Sophos21d ago

MDR Security Automation Researcher (Romania)

RomaniaRemotePermanentmid

SecurityOtherResearcherRecruitment & Talent Acquisition

3 views0 saves0 applied

Apply Now

Quick Summary

Overview

About Us Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services.

Technical Tools

SecurityOtherResearcherRecruitment & Talent Acquisition

About Us

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.

Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.

Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

The Security Automation Researcher will be responsible for identifying, defining and implementing valuable automation opportunities for Sophos MDR team. By researching workflows, analyzing operational data, and collaborating with key stakeholders, this role consolidates requirements and implements, tests, and maintains new security automation workflows, ensuring they are robust, secure, and delivers measurable efficiency improvements. Leveraging proprietary and open-source tools and technologies, the MDR Security Automation Researcher will deliver against unique and broad challenges facing the efficiency and effectiveness of the Sophos MDR Team.

Investigate diverse workflows, tools, and processes across internal and external sources.

Collaborate with subject-matter experts (e.g., SOC analysts, incident responders) to capture detailed process steps to identify gaps and bottlenecks in existing operations that can benefit from automation.

Use scripting languages (e.g., Python, JavaScript, Bash, CEL) to develop secure, scalable solutions.

Integrate newly developed automated workflows with existing security tools (XDR, SIEM, AV, endpoint detection, etc.).

Conduct testing, validation, and troubleshooting to ensure reliable, stable deployment in production environments.

Continuously monitor and maintain implemented automation solutions, ensuring performance, reliability, and security.

Document technical specifications, deployment procedures, and operational guidelines for each automated workflow

Work with cross-functional teams (Security Operations, DevOps, IT) to ensure smooth coordination, prompt development, and stable release cycles.

Host knowledge-sharing sessions and workshops to communicate new automation concepts and outcomes.

Proven experience as a Cybersecurity Analyst working in a security operations center (Security analysis or incident response or threat hunting).

Preferred experience supporting global security operations or coordinating across MSSPs and internal teams, with focus on designing, documenting, or optimizing technical cyber security workflows.

Strong scripting skills (e.g., Python, PowerShell, JavaScript, Bash) and familiarity with API integrations for workflow automation.

Ability to convert documented requirements into actionable coding tasks in both independent and collaborative environments.

Preferred to have knowledge of BI/data cyber analytics tools (e.g., SQL, Power BI, KQL) or machine learning concepts applied to detection.

Familiarity with MITRE ATT&CK, threat intelligence platforms, or IOC integration.

Must thrive within a team environment as well as on an individual basis.

Natural curiosity and ability to learn new skills quickly.

Preferred certifications from GIAC, EC-Council, ISC2, CompTIA, Offensive Security or vendor-specific certs (e.g., Azure Security, AWS Security, CrowdStrike CFR, etc.).

Experience using Jupyter Notebooks and its common python data analytics libraries (e.g. Pandas).

Strong understanding of Windows event log analysis.

Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems.

DevOps experience with AWS and Kubernetes environments.