Broxer
Join
Sophos

Threat Analyst 2

Sophos

Remote · Full Time

Be the first to apply

Experience
3+ yrs
Salary
USD 66,000 – USD 110,000 / year
Openings
1
Posted
3 days ago

Job description

About the Company

Sophos is a global cybersecurity company that protects 600,000 organizations with an AI-powered security platform backed by expert-led services. The company helps businesses at different stages of security maturity strengthen their defenses against cyberattacks through machine learning, automation, live threat intelligence, and human expertise from Sophos X-Ops.

Its offerings include managed detection and response (MDR), endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-generation SIEM. These are supported by advisory services that help organizations lower risk, gain better visibility, and respond more quickly to threats.

Sophos works through a global partner network that includes MSPs, MSSPs, resellers, distributors, marketplace integrations, and cyber risk partners. The company is headquartered in Oxford, U.K.

Role Overview

This position sits within the Managed Detection and Response (MDR) team and focuses on monitoring, detection, and response to help protect customer environments before attacks can succeed. The role involves working with cyber threat hunters, incident response analysts, engineers, and ethical hackers, using enterprise tools, log analysis, and endpoint collection systems to investigate, identify, and contain cyber threats.

The shift for this role is 4 PM to 1 AM EST.

Key Responsibilities

  • Review security logs and event data using Sophos tools to spot suspicious activity and ongoing threats.
  • Assess and respond to cyber incidents affecting customer environments.
  • Share investigation results clearly with both technical teams and senior business stakeholders.
  • Keep customers updated through to resolution and provide practical recommendations to reduce future risk.
  • Handle incoming customer requests and communicate with customers across different channels.
  • Work closely with internal security, response, and operations teams.
  • Track new indicators of compromise, attack methods, exploits, and vulnerabilities, and turn that research into actionable protections for customers.

Requirements

  • Willingness to work outside standard business hours, including weekends and holidays, since the service operates 24/7/365.
  • Strong troubleshooting and analytical thinking skills, including the ability to approach problems creatively.
  • A customer-focused mindset with excellent written and spoken communication skills.
  • Ability to perform well both independently and as part of a team.
  • Strong interest in information technology and cybersecurity.
  • Quick learner with natural curiosity and an eagerness to build new skills.
  • Innovative approach and motivation to contribute to a high-quality cybersecurity service.
  • At least 3 years of experience in a SOC or computer security team within an IT environment.
  • Hands-on experience with threat hunting.
  • Experience monitoring endpoint and network security.
  • Experience administering and supporting Windows operating systems on workstations and servers, plus Apple or Linux systems.
  • Understanding of common adversary methods such as obfuscation, persistence, and defense evasion.
  • Working knowledge of the MITRE ATT&CK framework.
  • Familiarity with incident response processes.
  • Basic knowledge of network traffic analysis, including TCP/IP, routing, switching, and related protocols.
  • Basic knowledge of Windows event log analysis.
  • Preferred experience with SQL query writing, OSQuery, SIEM platforms, and PowerShell scripting.

Compensation and Benefits

The base salary in Canada for this role is between $66,000 and $110,000. In addition to base pay, the role includes bonus eligibility and a comprehensive benefits package. Actual compensation will depend on job-related skills, training, location, experience, education, certifications, and business needs.

Remote Work and Work Culture

Sophos follows a remote-first model, which means remote work is the primary setup for most employees, although some roles may require a hybrid arrangement. Candidates must be legally authorized to work in the country where the role is posted and must not require employer sponsorship.

The company emphasizes diverse perspectives, employee-led inclusion networks, volunteer and charity initiatives, sustainability efforts, fitness and trivia competitions, wellbeing days, and monthly wellbeing sessions.

Equal Opportunity and Hiring Practices

Sophos is committed to equal opportunity and a fair hiring process. Applicants from all backgrounds are encouraged to apply, and reasonable adjustments can be requested to support participation in the recruitment process.

Data Handling and AI Use

If you share your CV or personal details during the application process, Sophos may retain that information for 12 months in line with its privacy practices and use it for this role or other relevant opportunities. The company also notes that AI tools may assist with parts of the hiring process, such as application review and resume analysis, but final hiring decisions are made by people.

Skills

Customer Communication Incident Response MITRE ATT&CK PowerShell Threat Hunting Windows Administration Network Traffic Analysis Security Log Analysis SIEM Monitoring Cyber Threat Intelligence Endpoint Security Monitoring Analytical Troubleshooting

Leave it if you'd like a reply — we won't use it for anything else.

Click to browse, drag & drop, or paste a screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Max 20MB each · Up to 5 files