Threat Analyst

This is a fully remote position, open to applicants in Australia.

📋 Description

• Investigate elevated security alerts and incidents across endpoint, network, cloud, and identity environments.

• Conduct structured analysis to identify root causes, attack scope, lateral movement, and potential impact.

• Assist in ransomware investigations by examining attacker activities, credential misuse, persistence methods, and malware behavior.

• Deobfuscate suspicious scripts, malware samples, and other indicators to detect malicious activities.

• Execute proactive threat hunts based on established hypotheses and emerging threat intelligence.

• Examine suspicious authentication activities, privilege escalation, and identity misuse.

• Carry out investigations on both Windows and Linux systems, including log and process analysis.

• Correlate information from various sources, including EDR, SIEM, cloud logs, and identity platforms.

• Clearly document investigative findings and provide actionable remediation recommendations to clients.

• Work collaboratively with senior analysts during high-severity or complex incidents.

• Contribute to detection tuning and enhance response playbooks based on investigation results.

• Participate in a rotational schedule to support a 24x7x365 MDR environment.

⛳️ Requirements

• 4–6 years of experience in a SOC, MDR, Incident Response, or a related cybersecurity operations role.

• Experience in investigating endpoint and network security alerts using EDR and SIEM platforms.

• Practical knowledge of ransomware attack patterns and common intrusion techniques.

• Hands-on experience with investigations involving Linux and Windows systems.

• Experience in analyzing obfuscated scripts, malware behavior, and performing deobfuscation to identify malicious activities.

• Familiarity with adversary tactics and techniques, along with practical exposure to the MITRE ATT&CK framework.

• Experience in analyzing Windows Event Logs, Linux logs, and understanding Active Directory fundamentals.

• Basic knowledge of cloud and identity security investigations, including suspicious authentication activities and privileged account misuse.

• Ability to analyze network traffic, including TCP/IP, DNS, and HTTP/S protocols.

• Proficiency in scripting, including PowerShell; knowledge of Python or other programming languages is essential.

• Strong documentation skills and attention to detail in investigations.

• Security certifications such as Security+, CySA+, GCIH, or equivalent are advantageous. A Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent professional experience is required.

• Excellent analytical and troubleshooting skills.

• Capacity to manage multiple investigations in a fast-paced environment.

• Clear written and verbal communication abilities.

🏝️ Benefits

• Sophos operates a remote-first working model, prioritizing remote work for most employees.

• Employee-led diversity and inclusion networks that foster community and provide education and advocacy.

• Annual charity and fundraising initiatives, along with volunteer days for employees to support local communities.

• Global employee sustainability initiatives aimed at reducing our environmental impact.

• Global fitness and trivia competitions to keep our bodies and minds sharp.

• Global wellbeing days for employees to relax and recharge.

• Monthly wellbeing webinars and training sessions to support employee health and wellbeing.