Threat Analyst 1

About Sophos

Sophos is a global leader and innovator in advanced security solutions, focused on defeating cyberattacks. Following its acquisition of Secureworks in February 2025, Sophos has become the largest pure-play Managed Detection and Response (MDR) provider, serving over 28,000 organizations. Their comprehensive portfolio includes industry-leading endpoint, network, email, and cloud security, all interoperating through the Sophos Central platform. Secureworks enhances this with its market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and extensive advisory services. Sophos distributes these solutions globally through reseller partners, Managed Service Providers (MSPs), and Managed Security Service Providers (MSSPs), protecting more than 600,000 organizations from various cybercrimes, including phishing, ransomware, and state-sponsored attacks. Their solutions are powered by the combined threat intelligence of Sophos X-Ops and the newly integrated Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K.

Role Summary: Threat Analyst 1

As a Threat Analyst 1 on the Managed Threat Response (MDR) team, you will deliver best-in-class monitoring, detection, and response services, proactively defending customer environments to prevent successful cyberattacks. You will collaborate with a diverse team of cyber threat hunters, incident response analysts, engineers, and ethical hackers. Utilizing enterprise systems, log analysis tools, and endpoint collection systems, you will facilitate investigations, identify, and neutralize cyber threats effectively. The standard shift for this role is 8 AM to 5 PM ET.

Key Responsibilities

• Investigate and analyze logs and security-related events using Sophos' proprietary tooling.
• Identify and respond to active cyber threats within customer environments.
• Communicate findings clearly and concisely to various customer audiences, including technical and executive teams.
• Follow up with customers until issue resolution, providing detailed recommendations to minimize future risks and drive continuous improvement.
• Acknowledge and fulfill inbound customer requests, interacting through diverse communication mediums.
• Collaborate and assist core security and threat response teams on complex issues.
• Actively research emerging Indicators of Compromise/Attack, exploits, and vulnerabilities, with the goal of operationalizing these findings to enhance customer protection.

What You Will Bring

• Willingness to work outside of standard business hours, including weekends and holidays, to support our 24x7x365 MDR service.
• Excellent troubleshooting and analytical skills, with a proven ability to innovate and think creatively.
• A customer service-oriented approach combined with strong written and verbal communication skills.
• Ability to thrive both independently and within a collaborative team environment.
• A genuine passion for information technology and cybersecurity.
• Natural curiosity and a quick learning aptitude for new skills.
• An innovative mindset, driven to contribute to a best-in-class cybersecurity service.
• Minimum of 2+ years of experience in a SOC environment or a computer security team within an IT environment.
• Experience with threat hunting methodologies.
• Experience with endpoint and network security monitoring.
• Proficiency in administering and supporting Windows OS (workstations and servers) and at least one of the following: Apple or Linux-based operating systems (e.g., XP, Windows 7, 2003, 2008, OS X).
• Knowledge of common adversary tactics and techniques, such as obfuscation, persistence, and defense evasion.
• Familiarity with the Mitre ATT&CK framework.
• Understanding of incident response procedures.
• Basic understanding of network traffic analysis, including TCP/IP, routing, switching, and common protocols.
• Basic understanding of Windows event log analysis.

Desirable Skills (A Plus)

• Experience with SQL query construction.
• Experience with OSQuery.
• Experience with enterprise information security data management, particularly SIEM solutions.
• Programming and scripting skills, with proficient knowledge of PowerShell.

Key skills/competency

• Cybersecurity
• Threat Detection
• Incident Response
• Log Analysis
• Network Security Monitoring
• Endpoint Security
• Mitre ATT&CK
• Windows OS
• Linux OS
• Customer Service