Pick a job to read the details

Tap any role on the left — its description and apply link will open here.

Renewals Representative (German Speaking)

Sophos · Bucharest

Uncategorized Romania Bucharest Posted Apr 28, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

You will manage a high-volume book of mid-market renewal accounts across EMEA.

This role requires strong organisation, outbound discipline, and the ability to work closely with both field sales and channel partners to secure on-time renewals.

Success in this role comes from pace, ownership, and structured execution.

What You Will Do

Manage a high-volume portfolio of renewal opportunities

Achieve quarterly sales goals and drive the renewals sales process

Proactively engage customers and channel partners 90–120 days before expiry Work in close alignment with field AEs on shared accounts

Drive urgency through partners to secure timely quotes and orders

Identify churn risk early and escalate with proposed solutions

Maintain accurate forecasting and pipeline hygiene in SFDC

Deliver consistent outbound activity to protect revenue

Own and manage the end-to-end renewals process, including maintaining an accurate forecast status in SFDC

Collaborate with the account executive and channel team

Identify cross sell opportunities

Identify natural expansion

What You Will Bring

Experience

2–5 years in renewals, sales, or account management (SaaS preferred)

Comfortable managing a high-volume book of business in:

Commercial

Midmarket

Enterprise

Experience in selling through and with channel partners, and ability to thrive in a team selling environment

Proficient in Salesforce (SFDC) any CRM tools

Fluency in both German and English

Skills and Behaviours

Strong organizational skills; comfortable managing volume

Confident and experienced in outbound activity (phone, email, follow-up cadence)

Participate in call out days to partner and end users

Success with working as a team, Sales AE and Channel

Comfortable navigating partner-driven sales cycles

Resilient and able to persevere through objections

Coachable and open to structured processes

Takes ownership and proposes solutions, not problems

Team-oriented with a commercial mindset

Execute a planned cadence of engagement customers and put detailed strategic account plans in place where appropriate.

Looks to enable course correction and contribute to a successful team

Work in support of the new business sales team when their expansion business is in conjunction with a pending renewal to ensure full renewal is achieved and partnering to support the additional growth solutions to the customer’s desired cybersecurity and business outcomes.

Renewals Representative by Segment

Enterprise Renewals Rep: Low volume engagement driven primarily through partnership with Enterprise Account Executive, within or outside of the renewal window. Engagement based on collaboration with AE regarding risk or potential. Assume 50 active engagements per quarter.

Midmarket Renewals Rep: Medium volume engagement within renewals window, partnering through opportunity tagging by Account Executive, and outbound engagement for any untagged renewal window opportunities. Assume 75 active engagements per quarter

Commercial Renewals Rep: High volume engagement within renewals window, leveraging outbound digital, cadenced engagements. Motions driven primarily through partner engagement with reactive actions in support of full book of commercial renewals within renewal window.

#li-remote

#b2

#li-FC2

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Cyber Risk Advisor (Romania)

Sophos · Romania

Apply now

Uncategorized Romania Posted Apr 24, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

The Cyber Risk Advisor I serves as a trusted cybersecurity consultant to customers, helping them understand and mitigate cyber risks. This role involves leading advisory sessions, interpreting vulnerability data, and providing prioritized remediation guidance. The advisor monitors customer environments for threats and ensures measurable reductions in attack surfaces. Strong communication skills are essential for translating technical findings to both executive and technical audiences.

What You Will Do

Serve as the cyber risk trusted advisor for your customers. You will simplify complex vulnerabilities, explain real-world attack scenarios, and guide customers toward the right cyber risk mitigation decisions.

Lead Cyber Risk Advisory Sessions with customers where you will contextualize and prioritize vulnerability and exposure results, cyber risk trends, and overall security posture with the goal of facilitating positive security outcomes for your customers.

Provide prioritized, context-driven cyber risk remediation recommendations, helping customers focus on the vulnerabilities most likely to be weaponized by the threat actors.

Assist in monitoring customer environments for critical vulnerabilities, exposures, and emerging threats, escalating and advising on timely remediation.

Ensure that our Managed Risk service translates into measurable reductions in your customers’ overall attack surface.

Build professional, trust-based relationships with customers.

Continuously develop your skills through mentorship and hands-on experience.

What You Will Bring

2-3 years of experience in cybersecurity or related IT fields.

