Key Responsibilities 

• Monitor, investigate, and respond to alerts generated by the Sophos security stack (including EDR/XDR capabilities)
• Lead and mentor Tier I Analysts through escalated cases, ensuring thorough and accurate investigation practices
• Perform end-to-end analysis on suspicious activity to assess scope, impact, and risk
• Identify and respond to cyber threats across customer environments using approved playbooks and tooling
• Accurately document findings, investigative steps, and outcomes in the MDR case management platform
• Conduct threat hunting to identify potential threats throughout the MDR customer base
• Investigate phishing emails, suspicious binaries, and behavioral anomalies
• Support detection tuning by identifying recurring false positives and suggesting improvements
• Stay informed on threat actor behaviors, MITRE ATT&CK techniques, and Sophos threat research updates
• Proactively research emerging IOCs, active exploits, and vulnerabilities to stay ahead of evolving threats
• Contribute to internal knowledge bases, documentation, and continuous improvement initiatives
• Participate in shift rotations and ensure timely, detailed handovers between global teams
• Provide detection and response support for active security incidents
• Manage case workflows: create cases, track progress, and follow up with clients until resolution
• Engage with clients via chat, phone and tickets as part of case handling
• Assist with developing and refining Security Operations processes, playbooks, and tooling feedback

Requirements:

Essential 

• 2+ years of hands-on experience in a Security Operations Center (SOC), Managed Detection and Response (MDR) environment, or cybersecurity-focused IT role
• Proficient in the use of endpoint and network security tools (e.g., EDR, IDS/IPS, malware detection platforms) with the ability to validate and triage complex alerts
• Working knowledge of Windows operating systems (both workstation and server), with additional experience in Linux (Ubuntu, Debian, RedHat) or macOS environments
• Ability to interpret and analyze Windows event logs and other telemetry data
• Understanding of core network concepts including TCP/IP, protocols, routing, and traffic analysis
• Demonstrated experience contributing to real-time incident response efforts and threat investigations
• Exposure to threat hunting methodologies and an understanding of attacker behavior and patterns
• Experience handling active threats, including containment, mitigation, and recovery efforts during security incidents
• Familiar with techniques such as persistence, privilege escalation, lateral movement, and defense evasion, and able to identify these in real-world environments
• Familiarity with common incident response workflows and security operations processes
• Strong analytical thinking and troubleshooting skills, with attention to detail in investigations and case documentation
• Excellent communication skills, with the ability to clearly explain findings to both technical and non-technical audiences
• Customer-first mindset with professionalism and a focus on service excellence
• Must thrive within a team environment as well as on an individual basis
• Natural curiosity and willingness to learn in a fast-paced, ever-changing threat landscape
• A passion for cybersecurity, continuous improvement, and staying current on threat trends
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field, or equivalent practical experience
• Ability to communicate in English
• Willingness to participate in shift work including nights, weekends and holidays (our MDR service is 24x7x365)

Desirable

• Familiarity with the MITRE ATT&CK framework and its application in detection and response
• Experience working with SIEM platforms and managing enterprise security telemetry
• Ability to write and interpret SQL queries for data analysis and investigation
• Experience with OSQuery and scripting skills, particularly in PowerShell
• Relevant and practical cybersecurity certifications (e.g., GSEC, GCIA, GCIH, PEN-200, Security Blue Team L1, TCM Academy SOC L1, or similar)