Team Lead, Threat Analysis

Carmel, IN, US, 46032

Technology Office

Sophos Overview – Cybersecurity Evolved

Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs, our cloud-native and AI-enhanced solutions are able to adapt and evolve to secure endpoints and networks against never-before-seen cybercriminal tactics and techniques. Managed through our award-winning, cloud-based platform, Sophos Central, our best-of-breed products work together through our unique Synchronized Security system to share threat intelligence and respond to evolving threats. The Sophos suite of products secures networks and endpoints against automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more.


Job Purpose

Sophos is seeking an experienced and motivated Team Lead to support its' MTR customers. The successful candidate will be responsible for operational management of active cyber security incidents as well as performing technical support to monitor, identify, and neutralize cybersecurity threats. You will work with enterprise systems, log analysis systems, and endpoint collection systems to facilitate detection and response efforts.


The MTR Team Lead role requires independent work as well as the ability to work in a team environment. As a senior team member, you will be expected to be a Subject Matter Expert (SME) and to lead projects to build tools and processes to support incident response and proactive threat hunting efforts. You will also be expected to mentor other team members, and to actively participate in knowledge transfers both internal and external to the team.


This position requires availability to work outside of standard business hours including weekends and holidays – our SOC is 24X7


Main Duties

  • Maintaining supervision over operational tasks and provide day-to-day oversight for threat analysts
  • Overseeing analysts in their investigation and response activities when security incidents arise to determine possible cause and resolution  
  • Effectively communicating information to stakeholders of all levels
  • Demonstrating experience in network and host-based intrusion analysis, incident response processes and procedures, digital forensics or handling malware
  • Acting as a lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response
  • Successfully executing incident handling procedures as well as direct response to cyber security incidents
  • Maintaining current knowledge and recognition of attacker tools, tactics, and procedures to produce indicators of compromise (IOCs) that can be utilized during active and future investigations
  • Assessing cyber threat intelligence/open source intelligence and operationalizing that information
  • Demonstrating real-world, hands-on experience dealing with sophisticated malware and dynamic cyber threat actors
  • Identifying current and emerging threats and application of such research


Skills & Experience:


  • 5+ years of experience within a cybersecurity environment; experience in a leadership role is a plus
  • Bachelor’s in information technology, Computer Science or a related field
  • Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents



  • Network and Endpoint security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience
  • Threat hunting experience required
  • Knowledge of Mitre ATT&CK framework preferred
  • Working knowledge of incident response procedures
  • Experience with SQL, OSQuery, or other query languages
  • Proficient knowledge of various operating systems such as Windows and Linux-based systems
  • In depth understanding of event log analysis
  • Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
  • Knowledge of programming and scripting languages; in particular PowerShell or Python
  • Experience with enterprise information security data management - SIEM experience a plus
  • Excellent troubleshooting and analytical thinking skills
  • Capacity to handle stressful situations in a productive and professional manner
  • Strong documentation and communication skills
  • Advanced Information Security certifications preferred but not required
  • Excellent customer service skills


Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.

Nearest Major Market: Indianapolis

Job Segment: Computer Science, Database, Linux, SQL, Information Security, Technology