Strong knowledge of enterprise networking concepts (routing, switching, VLANs, firewalls, VPNs, and remote access technologies).

Strong knowledge of vulnerability management, attack surface management (reduction), and common security frameworks (NIST, CIS, ISO, etc.).

Hands-on experience with EASM/IASM tools, vulnerability scanning platforms, and remediation workflows.

Excellent communication and advisory skills, with the ability to simplify technical findings for executives while going deep with technical teams.

Proven ability to prioritize and manage multiple customer relationships, balancing consultative guidance with timely escalation of critical risks.

A proactive, problem-solving mindset and the drive to help customers reduce their overall cyber risk.

Nice to have

Industry certifications such as CompTIA Network+ or equivalent networking credentials, alongside security certifications such as CISSP, CISM, OSCP, CEH, or Security+.

Hands-on experience working with Tenable Nessus and/or the Tenable One platform.

Background in Incident Response, Threat Intelligence, or Red/Blue Team operations.

Knowledge of cloud security (AWS, Azure, GCP) and securing hybrid and cloud environments.

Prior experience in a customer-facing consultancy or advisory role with the ability to bridge networking and security conversations.

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Senior Threat Analyst 2 (Romania)

Sophos · Romania

Apply now

Security Romania Posted Apr 21, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

As a MDR Senior Threat Analyst on our Managed Detection and Response (MDR) team, you will provide best-in-class monitoring, detection, and response services to proactively defend customer environments before attacks prevail. You will lead, work alongside and contribute to a team of incident response analysts, cyber threat hunters, engineers, and ethical hackers by using enterprise, log analysis and endpoint collection systems to facilitate investigations, identification, and neutralization of cyber threats.

What You Will Do (Duties and Responsibilities)

Lead shift operations and coordinate response activities across the MDR SecOps team during assigned shifts

Mentor and guide lower tier analysts, providing technical expertise and escalation support for complex investigations

Oversee end-to-end analysis of sophisticated threats, coordinating multi-analyst investigations and ensuring comprehensive scope assessment

Drive technical decision-making during critical incidents, determining escalation paths and resource allocation

Lead threat hunting initiatives across the MDR customer base and coordinating team efforts

Refine detection logic, working with engineering teams to reduce false positives and improve detection efficacy

Serve as subject matter expert on advanced persistent threats, zero-day exploits, and emerging attack vectors

Coordinate cross-functional collaboration with adjacent projects

Use, maintain and develop internal playbooks, investigation methodologies, and technical documentation

Lead client escalations for high-severity incidents, providing technical briefings and coordinating remediation efforts

Participate in continuous improvement initiatives within the SOC, identifying process gaps and implementing solutions

Manage shift handovers and ensure seamless 24/7 operations across global teams

Conduct in-depth malware analysis when required for complex investigations

Participate as a SOC representative in technical discussions with product teams, threat research, and customer success organizations when needed

Ensure knowledge transfer and capability development across the analyst team through training and mentorship

What You Will Bring (Experience and Qualifications)

5+ years of progressive experience in a SOC or advanced cybersecurity roles with demonstrated leadership capabilities

Advanced-level proficiency with endpoint and network security tools (EDR/XDR, SIEM, threat intelligence platforms) and ability to understand detection strategies

Advanced knowledge of Windows, Linux (macOS is a plus) environments including system internals, forensic artifacts, and attack surface analysis

Proven experience leading incident response efforts, coordinating cross-functional teams, and managing complex security investigations

Background in threat hunting with ability to develop hunting queries, and behavioral analytics

Demonstrated experience mentoring junior analysts and developing team capabilities through knowledge transfer and training

Deep understanding of MITRE ATT&CK framework, advanced persistent threat tactics, and emerging attack vectors

Experience with malware analysis and advanced forensic techniques for complex threat investigations

Ability to manage shift operations, coordinate global handovers, and maintain 24/7 SOC effectiveness

Experience working with adjacent teams (engineering, product, threat research) to drive security enhancements and tooling improvements

Track record of developing and implementing SOC processes, playbooks, and operational procedures

Industry certifications such as GCIH, GCFA, GNFA, CISSP, or equivalent are desirable

Bachelor's degree in Information Technology, Computer Science, Cybersecurity or related field, or equivalent extensive practical experience

Fluent English communication skills with ability to articulate complex technical concepts to diverse audiences

Flexibility to work rotating shifts including nights, weekends, and holidays as part of 24x7x365 operations

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Senior Product Manager - CISO Advantage (m/f/d)

Sophos · Germany

Apply now

Security Germany Romania Hungary Posted Apr 15, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

This role is for individuals with real cybersecurity experience who understand the pressures faced by security teams and the challenges businesses encounter in strengthening their defences. If you've worked in a cybersecurity team, led advisory engagements through a managed service provider, or helped organisations tackle security challenges, this is your chance to apply that expertise on a larger scale.

