコアネットワークの概念を理解していること。
• リアルタイムのインシデントレスポンス活動や脅威の調査に貢献した実証済みの経験
• 脅威ハンティングの方法論に触れ、攻撃者の行動やパターンを理解する
• セキュリティインシデント発生時の封じ込め、緩和、復旧活動など、能動的な脅威を扱った経験
• 永続性、特権の昇格、横移動、防御回避などの技術に精通し、実環境でこれらを特定できる
• 一般的なインシデントレスポンスのワークフローやセキュリティ運用プロセスに精通している。
• 強力な分析思考とトラブルシューティング能力を有し、調査や案件の文書化において細部にまで注意を払う
• 優れたコミュニケーション能力を有し、技術的な聴衆と非技術的な聴衆の両方に調査結果を明確に説明する能力を有する
• プロフェッショナリズムと卓越したサービスに焦点を当てた顧客第一の考え方
• 個人ベースだけでなく、チーム環境内でも成功しなければならない
• ペースが速く、常に変化する脅威の状況において、自然な好奇心と学習意欲
• サイバーセキュリティ、継続的な改善、および脅威のトレンドに関する最新情報の入手に対する情熱
• 情報技術、コンピューターサイエンス、サイバーセキュリティ、または関連分野の学士号取得者、または同等の実務経験
• 日本時間0630-1500の勤務が可能で、ビジネス要件に柔軟に対応できること。
• 土日祝日のローテーション勤務が可能な方（MDRサービスは24時間365日体制です。）

#LI-FC1

#B1

#LI-Remote

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back –we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos