Incident Response Analyst

January 2

Apply Now

Receive Emails with Similar Jobs

Sophos

WebsiteLinkedInAll Job Openings

Sophos is a leading cybersecurity company that specializes in protecting businesses against advanced cyber threats. The company offers a comprehensive suite of security solutions, including endpoint protection, managed detection and response (MDR), network security, and cloud security. With a prevention-first approach, Sophos aims to stop ransomware and other cyber threats before they cause harm. Sophos provides services such as threat research, security training, and operational support to ensure robust defense against cyberattacks. Their solutions cater to various industries including finance, healthcare, government, manufacturing, and retail. The Sophos Central platform delivers centralized security management, integrating seamlessly with existing IT infrastructure to enhance security posture.

IT Security • Next-Gen UTM (Unified Threat Management) • Mobile Device Management • Endpoint Security • Antivirus

1001 - 5000 employees

Founded 1985

🔒 Cybersecurity

☁️ SaaS

💰 Post-IPO Equity on 2021-08

📋 Description

• Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks. • Sophos RR team is an elite group of incident responders engaged by organizations worldwide. • Provides comprehensive investigations, response actions, remediation guidance, and root cause analysis. • Conducts large-scale investigations across customer networks and performs forensic analysis.

🎯 Requirements

• 3+ year experience in a dedicated Incident Response role or 5+ years in a security related role with incident response responsibilities • Excellent understanding of Windows logs and forensic artifacts • Strong understanding of hypervisors and virtualization • Experienced in conducting full disk and triage image acquisition, and industry standard tools such as FTK Imager and CyLR • Extensive experience and knowledge of mapping adversary behavior to the MITRE ATT&CK framework • Demonstrated experience working with common open-source forensic utilities such as Eric Zimmerman Tools, The Sleuth Kit, Plaso Log2Timeline, Volatility, ChainSaw, etc. • Passion for cyber security, incident response, and digital forensics • A desire for continuous learning • Strong written communication skills • A team-player attitude with a willingness to share knowledge • Ability to work some weekends and holidays • Experience leading BEC investigations • Undergraduate education in Cybersecurity, Computer Science, or comparable • Cybersecurity certifications (e.g. SANS GCFA, OSCP, CISSP, or similar) • Experience with SIEM technology (e.g. Splunk, ELK, etc.) • Ability to lead and direct customer engagements when the Incident Lead is absent • Capable to lead smaller compromise assessment or BEC engagements • Willingness to work occasional overtime during peak times or holidays • Experience writing OSQuery or SQL queries • Experience writing PowerShell, Python, or Bash scripts

🏖️ Benefits

• Sophos operates a remote-first working model, making remote work the primary option for most employees. • Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit • Employee-led diversity and inclusion networks that build community and provide education and advocacy • Annual charity and fundraising initiatives and volunteer days for employees to support local communities • Global employee sustainability initiatives to reduce our environmental footprint • Global fitness and trivia competitions to keep our bodies and minds sharp • Global wellbeing days for employees to relax and recharge • Monthly wellbeing webinars and training to support employee health and wellbeing