As a CISO Advantage Field Specialist, you'll be the key expert for MSP partners seeking genuine knowledge. Instead of relying on slides, you'll leverage your deep understanding of advancing cyber maturity and transformation. Your role includes assisting partners in integrating CISO Advantage into their offerings, empowering their teams to deliver effective security services.

We seek proactive individuals who thrive at the intersection of technology, people, and business outcomes. If you're excited about helping underserved businesses manage their security risks using leader-edge technology, data and AI as real tools, this role was made for you.

What You Will Do (Duties and Responsibilities)

Product Feedback & Market Intelligence

Operate as a structured, consistent feedback channel between the field and the Sophos Product team, this is a core accountability of the role, not a secondary activity.

Capture partner and customer feedback on product usability, feature gaps, pricing, and competitive alternatives using agreed formats and cadences set by Product leadership.

Submit regular regional feedback reports covering adoption blockers, commonly requested features, competitive intelligence, and MSP delivery challenges.

MSP Partner Enablement

Serve as the primary field resource for CISO Advantage MSP partners within your region, the person partners contact when they need product knowledge, positioning support, or help with a customer situation.

Track partner enablement progress and readiness across your regional MSP portfolio, flagging partners who need additional support and identifying those ready to scale.

Help partners develop structured onboarding and delivery playbooks so they can consistently deploy CISO Advantage across their customer base.

End-User Adoption & Training Support

Support MSP partners in delivering effective training and onboarding experiences to the end-user organizations they serve, ensuring customers can navigate and use the platform confidently from day one.

Help channel partners and their customers define what success looks like with CISO Advantage, establishing clear use cases, adoption milestones, and outcome metrics from the outset.

Provide partners with end-user-facing guidance materials, FAQs, and best-practice documentation they can adapt and deliver to their customers.

Act as an escalation resource for partners encountering complex end-user adoption challenges, working collaboratively to resolve issues and improve the customer experience.

Gather and document customer adoption stories, use cases, and outcomes that can be used for MSP enablement, product marketing, and internal reporting.

Cross-Function Collaboration

Work closely with regional Sales and Channel teams to align enablement activity with commercial priorities and partner tier.

Collaborate with Product Marketing to validate regional messaging and surface localization requirements, language, regulatory context, or market-specific positioning needs.

Partner with the Product and Customer Success teams to ensure end-user training content remains current and aligned with platform updates and new feature releases.

What You Will Bring (Experience and Qualifications)

5–8 years of experience in a cybersecurity-related role, this could include technical pre-sales, partner success, channel enablement, security consulting, or a vendor-side field role.

Experience working with or within an MSP, channel partner, or VAR environment, understanding how managed service businesses operate and how they engage their customers.

Exposure to security programme management, GRC, or vCISO service delivery, either from the customer, MSP, or vendor side.

Experience in a product feedback, customer success, or voice-of-customer role within a B2B SaaS or security vendor environment.

Demonstrated experience supporting end-user training, onboarding, or adoption programmes, either directly or through channel partners.

Knowledge & Skills

Working knowledge of cybersecurity concepts, terminology, and the challenges faced by security teams in mid-market and enterprise organizations.

Ability to translate complex security and platform concepts into clear, accessible guidance for both MSP partners and their end-user customers.

Strong communication and relationship-building skills, with the ability to operate effectively across technical, commercial, and customer-facing contexts.

Comfort working in a structured feedback environment, capturing insights methodically and communicating them clearly to product and leadership teams.

A genuine personal and professional interest in AI, we operate an AI-first strategy and expect this person to be an AI native. You should actively use AI tools in your day-to-day work, stay current with developments in the space, and bring both curiosity and practical knowledge of how AI can be applied to security, enablement, and customer success.

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

MDR Security Automation Researcher (Romania)

Sophos · Romania

Apply now

Uncategorized Romania Posted Apr 14, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

The Security Automation Researcher will be responsible for identifying, defining and implementing valuable automation opportunities for Sophos MDR team. By researching workflows, analyzing operational data, and collaborating with key stakeholders, this role consolidates requirements and implements, tests, and maintains new security automation workflows, ensuring they are robust, secure, and delivers measurable efficiency improvements. Leveraging proprietary and open-source tools and technologies, the MDR Security Automation Researcher will deliver against unique and broad challenges facing the efficiency and effectiveness of the Sophos MDR Team.

What You Will Do

Investigate diverse workflows, tools, and processes across internal and external sources.

Collaborate with subject-matter experts (e.g., SOC analysts, incident responders) to capture detailed process steps to identify gaps and bottlenecks in existing operations that can benefit from automation.

Use scripting languages (e.g., Python, JavaScript, Bash, CEL) to develop secure, scalable solutions.

Integrate newly developed automated workflows with existing security tools (XDR, SIEM, AV, endpoint detection, etc.).

Conduct testing, validation, and troubleshooting to ensure reliable, stable deployment in production environments.

Continuously monitor and maintain implemented automation solutions, ensuring performance, reliability, and security.

Document technical specifications, deployment procedures, and operational guidelines for each automated workflow

Work with cross-functional teams (Security Operations, DevOps, IT) to ensure smooth coordination, prompt development, and stable release cycles.

Host knowledge-sharing sessions and workshops to communicate new automation concepts and outcomes.

What You Will Bring

Proven experience as a Cybersecurity Analyst working in a security operations center (Security analysis or incident response or threat hunting).

Preferred experience supporting global security operations or coordinating across MSSPs and internal teams, with focus on designing, documenting, or optimizing technical cyber security workflows.

Strong scripting skills (e.g., Python, PowerShell, JavaScript, Bash) and familiarity with API integrations for workflow automation.

Ability to convert documented requirements into actionable coding tasks in both independent and collaborative environments.

Preferred to have knowledge of BI/data cyber analytics tools (e.g., SQL, Power BI, KQL) or machine learning concepts applied to detection.

Familiarity with MITRE ATT&CK, threat intelligence platforms, or IOC integration.

Must thrive within a team environment as well as on an individual basis.

Natural curiosity and ability to learn new skills quickly.

Preferred certifications from GIAC, EC-Council, ISC2, CompTIA, Offensive Security or vendor-specific certs (e.g., Azure Security, AWS Security, CrowdStrike CFR, etc.).

A Plus if You Have

Experience using Jupyter Notebooks and its common python data analytics libraries (e.g. Pandas).

Strong understanding of Windows event log analysis.

Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems.

DevOps experience with AWS and Kubernetes environments.

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Senior Threat Behavior Researcher (UK)

Sophos · Romania

Apply now

Uncategorized Romania Posted Apr 9, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

Malware Researcher? Red/Blue/Purple team member? We have a fantastic opportunity here at Sophos Labs for a Threat Researcher role to join our global team of Behavioral Protection engineers, to hunt, to research, and to add real-time protection for suspicious activity across our customer environments. Our team of skilled security experts combine their passion to detect & disrupt cyber-attacks with their capability to develop protection rules that can cut through the noise in modern computing environments to tease out attacker’s nefarious activities. You are intrinsically motivated to understand the core logic behind malware and hacking attacks, to find & predict new ways attackers will modify their techniques and take great satisfaction in developing robust protection logic that is immune to evasive actions. You will be responsible for writing behavioral protection rules that are able to block malicious activities across all types of TTP (even if a Mitre Technique doesn’t exist yet). This is the foundation of Sophos next-gen approach. Above all - you enjoy thinking creatively; combining your deep technical knowledge, your tenacity for innovation, and your can-do attitude to solve complex and challenging problems on daily basis. Additionally, you will also be supporting our remediation effort to remove artifacts left behind, by writing cleanup rules, and supporting our Sandbox development, such as (but not limited to) creating signatures, identifying evasion techniques that prevent the sandbox from running the threat smoothly.

What You Will Do

Conduct in-depth behavioral analysis of Windows threats.

Develop Behavioral rules for various threat behaviors including hands-on keyboard attack, malware payloads, initial attack vectors and Advanced Persistent Threats (APTs).

Produce quality threat analysis reports for both internal and external audience.

