Senior Threat Analyst 1

OverviewSophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the Taegis XDR/MDR, ITDR, next-gen SIEM capabilities, managed risk, and advisory services. Sophos sells these solutions through reseller partners, MSPs and MSSPs worldwide, defending more than 600,000 organizations from phishing, ransomware, data theft, and other cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and CTU. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.Role SummaryAs a Threat Analyst on our Managed Detection and Response (MDR) team, you will provide best-in-class monitoring, detection, and response services to proactively defend customer environments before attacks prevail. You will work alongside and contribute to a team of cyber threat hunters, incident response analysts, engineers, and ethical hackers by using enterprise, log analysis and endpoint collection systems to facilitate investigations, identification, and neutralization of cyber threats.ShiftMonday to Friday, from 2 pm to 10:30 pm EasternWhat You Will DoMonitor, investigate, and respond to alerts generated by the Sophos security stack (including EDR/XDR capabilities)Lead and mentor Tier I Analysts through escalated cases, ensuring thorough and accurate investigation practicesPerform end-to-end analysis on suspicious activity to assess scope, impact, and riskIdentify and respond to cyber threats across customer environments using approved playbooks and toolingAccurately document findings, investigative steps, and outcomes in the MDR case management platformConduct threat hunting to identify potential threats throughout the MDR customer baseInvestigate phishing emails, suspicious binaries, and behavioral anomaliesSupport detection tuning by identifying recurring false positives and suggesting improvementsStay informed on threat actor behaviors, MITRE ATT&CK techniques, and Sophos threat research updatesProactively research emerging IOCs, active exploits, and vulnerabilities to stay ahead of evolving threatsContribute to internal knowledge bases, documentation, and continuous improvement initiativesParticipate in shift rotations and ensure timely, detailed handovers between global teamsProvide detection and response support for active security incidentsManage case workflows: create cases, track progress, and follow up with clients until resolutionEngage with clients via chat, phone, and tickets as part of case handlingAssist with developing and refining Security Operations processes, playbooks, and tooling feedbackWhat You Will Bring5+ years of experience working in a SOC environment or computer security team in an IT environmentEndpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experienceThreat hunting experience preferredKnowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasionKnowledge of Mitre ATT&CK framework preferredWorking knowledge of incident response proceduresExperience with SQL query construction preferredExperience with OSQuery is a plusExperience administering and supporting Windows OS (workstations and servers) and one of Apple or Linux-based operating systemsFundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocolsStrong understanding of Windows event log analysisExperience with enterprise information security data management - SIEM experience a plusProgramming and scripting skills - proficient knowledge of PowerShell is a plusExcellent troubleshooting and analytical thinking skillsStrong documentation and communication skillsAdvanced Cyber Security certifications preferred but not requiredExcellent customer service skillsPassion for information technology and information securityNatural curiosity and ability to learn quicklyAbility to think outside the box; innovative mindsetWillingness to participate in shift work including nights and holidaysCompensation and Benefits (Canada)In Canada, the base salary for this role ranges from $86,000 to $143,000. In addition to base salary, we offer bonus eligibility and a comprehensive benefits package. A candidate’s specific pay within this range depends on factors such as job-related skills, location, experience, education, certifications, and business needs.What’s Great About Sophos· Sophos operates a remote-first working model; some roles may require hybrid work. Applicants must have legal authorization to work in the posted jurisdiction without employer sponsorship.· Our people – we innovate and have fun; diverse perspectives are valued· Employee-led diversity and inclusion networks, charitable initiatives, and volunteer days· Global sustainability efforts, wellness days, and ongoing wellbeing programs· Global fitness and trivia competitions· Global wellbeing webinars and trainingOur Commitment To YouWe’re committed to equality of opportunity and a diverse, inclusive environment. All applicants will be treated fairly and in accordance with the law regardless of gender, sex, gender identity, race, religion or belief, color, age, veteran status, disability, pregnancy, maternity or sexual orientation. If any recruitment adjustments are needed, please let us know.Data ProtectionIf you share your CV or personal details, Sophos will hold them for 12 months in accordance with our Privacy Policy and may contact you regarding this or other opportunities. To delete or update your details, follow the steps in the Privacy Policy. #J-18808-Ljbffr