Threat Analyst

2+ years of hands-on experience in a SOC, MDR environment, or cybersecurity-focused IT role Proficient in endpoint and network security tools (e.g., EDR, IDS/IPS, malware detection platforms) Working knowledge of Windows operating systems (workstation and server) Experience in Linux (Ubuntu, Debian, RedHat) or macOS environments Ability to interpret and analyze Windows event logs and other telemetry data Understanding of core network concepts (TCP/IP, protocols, routing, traffic analysis) Demonstrated experience contributing to real-time incident response and threat investigations Exposure to threat hunting methodologies and understanding of attacker behavior Experience handling active threats (containment, mitigation, recovery) Familiar with techniques such as persistence, privilege escalation, lateral movement, and defense evasion Familiarity with common incident response workflows and security operations processes Strong analytical thinking and troubleshooting skills Excellent communication skills (technical and non-technical audiences) Customer-first mindset with professionalism Ability to thrive in team and individual settings Natural curiosity and willingness to learn Passion for cybersecurity and continuous improvement Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field, or equivalent practical experience Ability to communicate in English Willingness to participate in rotating shift work (nights, weekends, holidays)

Monitor, investigate, and respond to alerts from Sophos security stack Lead and mentor Tier I Analysts on escalated cases Perform end-to-end analysis on suspicious activity Identify and respond to cyber threats using playbooks and tooling Document findings, investigative steps, and outcomes Conduct threat hunting Investigate phishing emails, suspicious binaries, and behavioral anomalies Support detection tuning by identifying false positives Stay informed on threat actor behaviors and MITRE ATT&CK techniques Research emerging IOCs, active exploits, and vulnerabilities Contribute to internal knowledge bases and documentation Participate in shift rotations and ensure handovers Provide detection and response support for active security incidents Manage case workflows Engage with clients via chat, phone, and tickets Assist with developing and refining Security Operations processes, playbooks, and tooling feedback