MDR Security Automation Researcher

This is a fully remote position, open to applicants in Romania.

📋 Description

• Examine various workflows, tools, and processes from both internal and external sources.

• Collaborate with subject-matter experts (such as SOC analysts and incident responders) to document detailed process steps, identifying gaps and bottlenecks in current operations that could be improved through automation.

• Utilize scripting languages (like Python, JavaScript, Bash, CEL) to create secure and scalable solutions.

• Integrate newly created automated workflows with established security tools (such as XDR, SIEM, AV, and endpoint detection).

• Perform testing, validation, and troubleshooting to guarantee reliable and stable deployment in production settings.

• Continuously oversee and maintain implemented automation solutions, ensuring performance, reliability, and security.

• Document technical specifications, deployment processes, and operational guidelines for each automated workflow.

• Collaborate with cross-functional teams (Security Operations, DevOps, IT) to facilitate smooth coordination, prompt development, and stable release cycles.

• Conduct knowledge-sharing sessions and workshops to present new automation concepts and results.

⛳️ Requirements

• Demonstrated experience as a Cybersecurity Analyst in a security operations center (in areas such as security analysis, incident response, or threat hunting).

• Preferred background in supporting global security operations or coordinating with MSSPs and internal teams, with an emphasis on designing, documenting, or optimizing technical cybersecurity workflows.

• Strong proficiency in scripting (including Python, PowerShell, JavaScript, Bash) and familiarity with API integrations for workflow automation.

• Capacity to translate documented requirements into actionable coding tasks in both independent and collaborative settings.

• Preferred knowledge of BI/data cybersecurity analytics tools (such as SQL, Power BI, KQL) or machine learning concepts applied to detection.

• Familiarity with MITRE ATT&CK, threat intelligence platforms, or IOC integration.

• Must excel in both team environments and individual tasks.

• Possess a natural curiosity and the ability to quickly acquire new skills.

• Preferred certifications from GIAC, EC-Council, ISC2, CompTIA, Offensive Security, or vendor-specific certifications (such as Azure Security, AWS Security, CrowdStrike CFR, etc.).

🏝️ Benefits

• Sophos follows a remote-first working model, making remote work the primary option for most employees, though some roles may require a hybrid approach.

• Employee-led diversity and inclusion networks that foster community and provide education and advocacy.

• Annual charity and fundraising initiatives, along with volunteer days for employees to support local communities.

• Global employee sustainability initiatives aimed at reducing our environmental impact.

• Global fitness and trivia competitions designed to keep our bodies and minds sharp.

• Global wellbeing days for employees to relax and recharge.

• Monthly wellbeing webinars and training sessions to support employee health and wellbeing.