Manager, Detection Engineering

Threat Intelligence – Managed Detection Response and Security Operations /
/ Remote
Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos has major hubs around the globe. More information is available at

Role Summary
Threats and adversaries are ever changing, which requires us as defenders to constantly be vigilant and innovating detection and response strategies. The Sophos MDR team operates 24/7 to quickly detect and respond to threats which are targeting our customers.
As a lead for our MDR detection engineering team, you will help mature the detection engineering processes and capabilities to better defend our customer’s networks. You will be on the front lines of innovation leading a highly motivated team focused on identifying and developing solutions to detect and stop adversaries. This role will support our global 24/7 MDR operation by providing high-fidelity signals and technical analysis aimed to detect adversary tactics, techniques, and behaviors. A competitive candidate would have previous security operations familiarity, experience managing technical teams, an understanding of the detection engineering lifecycle, and the desire to make it harder for adversaries to succeed.

What You Will Do

    •  Lead and develop a technical team of security professionals as a player-coach, responsible for creating and managing high quality threat detection content.
    • Build new security detections to support daily operations and faster, more accurate, identification of threats.
    • Leverage threat intelligence and intrusion data of adversary behaviors to create new high-fidelity security detections.
    • Work with our threat operations and incident response teams to understand emerging trends and provide feedback to product management and engineering to develop the detection roadmap.
    • Provide technical leadership to the threat detection team and support the professional development of team members by providing coaching and mentorship.
    • Create, track, and iterate on metrics of the detection engineering process to show progress towards goals and track gaps in detection coverage.
    • Collaborate on ways to improve detection and response capabilities.
    • Champion your team’s mission and regularly communicate with teams outside of your organizational structure.
    • Lead and track the progress of projects critical to the success and improvement of the threat detection team
    • Foster an environment of trust, respect, and inclusion.

What You Will Bring

    • A deep understanding of Threat Actor TTPs (MITRE ATT&CK).
    • A proven, empathetic leader with experience building a team with diverse skills and backgrounds such as threat hunting, security research, and detection engineering.
    • Written and verbal communication skills to describe security event details and technical analysis with audiences within the cybersecurity organization and other technology groups.
    • Experience with threat hunting on a large, enterprise network both as an individual and leading exercises with other team members.
    • An understanding of log analysis from multiple sources (e.g. firewall, cloud, endpoints) to identify and investigate security events and anomalies.
    • Passionate about stopping adversaries and making meaningful improvements to customers’ security posture.
    • Proficiency in at least one of the following areas - Incident Response/Threat Hunting/Threat Intelligence/Threat Detection.
    • Operates independently, makes decisions, takes action, and has ownership.
Applicants in British Columbia may email for the up-to-date salary ranges for the position.

What's Great About Sophos?
·   Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
·   Employee-led diversity and inclusion networks that build community and provide education and advocacy
·   Annual charity and fundraising initiatives and volunteer days for employees to support local communities
·   Global employee sustainability initiatives to reduce our environmental footprint
·   Global fitness and trivia competitions to keep our bodies and minds sharp
·   Global wellbeing days for employees to relax and recharge 
·   Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You
We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity.   We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants that can contribute to the diversity of our team.  All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation.  We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. 

Data Protection
If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact