Sophos logo
Sophos

Defeat Cyberattacks

Incident Response Analyst 1

Incident Response AnalystSecurity AnalystFull TimeRemoteJuniorTeam 1,001-5,000Since 1985H1B SponsorCompany SiteLinkedIn

Location

Australia

Posted

3 days ago

Salary

0

Seniority

Junior

Associate Degree1 yr expEnglishCloud

Job Description

Incident Response Analyst 1

Sophos

• Assist with investigative and forensic analysis across endpoints, network logs, and cloud telemetry under the direction of senior analysts • Support containment and response actions to neutralize active threats as directed by Incident Advisors or Senior Analysts • Triage and review alerts, indicators of compromise (IOCs), artifacts, and telemetry, escalating findings to senior analysts to help determine scope and root cause • Maintain clear and accurate engagement documentation, including trailheads, timelines, and playbooks • Develop incident response skills through hands-on engagements while following CIRT investigative and documentation standards • Contribute technical findings and summaries to support customer updates and post-incident reports • Identify and communicate detection or response gaps observed during investigations • Participate in shift handovers, debriefs, and post-incident reviews to ensure engagement continuity • Maintain accurate time and activity tracking to support operational visibility and service improvement

Job Requirements

  • 1-2 years of experience in a SOC, MDR, or security operations role preferred
  • Foundational technical understanding of endpoint security, log analysis, and common attack techniques
  • Familiarity with common threats such as malware, credential theft, and ransomware
  • Ability to review and triage alerts and telemetry, escalating to senior analysts as appropriate
  • Strong written and verbal communication skills for documenting findings and contributing to customer updates
  • Eagerness to learn and develop technical skills with guidance from senior analysts
  • Ability to work effectively in high-pressure, time-sensitive incident environments
  • Willingness to work some weekends and holidays as part of a rotation

Benefits

  • Sophos operates a remote-first working model
  • Employee-led diversity and inclusion networks
  • Annual charity and fundraising initiatives
  • Global employee sustainability initiatives
  • Global fitness and trivia competitions
  • Global wellbeing days
  • Monthly wellbeing webinars and training

Related Job Pages

More Incident Response Analyst Jobs

Zensar logo

CIS SERVICE DELIVERY MANAGEMENT-CIS INCIDENT MANAGEMENT

Zensar

At Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.

Full TimeRemoteTeam 10,001

Role Description - Good understanding of Control-M Architecture and Agent/Server Communication - Good knowledge on Control-M tool to manage batch jobs, familiarity with features and usage of tool - Basic Unix - ITIL knowledge Good to have: - Experience of handling Priority incidents and critical issues related to Control-M - Basic MS SQL or Oracle Soft Skills: - Experience in 24*7 batch monitoring and production support - Excellent problem-solving skills and attention to detail - Ability to work collaboratively in a team - Strong communication and interpersonal skills Company Description At Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. Explore Life at Zensar and join us to Grow. Own. Achieve. Learn. to be the best version of yourself. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.

India

Role Description cFocus Software seeks a Incident Response Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance. Qualifications - Public Trust Clearance - B.S. Computer Science, Information Technology, or a related field - 5+ years of cybersecurity experience - 5+ years supporting cybersecurity incident response or Security Operations Center (SOC) environments - Experience investigating security incidents across Windows, Linux, cloud, and enterprise networks - Experience with SIEM technologies and security monitoring platforms - Experience performing incident triage and root cause analysis - Knowledge of malware analysis and digital forensics concepts - Understanding of NIST Cybersecurity Framework and NIST SP 800-61 Incident Handling Guide - Ability to obtain and maintain required NIH suitability/background investigation - Active GCIH, GCFA, GCIA, CISSP, CySA+, Security+, CEH, CHFI, CISM, or GSEC Requirements - Monitor security events across the NIH/OD-OIT environment - Detect, analyze, and respond to cybersecurity incidents affecting enterprise systems - Perform incident triage to determine scope, severity, urgency, and operational impact - Support incident containment, eradication, recovery, and restoration activities - Investigate suspected security incidents within established response time requirements - Coordinate incident handling activities with NIH and HHS cybersecurity organizations - Monitor enterprise security logs and alerts - Perform network and host-based intrusion detection - Monitor cloud applications and cloud infrastructure - Support continuous 24x7 security monitoring operations - Identify indicators of compromise (IOCs) and suspicious activity

United States
TEKsystems logo

Incident Systems Analyst

TEKsystems

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia.

ContractRemoteTeam 10,001H1B No Sponsor

Role Description The analyst will focus on incident analysis and telemetry validation, helping ensure that this client’s detection systems are accurate, actionable, and continuously improving. This includes: - Analyzing high-priority incidents (Sub-0 to Sub-2) - Understanding system behavior through telemetry signals - Identifying opportunities to improve detection logic and reduce noise in alerting systems The work directly impacts incident detection accuracy, response speed, and overall service reliability. This is not a traditional reporting or dashboarding role. Instead, it is a hands-on investigative position requiring: - Strong analytical thinking - Technical curiosity - The ability to interpret complex system behavior You will spend your time investigating incidents, validating signals, and presenting findings, often working with ambiguous or incomplete data. While tools like KQL are important, the role increasingly emphasizes understanding the data and systems, rather than just generating queries, especially as AI augments query development. Two analysts will share this workload, splitting responsibilities across ongoing incident analysis. Qualifications - 3 years of experience in data analysis (SQL, PowerBI or Grafana, Excel) and incident investigation - Working proficiency (3 years) in KQL or similar query tools - 2 years of experience in electrical or mechanical systems monitoring (mechanical preferred) Requirements - Daily review of overnight incidents and telemetry signals - Structured analysis on high-priority incidents - Participation in daily syncs to present findings and collaborate with engineers and SMEs - Maintaining strong data hygiene practices - Using tools like KQL to explore datasets while validating outputs Benefits - Medical, dental & vision - Critical Illness, Accident, and Hospital - 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available - Life Insurance (Voluntary Life & AD&D for the employee and dependents) - Short and long-term disability - Health Spending Account (HSA) - Transportation benefits - Employee Assistance Program - Time Off/Leave (PTO, Vacation or Sick Leave) Company Description We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe, and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change.

United States
$45 - $60 / hour
Full TimeRemoteTeam 10,001+Since 2015H1B Sponsor

Role Description At Hewlett Packard Enterprise (HPE), we are seeking a highly experienced and technically proficient Principal Advanced Threat Response Analyst to join our global security organization. The ideal candidate will have over a decade of hands-on experience in incident response, threat hunting, threat intelligence, digital forensics, malware analysis, and incident management, with proven expertise in leading investigations into Advanced Persistent Threats (APT) and other complex, multi-stage intrusions, including widescale Ransomware attacks. This role requires a blend of technical mastery, investigative acumen, and leadership capability. The candidate will drive proactive and reactive threat hunting efforts, lead critical incident response engagements, and develop both short-term containment and long-term remediation strategies to strengthen the organization’s cyber defense and improve overall security posture. This role is fully remote USA. Key Responsibilities - Lead complex threat investigations involving APTs, ransomware, insider threats, and nation-state activity across enterprise and cloud environments. - Drive proactive threat hunting programs focused on emerging TTPs, behavioral analytics, and detection gaps within EDR, SIEM, and network telemetry data. - Develop and execute purple team exercises, simulating advanced adversarial tradecraft to assess detection and response capabilities. - Collaborate with red teams and offensive security engineers to understand attacker tools, techniques, and procedures (TTPs) at a deep technical level and translate that understanding into effective detections. - Perform incident command during major security events — leading multidisciplinary response teams, engaging executive stakeholders, and delivering after-action reports and strategic recommendations. - Develop custom detections, playbooks, and automation in Splunk, Sentinel, or other platforms to improve time-to-detect and time-to-contain metrics. - Mentor and coach junior analysts, hunters, and incident responders — fostering an environment of continuous learning and operational excellence. - Contribute to threat intelligence initiatives, enriching internal intelligence feeds with context from ongoing investigations and external research. - Collaborate with engineering and architecture teams to harden security controls across endpoint, network, and cloud layers. - Conduct tabletop exercises and technical simulations to validate response readiness and identify process or technology gaps. Qualifications - 10+ years of experience in cybersecurity roles focused on incident response, threat hunting, digital forensics, threat intelligence, or SOC operations. - Proven record of leading end-to-end investigations of advanced threat campaigns (APT) or other complex multi-vector attacks. - Strong understanding of MITRE ATT&CK framework, adversary emulation, and kill chain analysis. - Demonstrated expertise in both enterprise IT and cloud security (AWS, Azure, GCP) — from defensive and offensive perspectives. - Working knowledge of red team / offensive security operations and the ability to deconstruct offensive tools (e.g., Cobalt Strike, Empire, Metasploit, Sliver, Mimikatz, other open-source OffSec tools) to detect their presence and behaviors. - Deep knowledge of SIEMs (Splunk, Sentinel, ELK), EDR platforms (CrowdStrike, Carbon Black, Defender ATP), and forensics tools. - Strong scripting or automation experience (Python, PowerShell, Bash) for hunting, enrichment, or data manipulation. - Ability to design and facilitate purple team exercises and incident response tabletop simulations replicating advanced adversary techniques. - Excellent communication and leadership skills; ability to brief executives, collaborate across functions, and guide junior team members. Certifications - Advanced SANS certifications such as GCFA, GREM, GCIA, GNFA, GCTI, GSEC, or GCIH. - Offensive certifications such as OSCP, OSEP, OSED, or CRTO. - Recognition from hands-on platforms (e.g., Hack The Box, Cyber Defenders, TryHackMe) demonstrating technical proficiency. - Cloud security certifications (AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer) are a plus. Benefits - Health & Wellbeing: Comprehensive suite of benefits that supports physical, financial, and emotional wellbeing. - Personal & Professional Development: Specific programs catered to helping you reach any career goals you have. - Unconditional Inclusion: A culture that celebrates individual uniqueness and values varied backgrounds. Salary Information The expected salary/wage range for this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level. - United States of America: Annual Salary USD 120,500 - 276,500 in Texas. The listed salary range reflects base salary. Variable incentives may also be offered.

United States
$120.5K - $276.5K / year