Assist in sandbox improvements by analyzing malware that hinders the sandbox environment in running the threat, which deploys various anti-analysis techniques.

Develop Cleanup rules to remove artifacts that are left behind by the behavioral protection rules.

Collaborate with other cross-functional teams to improve behavioral protection capability based on the threat analysis.

Guide and train junior team members in assisting malware analysis, peer code review.

Assist in the development of tools wherever necessary to improve day-to-day task.

What You Will Bring

Strong knowledge of Windows Internals including Memory management, Processes, Threads.

Proficiency in both static and dynamic analysis of threats, using tools such as IDAPro, WinDbg.

Demonstrated programming experience. Preferred: Python, Lua.

Excellent communication skills with the ability to demonstrate complex technical problem to peer researchers as well as to product engineering team.

Excellent analytical and problem-solving skills with the ability to think strategically and creatively.

Bachelor’s degree in computer software (Computer Security preferable) or equivalent experience.

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

MDR Enhanced Threat Analyst 2 (Romania)

Sophos · Romania

Apply now

Security Romania Posted Apr 1, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

As a MDR Enhanced Threat Analyst, your primary role will be to perform security threat analysis of various malware and web attacks, tuning a customer wide event stream consisting of events from all major security platforms and working with customers to remediate security related issues based on operational needs.

What You Will Do

Review security-related events via cases and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information to provide customers with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations

Provide customers with understandable context around their security environment and threats

Interface with customers to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value

Work with customer and internal Sophos incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents

Use the Sophos platform to proactivity hunt for and investigate activity within the customer environment

Review security-related events via investigations and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information to provide customers with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations

Provide customers with understandable context around their security environment and threats

Interface with customers to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value

Work with customer and internal Sophos incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents

What You Will Bring

Essential

At least 3 years of experience working in a SOC environment or computer security team in an IT environment

Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience

Experience with threat hunting

Experience administering and supporting Windows and Unix bases Operating Systems, including both workstations and servers

Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.

Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.

Strong understanding of Windows event log analysis

Experience with basic Python scripts (reading and understanding)

Working knowledge of incident response procedures

Excellent troubleshooting and analytical thinking skills

Must be able to thrive within a team environment as well as on an individual basis

Customer service-oriented with strong documentation and communication skills

Passion for all things information technology and information security

Natural curiosity and ability to learn new skills quickly

Ability to think outside the box

Innovative mindset and driven to contribute to a team providing a best-in-class cybersecurity service

Bachelors in Information Technology, Computer Science or a related field; or relevant commensurate work experience

Willingness to participate in rotating weekend and holiday coverage (our MDR service is 24x7x365)

Desirable

Knowledge of MITRE ATT&CK framework

Experience with enterprise information security data management - SIEM experience

Experience with CQL query construction

Experience with OS Query Programming and scripting skills - knowledge of PowerShell

Relevant Cyber Security certifications (CompTIA, SANS)

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Threat Analyst 2 - German Speaking

Sophos · Romania

Apply now

Security Romania Hungary Posted Apr 1, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

As a Threat Analyst - Tier II on our Managed Detection and Response (MDR) team, you will provide best-in-class monitoring, detection, and response services to proactively defend customer environments before attacks prevail. You will work alongside and contribute to a team of cyber threat hunters, incident response analysts, engineers, and ethical hackers by using enterprise, log analysis and endpoint collection systems to facilitate investigations, identification, and neutralization of cyber threats.

Main Duties

Investigate and analyze logs and security-related events via Sophos tooling

Handle escalations from Tier I Threat Analysts - guide / advise on investigation handling

Onboard and train new Threat Analysts

Create cases, track and follow up with clients through threat neutralization

Communicate and document findings to various customer audiences including technical and executive teams

Follow up with customers through to issue resolution and drive continuous improvement by providing detailed recommendations to minimize risk in customer environments

Acknowledge and satisfy inbound customer requests and interact with customers through various mediums (Email, Phone, Ticket)

Collaborate and assist with core security and threat response teams

Actively research emerging Indicators of Compromise/Attack, exploits and vulnerabilities

Conduct threat hunting to identify potential threats throughout the MDR customer base

Participate in Security Operations process improvement and creation

Obtain metrics for reporting on threat trends, intelligence analysis and situational awareness

Skills & Experience

Essential

Professional working proficiency in both German and English are required

Willingness to work outside of standard business days including weekends and holidays – our MDR service is 24x7x365 (Hours are standard business hours)

2+ years of experience working in a SOC environment or computer security team in an IT environment

Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience

Experience with threat hunting

Experience administering and supporting Windows OS (workstations and server) and one of the following: Apple or Linux-based operating systems (RedHat, Debian, Ubuntu, OS X)

Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.

Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.

Strong understanding of Windows event log analysis

Working knowledge of incident response procedures

Passion for all things related to information technology and cybersecurity

Natural curiosity and ability to learn new skills quickly

Excellent troubleshooting and analytical skills, with proven ability to think outside the box

Customer service-oriented with strong written and verbal communication skills

Must thrive within a team environment as well as on an individual basis

Innovative mindset and driven to contribute to a team providing a best-in-class cybersecurity service

Bachelors in Information Technology, Computer Science or a related field; or relevant commensurate work experience

Desirable

Knowledge of MITRE ATT&CK framework

Experience with SQL query construction

Experience with OSQuery Programming and scripting skills - proficient knowledge of PowerShell

Experience with enterprise information security data management - SIEM

Advanced Cyber Security certifications

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

MDR Enhanced Senior Threat Analyst 1 (Romania)

Sophos · Romania

Apply now

Security Romania Posted Mar 31, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

As a MDR Enhanced Senior Threat Analyst, your primary role will be to perform security threat analysis of various malware and web attacks, tuning a customer wide event stream consisting of events from all major security platforms and working with customers to remediate security related issues based on operational needs.

Threat Analysis is focused on protecting our customers by providing exceptional information security services to include

Real-time threat analysis

Reference and apply Sophos internal and other Intelligence

First point of contact for customer interactions; conducted in a professional manner with emphasis on customer satisfaction

Point of coordination and collaboration with Incident Response, Product Support and other roles within Sophos and the customer environment

Provide Advanced Intrusion Analysis

What You Will Do

Review security-related events via cases and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information to provide customers with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations

Provide customers with understandable context around their security environment and threats

Interface with customers to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value

Work with customer and internal Sophos incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents

Use the Sophos platform to proactivity hunt for and investigate activity within the customer environment

Review security-related events via investigations and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information to provide customers with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations

Provide customers with understandable context around their security environment and threats

Interface with customers to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value

Work with customer and internal Sophos incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents

What You Will Bring

At least 5 years of experience working in a SOC environment or computer security team in an IT environment

Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience

Experience with threat hunting

Experience administering and supporting Windows and Unix bases Operating Systems, including both workstations and servers

Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.

Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.

Strong understanding of Windows event log analysis

Experience with basic Python scripts (reading and understanding)

Working knowledge of incident response procedures

Excellent troubleshooting and analytical thinking skills

Must be able to thrive within a team environment as well as on an individual basis

Customer service-oriented with strong documentation and communication skills

Passion for all things information technology and information security

Natural curiosity and ability to learn new skills quickly

Ability to think outside the box

Innovative mindset and driven to contribute to a team providing a best-in-class cybersecurity service

Bachelors in Information Technology, Computer Science or a related field; or relevant commensurate work experience

Willingness to participate in rotating weekend and holiday coverage (our MDR service is 24x7x365)

Desirable

Knowledge of MITRE ATT&CK framework

Experience with enterprise information security data management - SIEM experience

Experience with CQL query construction

Experience with OS Query Programming and scripting skills - proficient knowledge of PowerShell

Advanced Cyber Security certifications (CompTIA, SANS)

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Senior Threat Analyst 1

Sophos · Romania

Apply now

Security Romania Posted Mar 25, 2026

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

As a Senior Threat Analyst – Tier I on our Managed Detection and Response (MDR) team, you will provide best-in-class monitoring, detection, and response services to proactively defend customer environments before attacks prevail. You will work alongside and contribute to a team of cyber threat hunters, incident response analysts, engineers, and ethical hackers by using enterprise, log analysis and endpoint collection systems to facilitate investigations, identification, and neutralization of cyber threats.

What You Will Do

Monitor, investigate, and respond to alerts generated by the Sophos security stack (including EDR/XDR capabilities)
Lead and mentor Tier I Analysts through escalated cases, ensuring thorough and accurate investigation practices.
Perform end-to-end analysis on suspicious activity to assess scope, impact, and risk
Identify and respond to cyber threats across customer environments using approved playbooks and tooling
Accurately document findings, investigative steps, and outcomes in the MDR case management platform
Conduct threat hunting to identify potential threats throughout the MDR customer base
Investigate phishing emails, suspicious binaries, and behavioral anomalies
Support detection tuning by identifying recurring false positives and suggesting improvements
Stay informed on threat actor behaviors, MITRE ATT&CK techniques, and Sophos threat research updates
Proactively research emerging IOCs, active exploits, and vulnerabilities to stay ahead of evolving threats
Contribute to internal knowledge bases, documentation, and continuous improvement initiatives
Participate in shift rotations and ensure timely, detailed handovers between global teams
Provide detection and response support for active security incidents
Manage case workflows: create cases, track progress, and follow up with clients until resolution
Engage with clients via chat, phone, and tickets as part of case handling
Assist with developing and refining Security Operations processes, playbooks, and tooling feedback

What You Will Bring

Essential

3+ years of hands-on experience in a Security Operations Center (SOC), Managed Detection and Response (MDR) environment, or cybersecurity-focused IT role
Proficient in the use of endpoint and network security tools (e.g., EDR, IDS/IPS, malware detection platforms) with the ability to validate and triage complex alerts
Working knowledge of Windows operating systems (both workstation and server), with additional experience in Linux (Ubuntu, Debian, RedHat) or macOS environments
Ability to interpret and analyze Windows event logs and other telemetry data
Understanding of core network concepts including TCP/IP, protocols, routing, and traffic analysis
Demonstrated experience contributing to real-time incident response efforts and threat investigations
Exposure to threat hunting methodologies and an understanding of attacker behavior and patterns
Experience handling active threats, including containment, mitigation, and recovery efforts during security incidents
Familiar with techniques such as persistence, privilege escalation, lateral movement, and defense evasion, and able to identify these in real-world environments
Familiarity with common incident response workflows and security operations processes
Strong analytical thinking and troubleshooting skills, with attention to detail in investigations and case documentation
Excellent communication skills, with the ability to clearly explain findings to both technical and non-technical audiences
Customer-first mindset with professionalism and a focus on service excellence
Must thrive within a team environment as well as on an individual basis
Natural curiosity and willingness to learn in a fast-paced, ever-changing threat landscape
A passion for cybersecurity, continuous improvement, and staying current on threat trends

Bachelor's degree in information technology, Computer Science, Cybersecurity or related field, or equivalent practical experience
Ability to communicate in English

Willingness to participate in shift work including nights, weekends and holidays (our MDR service is 24x7x365)

Desirable

Familiarity with the MITRE ATT&CK framework and its application in detection and response
Experience working with SIEM platforms and managing enterprise security telemetry
Ability to write and interpret SQL queries for data analysis and investigation
Experience with OSQuery and scripting skills, particularly in PowerShell
Relevant and practical cybersecurity certifications (e.g., GSEC, GCIA, GCIH, PEN-200, Security Blue Team L1, TCM Academy SOC L1, or similar)

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Senior Identity Engineer

Sophos · United Kingdom

Apply now

Security Romania United Kingdom Posted Jul 31, 2025

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

IT at Sophos is the powerhouse behind world-class business capabilities, applications, infrastructure, and services that bring our company’s vision and strategy to life. Led by a seasoned leadership team with deep expertise in the security industry, and powered by technical contributors recognized as trailblazers in their fields, our department thrives on innovation and agility to deliver cutting-edge solutions. Joining our team means becoming part of a culture that champions creativity and excellence while investing in your growth. We are dedicated to your professional development, offering exciting opportunities to elevate your skills and advance your career.

Role Summary

Corporate Identity is a critical control point for Sophos, underpinning everything our employees do and serving as a foundation for our certification and compliance programs. We are looking for a Senior Identity Engineer to join our team of Subject Matter Experts (SMEs) who manage our modern identity stack, covering everything identity related from Passkeys through to our Identity Governance and Administration (IGA) processes.

