Sophos
Cyber Risk Analyst
TLDR
As a Cyber Risk Analyst I, you will proactively assess vulnerabilities and work with the Managed Risk team to enhance customer security posture.
About Us
Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.
Role Summary
As a Cyber Risk Analyst I, you will work proactively in assessing and prescribing remediation actions related to vulnerabilities identified within Sophos customers’ environments. You will work closely with senior analysts and advisors to analyze data, conduct cyber risk assessments, and develop strategies to enhance our customers’ security posture.
You’ll be part of the Sophos Managed Risk team, which helps organizations proactively reduce cyber risk by identifying, prioritizing, and remediating vulnerabilities across both internal and external attack surfaces. The team leverages industry-leading exposure management technology, powered by Tenable, to uncover previously unknown assets and continuously monitor them for potential security weaknesses. They evaluate vulnerabilities in the context of real-world exploitability, emerging threats, and business impact, enabling customers to focus on remediation efforts where it matters most. The team delivers clear risk insights, actionable remediation guidance, and expert analysis, while also tracking newly disclosed and critical vulnerabilities as they arise. By combining deep technical expertise with close customer collaboration, the Sophos Managed Risk team plays a crucial role in strengthening security posture, reducing exposure, and preventing attacks before they impact business operations.
What you will do
Conduct recurring vulnerability scanning on enterprise assets; report discovered vulnerabilities.
Monitor and review vulnerability and compliance scan results, tracking remediation against service objectives
Assist senior-level team members in developing risk-based remediation plans with proposed solutions for identified vulnerabilities
Stay informed about the threat landscape to prioritize vulnerabilities and adapt security measures accordingly
Engage in continuous, self-driven learning to stay updated on trends, strategies, and technologies in the Vulnerability Management space
Maintain strong working relationships and credibility amongst groups within the Sophos Managed Services organization
What you will bring
1+ years of experience in conducting vulnerability assessments, attack surface management preferably in both IT and OT (Operational Technology) environments
Must be able to thrive within a team environment as well as on an individual basis
Entry-level understanding of Vulnerability Management practices and risk analytics/modeling
Proficient in utilizing vulnerability scanning tools, e.g., Nessus/Tenable
Experience in tracking trends and configuring systems to minimize false positives and focus on true events
Exceptional writing, documentation, and presentation skills to effectively communicate findings to customers/stakeholders
Ability to prioritize impactful vulnerabilities and minimize noise often associated with vulnerability tools
Understanding of network-based, system-level, cloud, and application-layer attacks and their mitigation methods
Understanding of vulnerability classification and scoring methodologies (CVSS, CVE, CWE) and fundamental grasp of risk vs severity
Willingness to work outside of standard business hours including weekends and holidays – the Sophos Managed Risk service is 24X7X365
Skilled in managing time independently while juggling multiple projects concurrently in a fast-paced environment
Excellent customer service skills
Degree in one or more of the following fields: Cybersecurity, Information Technology, Computer Science, or related fields.
#LI-Remote
#B1
Ready to Join Us?
At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.
What's Great About Sophos?
· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.
· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
· Employee-led diversity and inclusion networks that build community and provide education and advocacy
· Annual charity and fundraising initiatives and volunteer days for employees to support local communities
· Global employee sustainability initiatives to reduce our environmental footprint
· Global fitness and trivia competitions to keep our bodies and minds sharp
· Global wellbeing days for employees to relax and recharge
· Monthly wellbeing webinars and training to support employee health and wellbeing
Our Commitment To You
We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.
Data Protection
If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos
Benefits
Monthly wellbeing training
Monthly wellbeing webinars and training to support employee health and wellbeing
Remote-Friendly
Sophos operates a remote-first working model, making remote work the primary option for most employees.
Sophos builds advanced security solutions designed to protect against cyberattacks, delivering comprehensive services like Managed Detection and Response (MDR) and endpoint, network, and email security. Targeting organizations across the globe, Sophos serves over 600,000 clients, utilizing the expertise of their combined technologies following the acquisition of Secureworks. Their unique offerings interoperate through the Sophos Central platform, fortified by real-time threat intelligence from their dedicated threat teams.
- Founded
- Founded 1985
- Employees
- 500+ employees
- Industry
- Professional Services
Risk Analyst