Monitor, investigate, and respond to alerts generated by the Sophos security stack (including EDR/XDR capabilities)
Lead and mentor Tier I Analysts through escalated cases, ensuring thorough and accurate investigation practices.
Perform end-to-end analysis on suspicious activity to assess scope, impact, and risk
Identify and respond to cyber threats across customer environments using approved playbooks and tooling
Accurately document findings, investigative steps, and outcomes in the MDR case management platform
Conduct threat hunting to identify potential threats throughout the MDR customer base
Investigate phishing emails, suspicious binaries, and behavioral anomalies
Support detection tuning by identifying recurring false positives and suggesting improvements
Stay informed on threat actor behaviors, MITRE ATT&CK techniques, and Sophos threat research updates
Proactively research emerging IOCs, active exploits, and vulnerabilities to stay ahead of evolving threats
Contribute to internal knowledge bases, documentation, and continuous improvement initiatives
Participate in shift rotations and ensure timely, detailed handovers between global teams
Provide detection and response support for active security incidents
Manage case workflows: create cases, track progress, and follow up with clients until resolution
Engage with clients via chat, phone, and tickets as part of case handling
Assist with developing and refining Security Operations processes, playbooks, and tooling feedback
Requirements
2+ years of hands-on experience in a Security Operations Center (SOC), Managed Detection and Response (MDR) environment, or cybersecurity-focused IT role
Proficient in the use of endpoint and network security tools (e.g., EDR, IDS/IPS, malware detection platforms) with the ability to validate and triage complex alerts
Working knowledge of Windows operating systems (both workstation and server), with additional experience in Linux (Ubuntu, Debian, RedHat) or macOS environments
Ability to interpret and analyze Windows event logs and other telemetry data
Understanding of core network concepts including TCP/IP, protocols, routing, and traffic analysis
Demonstrated experience contributing to real-time incident response efforts and threat investigations
Exposure to threat hunting methodologies and an understanding of attacker behavior and patterns
Experience handling active threats, including containment, mitigation, and recovery efforts during security incidents
Familiar with techniques such as persistence, privilege escalation, lateral movement, and defense evasion, and able to identify these in real-world environments
Familiarity with common incident response workflows and security operations processes
Strong analytical thinking and troubleshooting skills, with attention to detail in investigations and case documentation
Excellent communication skills, with the ability to clearly explain findings to both technical and non-technical audiences
Customer-first mindset with professionalism and a focus on service excellence
Must thrive within a team environment as well as on an individual basis
Natural curiosity and willingness to learn in a fast-paced, ever-changing threat landscape
A passion for cybersecurity, continuous improvement, and staying current on threat trends
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field, or equivalent practical experience
Ability to communicate in English
Tech Stack
Cyber Security
Linux
MacOS
TCP/IP
Benefits
Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach.
Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
Employee-led diversity and inclusion networks that build community and provide education and advocacy
Annual charity and fundraising initiatives and volunteer days for employees to support local communities
Global employee sustainability initiatives to reduce our environmental footprint
Global fitness and trivia competitions to keep our bodies and minds sharp
Global wellbeing days for employees to relax and recharge
Monthly wellbeing webinars and training to support employee health and wellbeing