Threat Analyst 1

Related keywords: cyber security remote jobremote job data analystanalyst remote job

About Sophos

Sophos is a global leader and innovator in advanced security solutions, specifically designed to defend against cyberattacks. Acquiring Secureworks in February 2025 has solidified their position as the largest pure play Managed Detection and Response (MDR) provider, protecting over 28,000 organizations worldwide. Their comprehensive portfolio caters to various security domains, including endpoint, network, email, and cloud security, all facilitated through the Sophos Central platform. Sophos uses cutting-edge technology powered by historical and real-time threat intelligence, which strengthens their offerings and enhances customer protection against a variety of cyber threats.

Role Summary

The position of Threat Analyst 1 is part of the MDR team, where the hired candidate will offer monitoring, detection, and response services, emphasizing proactive defense against potential attacks on customer environments. The job entails collaborating with cybersecurity professionals including cyber threat hunters, incident response analysts, engineers, and ethical hackers to facilitate investigations and mitigate cyber threats. This role is primarily focused on using log analysis and endpoint collection systems to counteract threats effectively.

Responsibilities

The main responsibilities of a Threat Analyst 1 include:

• Monitoring, investigating, and responding to alerts generated by the Sophos security stack, which includes EDR/XDR capabilities.
• Performing thorough analyses on suspicious activity to evaluate the scope, impact, and potential risks.
• Identifying and responding to cyber threats across various customer environments, utilizing approved playbooks and tools.
• Documenting findings, investigative steps, and outcomes meticulously within the MDR case management platform.
• Engaging in threat hunting to locate potential threats across the MDR customer base.
• Investigating phishing emails, anomalous behavior, and suspicious binaries.
• Supporting detection tuning by addressing recurring false positives and suggesting improvements.
• Keeping abreast of activities by threat actors and updates in the MITRE ATT&CK techniques and Sophos threat research data.
• Proactively researching emerging Indicators of Compromise (IOCs), active exploits, and vulnerabilities to adapt to evolving threats.
• Contributing to the internal knowledge base and documentation.
• Managing case workflows and providing consistent communication with clients.

Required Skills

Candidates applying for this role should have:

• At least 1 year of experience in a Security Operations Center (SOC) or a cyber-focused IT role.
• Familiarity with security tools including endpoint and network security software (EDR, IDS/IPS).
• Proficient knowledge of Windows operating systems, and ideally some experience with Linux or macOS.
• Skills in analyzing and interpreting Windows event logs and telemetry.
• Understanding of core networking principles like TCP/IP and traffic analysis.
• Exposure to threat hunting methodologies and attacker behavior recognition.
• Familiarity with incident response workflows and security operations processes.
• Strong analytical skills and attention to detail for accurate documentation.
• Excellent communication skills, conveying findings effectively to both technical and non-technical audiences.
• A degree in Information Technology, Computer Science, Cybersecurity, or a related field is essential, or equivalent practical experience.

Candidates are expected to work primarily from 0630 to 1500 JST with flexibility to adapt based on business needs and be willing to engage in rotating weekend and holiday coverage.

Desirable Skills

While the following skills are not mandatory, they would enhance a candidate's application:

• Familiarity with the MITRE ATT&CK framework.
• Experience working with SIEM platforms.
• Ability to write SQL queries for data analysis and evaluation.
• Experience with OSQuery and scripting, particularly in PowerShell.
• Relevant cybersecurity certifications such as GSEC, GCIA, GCIH, etc.

Company Culture

Sophos fosters an environment that embraces diverse perspectives, emphasizing teamwork and innovation. They operate under a remote-first working model. While most roles allow remote work, some may require a hybrid approach.

Employees partake in various initiatives such as annual charity events, global wellness days, fitness competitions, and webinars aimed at promoting health and well-being. Sophos values diversity and is committed to providing equal opportunities irrespective of gender, ethnicity, or background.

Overall, this role presents a unique opportunity for candidates passionate about cybersecurity, with a strong desire to defend against today's cyber threats in a forward-thinking organization. Sophos encourages applicants to apply, even if they don't meet every requirement listed in the job description.

This job offer was originally published on himalayas.app