​
Language - English , Japanes
*Fluency in both languages is must*
Incident Response (IR) – Level-wise Responsibilities
*Location* Brea- California, Tempe- Arizona , Jersey City -New Jersey
🔹 L1 – Incident Response Analyst (Junior IR / Triage Support)
Primary Focus:
Initial incident intake, enrichment, and support to IR team
Responsibilities
• Receive and validate escalated incidents from SOC (L1/L2)
• Perform initial incident scoping:
• Identify affected users, endpoints, IPs
• Enrich incidents using:
• Threat intel (VirusTotal, AbuseIPDB)
• Basic log analysis (SIEM queries)
• Collect and preserve initial evidence:
• Logs, alerts, screenshots, email headers
• Execute basic containment steps (as per playbooks):
• Disable user accounts
• Block IP/domain
• Maintain incident timelines and documentation
• Support L2 in investigation and data gathering
Key Deliverables
• Incident intake reports
• Evidence collection (forensics-ready)
• Accurate documentation
⸻
🔹 L2 – Incident Response Analyst (Core IR / Investigation & Containment)
Primary Focus:
End-to-end incident investigation, containment, and eradication
Responsibilities
• Lead incident investigation lifecycle:
• Identification → Containment → Eradication → Recovery
• Perform deep log and endpoint analysis:
• SIEM (KQL/SPL queries)
• EDR telemetry (process, registry, persistence)
• Identify:
• Initial access vector (phishing, exploit, brute force)
• Lateral movement and persistence mechanisms
• Execute containment:
• Host isolation
• IOC blocking
• Credential resets
• Conduct root cause analysis (RCA)
• Map attack behavior to MITRE ATT&CK techniques
• Coordinate with IT teams for remediation
• Validate that threat is fully eradicated
• Prepare detailed incident reports
Key Deliverables
• RCA reports
• Containment & eradication confirmation
• MITRE-mapped attack analysis
⸻
🔹 L3 – Senior Incident Responder (Advanced IR / Threat & Forensics)
Primary Focus:
Advanced forensics, complex attack handling, and strategic response
Responsibilities
• Lead critical/complex incidents (ransomware, APT, data breach)
• Perform advanced digital forensics:
• Disk forensics (Autopsy, FTK)
• Memory analysis (Volatility)
• Conduct malware analysis:
• Static (strings, hashes, signatures)
• Dynamic (sandbox behavior analysis)
• Trace full attack lifecycle:
• Initial access → privilege escalation → lateral movement → exfiltration
• Perform threat hunting post-incident
• Develop:
• Detection rules (SIEM/EDR)
• IR playbooks and response strategies
• Integrate and operationalize threat intelligence
• Interface with:
• CERT teams
• Legal/compliance (for breach reporting)
• Lead post-incident review (PIR) and lessons learned
Key Deliverables
• Forensic analysis reports
• Malware analysis reports
• Strategic detection improvements