What You Will Do

Contribute, and lead corporate identity projects, from Passkey deployments through to the retirement of legacy technology

Act as an SME in one or more of Microsoft Entra ID, Saviynt, MiServer AD

Onboard applications into Microsoft Entra ID and Saviynt

Support the broader team with identity related projects and expertise

Stay up to date with industry trends in PAM, PIM, and IGA

Work using agile methodologies

Join the identity team out of hours support rota

What You Will Bring

Hands-on experience and SME knowledge with OIDC, SCIM, OAuth, PAM, and PIM solutions

Experience managing and SME knowledge with Microsoft Entra ID (Azure AD) and Microsoft Active Directory

Experience with Saviynt

Understanding of identity governance and compliance controls

Desirable:

Terraform experience

Azure/Microsoft Certfications

CI/CD using GitHub

#Li-remote

#B2

#li-JA1

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Senior Threat Researcher Detection Engineer (Romania)

Sophos · Romania

Apply now

Engineering Romania Posted Jun 27, 2025

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

We are seeking a detail-oriented and technically skilled Detection Engineer to join our X-OPS team. In this role, you will be responsible for analyzing advanced security threats—ranging from malware to complex web attacks—and translating threat intelligence into high-fidelity detections across our platform. Your work will help ensure our analysts and clients receive highly accurate, actionable alerts with minimal noise.

You will leverage data from over 40 third-party and internal sources, partner with our CTU Threat Intelligence team, and use a range of scripting and automation tools to strengthen detection capabilities. The ideal candidate is a hands-on security practitioner with a deep understanding of endpoint behavior, malware analysis, and detection development who thrives in fast-paced, technical environments.

What You Will Do

Develop countermeasures to detect advanced threats based on research and intelligence from the CTU team.

Analyze endpoint behaviors and logs to design detections using multi-source telemetry.

Continuously refine and monitor detection rules to optimize the signal-to-noise ratio for alerts.

Research and implement alert handling for new device ingestions, ensuring high-value signal delivery.

Leverage internal tooling to distinguish native from standard integrations for detection accuracy.

Collaborate on the development of internal tools, automation, and detection infrastructure.

Act as a subject matter expert across departments including Product Management, Marketing, and Labs Research.

What You Will Bring

Strong passion for cybersecurity research and the ability to quickly learn emerging technologies.

Hands-on experience in scripting languages (PowerShell, Bash, Python) and use of Python data science libraries (e.g., NumPy, Pandas, Matplotlib).

Knowledge of CI/CD pipelines, testing frameworks, and automation principles.

Proficiency in analyzing logs from firewalls, proxies, and security infrastructure to identify anomalies.

Familiarity with event logs, traffic pattern anomalies, and threat hunting methodologies.

Strong understanding of endpoint detection, Linux/Unix and Windows OS internals, vulnerability identification, and workflow automation.

Experience with event correlation and incident reconstruction using log data is a plus.

Network traffic analysis skills, including identification of anomalous or malicious traits is a plus.

Solid grasp of database querying, systems architecture, and process automation for operational improvements is a nice to have.

Desirable:

Strong experience with XDR.

Nice to have

Experience in malware analysis, including static/dynamic techniques and reverse engineering (IA32/64, ARM binaries).

Forensic analysis of memory and disk images across various OS and file system types.

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Ready to apply?

Apply to Sophos

Sophos

View all jobs →

Sophos

Renewals Representative (German Speaking)

What You Will Do

What You Will Bring

Renewals Representative by Segment

Cyber Risk Advisor (Romania)

What You Will Do

What You Will Bring

Nice to have

Senior Threat Analyst 2 (Romania)

What You Will Do (Duties and Responsibilities)

What You Will Bring (Experience and Qualifications)

Senior Product Manager - CISO Advantage (m/f/d)

What You Will Do (Duties and Responsibilities)

What You Will Bring (Experience and Qualifications)

Knowledge & Skills

MDR Security Automation Researcher (Romania)

What You Will Do

What You Will Bring

A Plus if You Have

Senior Threat Behavior Researcher (UK)

What You Will Do

What You Will Bring

MDR Enhanced Threat Analyst 2 (Romania)

What You Will Do

What You Will Bring

Threat Analyst 2 - German Speaking

Main Duties

Skills & Experience

MDR Enhanced ​Senior Threat Analyst 1​ (Romania)

What You Will Do

What You Will Bring

Senior Threat Analyst 1

What You Will Do

What You Will Bring

Senior Identity Engineer

What You Will Do

What You Will Bring

Senior Threat Researcher Detection Engineer (Romania)

What You Will Do

What You Will Bring

Whoa — hold up

Don't be the 201st applicant.

MDR Enhanced Senior Threat Analyst 1 (Romania)