Senior Incident Response Analyst 1

Role Summary

Sophos is seeking an experienced and motivated Incident Response Consultant 3 to join our Incident Response (IR) service. The Sophos IR team is an elite group of incident responders that are engaged by organizations worldwide to respond to and neutralize cyber threats. Specializing in industry-standard forensic tools and Sophos technologies, the team provides comprehensive investigations, response actions, remediation guidance, and root cause analysis to combat a wide range of cybersecurity incidents.

As an Incident Response Consultant 3 on the Sophos IR team, you will collaborate with a dedicated group of experts to neutralize critical security incidents for customers of varying sizes and industries. In this role, you will be responsible for investigating at-scale across the customer networks and conducting forensic analysis using industry standard tools to identify indicators of compromise and tactics, techniques, and procedures used by threat actors. Reporting to theTeam Lead, Incident Response, you will, lead assigned incident response engagements, delegate tasks to other assigned consultants, and will be responsible for documenting and communicating findings to our customers.

• Perform in-depth forensic analysis of systems
• Acquire full disk and triage images of Windows, Mac, and Linux systems for investigation
• Investigate customer networks for suspicious and malicious activity
• Leverage tools such as XDR to perform large-scale threat hunts
• Identify systems of interest related to ongoing investigations
• Maintain detailed and accurate documentation, including meeting notes and investigative findings
• Document IOCs and contribute to the development of threat intelligence
• Collect sample files from customer devices as part of incident investigations
• Conduct searches through OSINT sources
• Log work hours accurately for each customer engagement
• Complete assigned training and development programs as directed by the Team Lead

• 3+ years of experience in Incident Response or a related role
• Excellent understanding of Windows logs and forensic artifacts
• Strong understanding of hypervisors and virtualization
• Experience in conducting full disk and triage image acquisition
• Working knowledge of mapping adversary behavior to the MITRE ATT&CK framework
• Demonstrated experience working with common open-source forensic utilities
• Passion for cyber security, incident response, and digital forensics
• A desire for continuous learning
• Strong written communication skills
• A team-player attitude with a willingness to share knowledge
• Ability to work some weekends and holidays
• Experience leading BEC investigations
• Post-secondary education in Cybersecurity, or comparable
• Cybersecurity certifications is a plus (e.g. CompTIA CySA+, GCFE, GCIH, or similar)
• Experience with SIEM technology is a plus (e.g. Splunk, ELK, etc.)
• Willingness to work occasional overtime during peak times or holidays
• Experience writing SQL queries is a plus
• Experience writing PowerShell, Python, or Bash scripts is a plus

In the United States, the base salary for this role ranges from $120,000 to $200,000. In addition to base salary, we offer additional compensation including bonus eligibility and a comprehensive benefits package. A candidate’s specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and other business and organizational needs.

#li-remote

#B2

#Li-JA1