Senior Threat Analyst
Sophos
About UsSophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.
Role Summary As a Senior Threat Analyst in our MDR team, you will be on the frontlines of the cyber fight, hunting, detecting and shutting down adversaries before they gain ground. You will work across endpoint, network, log data and integrations, exposing attacker tradecraft and neutralizing threats in real time. This is not a backseat role. You will be part of a tight-knit, high-performing team, leading complex investigations, sharpening our detection arsenal and pushing the limits of how we defend customers. You will mentor rising analysts, strengthen MDR processes and act as a trusted voice for clients when the pressure is on. If you thrive on outsmarting adversaries, owning the fight and having your team’s back in every battle, this is where you belong.What You Will DoLead escalations from Tier I and II Analysts, guiding investigations and ensuring accurate, timely responseDrive proactive threat hunting across the MDR customer base to uncover emerging threatsPerform full-scope Incident Response and management of critical security eventsMentor and onboard new Threat Analysts, building skills and strengthening the teamDetect, investigate, and respond to security events and advanced cyber threatsAnalyze and monitor logs, endpoint telemetry, and integrated security systemsTrack, document, and manage cases from initial detection through to customer communication and threat neutralizationEngage directly with customers through multiple channels, providing expert guidance under pressureContribute to process improvement and help shape MDR operational playbooksCollaborate with engineering, threat intelligence, and response teams to enhance overall defensesDeliver metrics and reporting on threat activity, detection trends, and situational awarenessStay ahead of the curve by researching new attacker tactics, exploits, and vulnerabilitiesWhat You Will Bring5+ years of experience in SOC operations, incident response, or threat hunting, with proven ability to handle high-severity incidentsStrong knowledge of endpoint and network security technologies (IDS, IPS, EDR, ATP, malware defenses, integrations) and their use in investigationsSolid experience in threat hunting and identifying adversary tradecraft across customer environmentsGood understanding of adversary TTPs including persistence, evasion, obfuscation, and living-off-the-land techniquesStrong skills in network traffic analysis, with the ability to identify anomalies across TCP/IP, routing, switching, and protocolsProficient in Windows event log analysis and incident response procedures from triage to containmentExcellent troubleshooting and analytical skills to solve complex problems quicklyExperience mentoring and supporting junior analysts, encouraging growth and developing operational maturityAbility to collaborate with engineering and detection teams to improve detection content, tuning, and operational playbooksStrong communication skills with the confidence to act as a trusted advisor for customers during investigationsPassion for learning, curiosity to stay ahead of adversary tactics, and a mindset for contributing to MDR improvementsBachelor’s degree in Information Technology, Computer Science, or related field; or equivalent work experienceFlexibility to participate in rotating coverage, including weekends and holidays, in a 24x7x365 operation
DesirableExperience leading or contributing to threat hunts or purple team exercisesKnowledge of the MITRE ATT&CK framework and its use in detection development and assessmentFamiliarity with SIEM platforms, enterprise-scale log management, and query constructionExperience with SQL, OSQuery, and scripting/automation (PowerShell, Python, etc.)Exposure to cloud, container, or hybrid security environments#LI-FC1#B2#LI-Remote
Ready to Join Us?At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.
What's Great About Sophos?· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit· Employee-led diversity and inclusion networks that build community and provide education and advocacy· Annual charity and fundraising initiatives and volunteer days for employees to support local communities· Global employee sustainability initiatives to reduce our environmental footprint· Global fitness and trivia competitions to keep our bodies and minds sharp· Global wellbeing days for employees to relax and recharge · Monthly wellbeing webinars and training to support employee health and wellbeing
Our Commitment To YouWe’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.
Data ProtectionIf you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy
Role Summary As a Senior Threat Analyst in our MDR team, you will be on the frontlines of the cyber fight, hunting, detecting and shutting down adversaries before they gain ground. You will work across endpoint, network, log data and integrations, exposing attacker tradecraft and neutralizing threats in real time. This is not a backseat role. You will be part of a tight-knit, high-performing team, leading complex investigations, sharpening our detection arsenal and pushing the limits of how we defend customers. You will mentor rising analysts, strengthen MDR processes and act as a trusted voice for clients when the pressure is on. If you thrive on outsmarting adversaries, owning the fight and having your team’s back in every battle, this is where you belong.What You Will DoLead escalations from Tier I and II Analysts, guiding investigations and ensuring accurate, timely responseDrive proactive threat hunting across the MDR customer base to uncover emerging threatsPerform full-scope Incident Response and management of critical security eventsMentor and onboard new Threat Analysts, building skills and strengthening the teamDetect, investigate, and respond to security events and advanced cyber threatsAnalyze and monitor logs, endpoint telemetry, and integrated security systemsTrack, document, and manage cases from initial detection through to customer communication and threat neutralizationEngage directly with customers through multiple channels, providing expert guidance under pressureContribute to process improvement and help shape MDR operational playbooksCollaborate with engineering, threat intelligence, and response teams to enhance overall defensesDeliver metrics and reporting on threat activity, detection trends, and situational awarenessStay ahead of the curve by researching new attacker tactics, exploits, and vulnerabilitiesWhat You Will Bring5+ years of experience in SOC operations, incident response, or threat hunting, with proven ability to handle high-severity incidentsStrong knowledge of endpoint and network security technologies (IDS, IPS, EDR, ATP, malware defenses, integrations) and their use in investigationsSolid experience in threat hunting and identifying adversary tradecraft across customer environmentsGood understanding of adversary TTPs including persistence, evasion, obfuscation, and living-off-the-land techniquesStrong skills in network traffic analysis, with the ability to identify anomalies across TCP/IP, routing, switching, and protocolsProficient in Windows event log analysis and incident response procedures from triage to containmentExcellent troubleshooting and analytical skills to solve complex problems quicklyExperience mentoring and supporting junior analysts, encouraging growth and developing operational maturityAbility to collaborate with engineering and detection teams to improve detection content, tuning, and operational playbooksStrong communication skills with the confidence to act as a trusted advisor for customers during investigationsPassion for learning, curiosity to stay ahead of adversary tactics, and a mindset for contributing to MDR improvementsBachelor’s degree in Information Technology, Computer Science, or related field; or equivalent work experienceFlexibility to participate in rotating coverage, including weekends and holidays, in a 24x7x365 operation
DesirableExperience leading or contributing to threat hunts or purple team exercisesKnowledge of the MITRE ATT&CK framework and its use in detection development and assessmentFamiliarity with SIEM platforms, enterprise-scale log management, and query constructionExperience with SQL, OSQuery, and scripting/automation (PowerShell, Python, etc.)Exposure to cloud, container, or hybrid security environments#LI-FC1#B2#LI-Remote
Ready to Join Us?At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.
What's Great About Sophos?· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit· Employee-led diversity and inclusion networks that build community and provide education and advocacy· Annual charity and fundraising initiatives and volunteer days for employees to support local communities· Global employee sustainability initiatives to reduce our environmental footprint· Global fitness and trivia competitions to keep our bodies and minds sharp· Global wellbeing days for employees to relax and recharge · Monthly wellbeing webinars and training to support employee health and wellbeing
Our Commitment To YouWe’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.
Data ProtectionIf you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy
Confirmar seu email: Enviar Email
Todos os Empregos de Sophos