[Hiring] Threat Analyst 2 @Sophos

Role Description

As a MDR Enhanced Threat Analyst, your primary role will be to perform security threat analysis of various malware and web attacks, tuning a customer wide event stream consisting of events from all major security platforms and working with customers to remediate security related issues based on operational needs.

What You Will Do (Duties and Responsibilities)

• Review security-related events via cases and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information to provide customers with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations.
• Provide customers with understandable context around their security environment and threats.
• Interface with customers to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value.
• Work with customer and internal Sophos incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents.
• Use the Sophos platform to proactively hunt for and investigate activity within the customer environment.

Qualifications

• At least 3 years of experience working in a SOC environment or computer security team in an IT environment.
• Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience.
• Experience with threat hunting.
• Experience administering and supporting Windows and Unix based Operating Systems, including both workstations and servers.
• Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Strong understanding of Windows event log analysis.
• Experience with basic Python scripts (reading and understanding).
• Working knowledge of incident response procedures.
• Excellent troubleshooting and analytical thinking skills.
• Must be able to thrive within a team environment as well as on an individual basis.
• Customer service-oriented with strong documentation and communication skills.
• Passion for all things information technology and information security.
• Natural curiosity and ability to learn new skills quickly.
• Ability to think outside the box.
• Innovative mindset and driven to contribute to a team providing a best-in-class cybersecurity service.
• Bachelors in Information Technology, Computer Science or a related field; or relevant commensurate work experience.
• Willingness to participate in rotating weekend and holiday coverage (our MDR service is 24x7x365).
• Knowledge of MITRE ATT&CK framework.
• Experience with enterprise information security data management - SIEM experience.
• Experience with CQL query construction.
• Experience with OS Query Programming and scripting skills - knowledge of PowerShell.
• Relevant Cyber Security certifications (CompTIA, SANS).

Benefits

• Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach.
• While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.
• Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit.
• Employee-led diversity and inclusion networks that build community and provide education and advocacy.
• Annual charity and fundraising initiatives and volunteer days for employees to support local communities.
• Global employee sustainability initiatives to reduce our environmental footprint.
• Global fitness and trivia competitions to keep our bodies and minds sharp.
• Global wellbeing days for employees to relax and recharge.
• Monthly wellbeing webinars and training to support employee health and wellbeing.