Threat Analyst Team Leader

Cork, IE

Technology Office

Sophos makes IT security simple with next-generation solutions that protect networks, servers, and devices, wherever they are. Today, more than 100 million users in 150 countries and a global network of channel partners trust Sophos to deliver simple solutions to complex security challenges. Focused on innovation and backed by a global network of Sophos Labs threat intelligence centers and industry-leading support, Sophos delivers solutions that are simple to deploy, maintain, and manage, enabling organizations to focus on performance and growth. Sophos — Security made simple.

Sophos is seeking an experienced and motivated Team Lead to support its' MTR customers. The successful candidate will be responsible for operational management of active cyber security incidents as well as performing technical support to monitor, identify, and neutralize cybersecurity threats. You will work with enterprise systems, log analysis systems, and endpoint collection systems to facilitate detection and response efforts.

The MTR Team Lead role requires independent work as well as the ability to work in a team environment. As a senior team member, you will be expected to be a Subject Matter Expert (SME) and to lead projects to build tools and processes to support incident response and proactive threat hunting efforts. You will also be expected to mentor other team members, and to actively participate in knowledge transfers both internal and external to the team.This position requires availability to work outside of standard business hours including weekends and holidays – our SOC is 24X7



Main Duties



  • Maintain supervision over operational tasks and provide day-to-day oversight for threat analysts
  • Oversee analysts in their investigation and response activities when security incidents arise to determine possible cause and resolution  
  • Effectively communicate information to stakeholders of all levels
  • Demonstrate experience in network and host-based intrusion analysis, incident response processes and procedures, digital forensics and/or handling malware
  • Acting as a lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response
  • Successfully executing incident handling procedures as well as direct response to cyber security incidents
  • Maintaining current knowledge and recognition of attacker tools, tactics, and procedures to produce indicators of compromise (IOCs) that can be utilized during active and future investigations
  • Assessing cyber threat intelligence/open source intelligence and operationalizing that information
  • Demonstrating real-world, hands-on experience dealing with sophisticated malware and dynamic cyber threat actors
  • Identifying current and emerging threats and application of such research


Skills & Experience



  • Experience within a cybersecurity environment; experience in a leadership role is preferred
  • Bachelor’s in information technology, Computer Science or a related field; or relevant, commensurate work experience
  • Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents




  • Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience
  • Threat hunting experience preferred
  • Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
  • Knowledge of Mitre ATT&CK framework preferred
  • Working knowledge of incident response procedures
  • Experience with SQL query construction preferred
  • Experience with OSQuery is a plus
  • Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems (e.g. XP, Windows 7, 2003, 2008, OS X)
  • Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
  • Strong understanding of Windows event log analysis
  • Experience with enterprise information security data management - SIEM experience a plus
  • Programming and scripting skills - proficient knowledge of Powershell is a plus
  • Excellent troubleshooting and analytical thinking skills
  • Strong documentation and communication skills
  • Advanced Cyber Security certifications preferred but not required
  • Excellent customer service skills
  • Passion for all things information technology and information security
  • Natural curiosity and ability to learn new skills quickly
  • Ability to think outside the box
  • Innovative mindset

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.

Job Segment: Computer Science, Database, Linux, SQL, Information Security, Technology