Senior Offensive Security Researcher

  • Sophos,
  • Abingdon
Telecommuting not available Travel not required

Job Description


SophosLabs is developing a team of security researchers focused on offensive techniques. This newly created team will work in conjunction with existing SophosLabs teams, which are focused on protection technology development. The goal is to combine our existing 30 years of expertise in fighting malware with a deeper knowledge of modern hacking techniques to further advance the protection capabilities in our products and services.

The team will research and conduct analysis of existing and new cyber-attack techniques and tools. One of their tasks is to bypass existing defense mechanisms in order to provide recommendation for product improvements. The team members will have opportunities to internally and externally share their expertise and research at conferences, on social networks, publishing research papers and contributing to defense testing tools and frameworks.

The ideal candidate is passionate about ethical hacking and is keen to apply their skills and talent to improve cyber-defenses as opposed to just reporting on them. This is a unique opportunity for the security researchers who routinely expose gaps in corporate IT security and would like to direct this knowledge to improve security solutions that protects millions of PCs, Macs, servers, networks and mobile devices.

Main Duties:

- Track and research modern attack techniques and share this knowledge internally and externally
- Develop deep understanding of popular offensive security tools and frameworks
- Identify protection gaps in Sophos products and provide suggestions for improvements
- Discover new mechanisms for orchestrating cyber-attacks and create tools around them for testing existing and future defenses
- Research 0-day attacks and exploits to fully understand their mechanics
- Develop and maintain internal “attack playbooks” and testing environments
- Analyze Sophos cyber-security product portfolio to discover any weak spots or new attack vectors.
- Partner and collaborate with the engineering team and other SophosLabs teams to develop remediation recommendations and solutions
- Write blogs and whitepapers on the topics of cyberattacks, exploits and offensive security

Experience and Skills:

- Experience in IT offensive security experience, including pentesting, red or purple teams, CTF participation, attack tool development
- In-depth understanding of modern computing platforms, architectures and ways to attack them and their stored data
- Programming and automation experience, scripting
- Strong understanding of Internet technologies and protocols
- Knowledge of software exploitation techniques in modern operation systems
- Knowledge of malware and anti-malware problem domain
- Reverse engineering of executable files
- Good understanding of file formats used as attack vectors
- Excellent written and verbal communication skills


- Advanced vulnerability analysis and exploitation skills
- Static and dynamic malware analysis
- Network protocol analysis
- Open-source software contributions
- “Ethical hacking” focused certifications

The remuneration package includes:

- Annual holiday entitlement of 25 days
- Group personal pension scheme
- Private medical insurance
- Critical illness insurance
- Death in service policy (life assurance)
- Permanent health insurance
- Travel insurance
- Personal accident cover

Working conditions at Sophos are very good and include:
- Subsidised staff restaurant
- Free beverages, fruit and pastries

If you are a recruiter or placement agency, please do not submit resumes to any person or email address at Sophos prior to having a signed agreement from Human Resources. Sophos is not liable for and will not pay placement fees for candidates submitted by any agency. Furthermore, any resumes sent to us without an agreement in place will be considered your company's gift to Sophos and may be forwarded to our recruiters for their attention. Thank you.
Dice Id : DI6692
Position Id : Senior Offensive Security Researcher
Have a Job? Post it

Similar Positions

Security Assurance Coordinator
  • People Source
  • Wiltshire
Cyber Incident Response Lead Investigator
  • BAE Systems Applied Intelligence
  • Guildford
Cyber Security Engineer
  • Wipro
  • Warwick
Head of Cyber Security
  • BSI (British Standards Institution)
  • West London
Cyber Security Lead
  • Modis International - London
  • North London
Information Security (InfoSec) Manager - Own the Function
  • Talent Point Ltd
  • City Of Westminster
Security Operations Centre Analyst
  • Harrington Starr
  • London