Sophos

Threat Analyst

Sophos

full-time

Posted on:

Location Type: Remote

Location: Romania

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber SecurityLinuxMacOSTCP/IP

About the role

  • Monitor, investigate, and respond to alerts generated by the Sophos security stack (including EDR/XDR capabilities).
  • Lead and mentor Tier I Analysts through escalated cases, ensuring thorough and accurate investigation practices.
  • Perform end-to-end analysis on suspicious activity to assess scope, impact, and risk.
  • Identify and respond to cyber threats across customer environments using approved playbooks and tooling.
  • Accurately document findings, investigative steps, and outcomes in the MDR case management platform.
  • Conduct threat hunting to identify potential threats throughout the MDR customer base.
  • Investigate phishing emails, suspicious binaries, and behavioral anomalies.
  • Support detection tuning by identifying recurring false positives and suggesting improvements.
  • Stay informed on threat actor behaviors, MITRE ATT&CK techniques, and Sophos threat research updates.
  • Proactively research emerging IOCs, active exploits, and vulnerabilities to stay ahead of evolving threats.
  • Contribute to internal knowledge bases, documentation, and continuous improvement initiatives.
  • Participate in shift rotations and ensure timely, detailed handovers between global teams.
  • Provide detection and response support for active security incidents.
  • Manage case workflows: create cases, track progress, and follow up with clients until resolution.
  • Engage with clients via chat, phone, and tickets as part of case handling.
  • Assist with developing and refining Security Operations processes, playbooks, and tooling feedback.

Requirements

  • 2+ years of hands-on experience in a Security Operations Center (SOC), Managed Detection and Response (MDR) environment, or cybersecurity-focused IT role.
  • Proficient in the use of endpoint and network security tools (e.g., EDR, IDS/IPS, malware detection platforms) with the ability to validate and triage complex alerts.
  • Working knowledge of Windows operating systems (both workstation and server), with additional experience in Linux (Ubuntu, Debian, RedHat) or macOS environments.
  • Ability to interpret and analyze Windows event logs and other telemetry data.
  • Understanding of core network concepts including TCP/IP, protocols, routing, and traffic analysis.
  • Demonstrated experience contributing to real-time incident response efforts and threat investigations.
  • Exposure to threat hunting methodologies and an understanding of attacker behavior and patterns.
  • Experience handling active threats, including containment, mitigation, and recovery efforts during security incidents.
  • Familiar with techniques such as persistence, privilege escalation, lateral movement, and defense evasion, and able to identify these in real-world environments.
  • Familiarity with common incident response workflows and security operations processes.
  • Strong analytical thinking and troubleshooting skills, with attention to detail in investigations and case documentation.
  • Excellent communication skills, with the ability to clearly explain findings to both technical and non-technical audiences.
  • Customer-first mindset with professionalism and a focus on service excellence.
  • Must thrive within a team environment as well as on an individual basis.
  • Natural curiosity and willingness to learn in a fast-paced, ever-changing threat landscape.
  • A passion for cybersecurity, continuous improvement, and staying current on threat trends.
  • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field, or equivalent practical experience.
  • Ability to communicate in English.
  • Willingness to participate in rotating shift work including nights, weekends and holidays (our MDR service is 24x7x365).
Benefits
  • Sophos operates a remote-first working model, making remote work the primary option for most employees.
  • Employee-led diversity and inclusion networks that build community and provide education and advocacy.
  • Annual charity and fundraising initiatives and volunteer days for employees to support local communities.
  • Global employee sustainability initiatives to reduce our environmental footprint.
  • Global fitness and trivia competitions to keep our bodies and minds sharp.
  • Global wellbeing days for employees to relax and recharge.
  • Monthly wellbeing webinars and training to support employee health and wellbeing.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
EDRXDRmalware detectionWindows operating systemsLinuxTCP/IPthreat huntingincident responsecase managementbehavioral analysis
Soft skills
analytical thinkingtroubleshootingcommunicationcustomer serviceteamworkattention to detailcuriosityprofessionalismservice excellenceadaptability