Senior Threat Analyst

About Us

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at

Role Summary

As a Senior Threat Analyst in our MDR team, you will be on the frontlines of the cyber fight, hunting, detecting and shutting down adversaries before they gain ground. You will work across endpoint, network, log data and integrations, exposing attacker tradecraft and neutralizing threats in real time.

This is not a backseat role. You will be part of a tight-knit, high-performing team, leading complex investigations, sharpening our detection arsenal and pushing the limits of how we defend customers. You will mentor rising analysts, strengthen MDR processes and act as a trusted voice for clients when the pressure is on.

If you thrive on outsmarting adversaries, owning the fight and having your team's back in every battle, this is where you belong.

• Lead escalations from Tier I and II Analysts, guiding investigations and ensuring accurate, timely response
• Drive proactive threat hunting across the MDR customer base to uncover emerging threats
• Perform full-scope Incident Response and management of critical security events
• Mentor and onboard new Threat Analysts, building skills and strengthening the team
• Detect, investigate, and respond to security events and advanced cyber threats
• Analyze and monitor logs, endpoint telemetry, and integrated security systems
• Track, document, and manage cases from initial detection through to customer communication and threat neutralization
• Engage directly with customers through multiple channels, providing expert guidance under pressure
• Contribute to process improvement and help shape MDR operational playbooks
• Collaborate with engineering, threat intelligence, and response teams to enhance overall defenses
• Deliver metrics and reporting on threat activity, detection trends, and situational awareness
• Stay ahead of the curve by researching new attacker tactics, exploits, and vulnerabilities

• 5 years of experience in SOC operations, incident response, or threat hunting, with proven ability to handle high-severity incidents
• Strong knowledge of endpoint and network security technologies (IDS, IPS, EDR, ATP, malware defenses, integrations) and their use in investigations
• Solid experience in threat hunting and identifying adversary tradecraft across customer environments
• Good understanding of adversary TTPs including persistence, evasion, obfuscation, and living-off-the-land techniques
• Strong skills in network traffic analysis, with the ability to identify anomalies across TCP/IP, routing, switching, and protocols
• Proficient in Windows event log analysis and incident response procedures from triage to containment
• Excellent troubleshooting and analytical skills to solve complex problems quickly
• Experience mentoring and supporting junior analysts, encouraging growth and developing operational maturity
• Ability to collaborate with engineering and detection teams to improve detection content, tuning, and operational playbooks
• Strong communication skills with the confidence to act as a trusted advisor for customers during investigations
• Passion for learning, curiosity to stay ahead of adversary tactics, and a mindset for contributing to MDR improvements
• Bachelor's degree in Information Technology, Computer Science, or related field; or equivalent work experience
• Flexibility to participate in rotating coverage, including weekends and holidays, in a 24x7x365 operation

• Experience leading or contributing to threat hunts or purple team exercises
• Knowledge of the MITRE ATT&CK framework and its use in detection development and assessment
• Familiarity with SIEM platforms, enterprise-scale log management, and query construction
• Experience with SQL, OSQuery, and scripting/automation (PowerShell, Python, etc.)
• Exposure to cloud, container, or hybrid security environments

#LI-FC1

#B2

#LI-Remote

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We're proud of the diverse and inclusive environment we have at Sophos, and we're committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos' data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos