Full-Time

Senior Threat Researcher

Behavioural

Posted on 7/26/2024

Sophos

Sophos

1,001-5,000 employees

Provides cybersecurity solutions for businesses

No salary listed

Senior, Expert

Remote in UK

Category
Cybersecurity
IT & Security
Required Skills
Python
Communications
Requirements
  • Strong knowledge of Windows Internals including Memory management, Processes, Threads.
  • Proficiency in both static and dynamic analysis of threats, using tools such as IDAPro, WinDbg
  • Demonstrated programming experience. Preferred: Python, Lua.
  • Excellent communication skills with the ability to demonstrate complex technical problem to peer researchers as well as to product engineering team
  • Excellent analytical and problem-solving skills with the ability to think strategically and creatively
  • Bachelor’s degree in computer software (Computer Security preferable) or equivalent experience
Responsibilities
  • Conduct in-depth behavioural analysis of Windows threats
  • Develop Behavioural rules for various threat behaviours including hands-on keyboard attack, malware payloads, initial attack vectors and Advanced Persistent Threats (APTs)
  • Produce quality threat analysis reports for both internal and external audience
  • Collaborate with other cross-functional teams to improve behavioural protection capability based on the threat analysis
  • Guide and train junior team members in assisting malware analysis, peer code review
  • Assist in the development of tools wherever necessary to improve day-to-day task

Sophos provides cybersecurity solutions to protect businesses from digital threats like malware, ransomware, and phishing attacks. Their products include endpoint protection for individual devices, network security for entire systems, and mobile security for smartphones and tablets. A key feature is Sophos Central, a cloud-based management console that allows users to oversee all security measures from one platform, making it easier to manage and respond to threats. Additionally, Sophos offers Managed Detection and Response (MDR) services, where experts monitor and address security incidents for clients who may not have in-house capabilities. Unlike many competitors, Sophos focuses on an integrated approach to security, combining various services and products under a subscription model, which provides consistent revenue and allows for ongoing support and training for clients.

Company Size

1,001-5,000

Company Stage

Acquired

Total Funding

$4.7B

Headquarters

Abingdon, United Kingdom

Founded

1985

Simplify Jobs

Simplify's Take

What believers are saying

  • Increased demand for AI-driven cybersecurity solutions boosts Sophos' market potential.
  • Sophos' focus on zero-trust security models aligns with industry trends.
  • Sophos' MDR services significantly reduce insurance payouts for clients.

What critics are saying

  • AI use by cybercriminals challenges Sophos' traditional security measures.
  • Rapid malware evolution requires Sophos to constantly update its defenses.
  • Compromised login credentials remain a persistent vulnerability for Sophos clients.

What makes Sophos unique

  • Sophos Central offers a unified platform for managing diverse security solutions.
  • Sophos' MDR services provide expert monitoring and response to security incidents.
  • Sophos integrates cybersecurity with cloud services, enhancing operational efficiency.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Disability Insurance

Remote Work Options

Wellness Program

Mental Health Support

Company News

TechMoran
Apr 9th, 2025
Sophos Appoints Chris Bell To Lead Global Channel Strategy

Sophos, a global cybersecurity solutions firm has named Chris Bell as senior vice president of global channel, alliances and corporate development.Bell will lead the evolution of Sophos’ global channel strategy to deliver a world-class partner experience.“Partners need adaptable strategies that prioritize flexibility to stay ahead of the increasingly complex threat landscape,” said Bell. “Unifying Sophos’ and Secureworks’ portfolios presents a unique opportunity to accelerate a future-ready channel program that arms partners with the technology, services, insights, and enablement needed to protect customers and fuel long-term growth.”Bell joined Sophos following its acquisition of Secureworks, where he served as chief strategy officer, responsible for long-term vision, strategic partnerships, corporate development and strategy. Building on his career of more than two decades working in the technology industry, including nearly a decade in cybersecurity and channel; Bell’s leadership will focus on developing and executing a channel strategy that prioritizes expanding reach, empowering partners and driving growth. Key priorities for Bell at Sophos will include:. §  Enhancing Sophos Partner Experience to make it seamless for partners to do business with Sophos at high velocity, while streamlining operations.§  Continued Innovation for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) with Sophos’ industry-leading cybersecurity platform, enabling superior cybersecurity outcomes for customers, enhancing operational efficiency for security analysts, and boosting profitability for partners.§  Fueling Partner Growth with service delivery competencies,expanded partner enablement programs including persona-based training and fast-track training to expand partners cybersecurity expertise.§  Increasing Sophos’ Market Reach by leveraging the unified portfolio of Sophos and Secureworks to deliver best-in-class security technologies and services, empowering partners to enhance cybersecurity and strengthen the security posture of organizations, from commercial to enterprise.§  Expanding Routes to Market by bolstering Sophos’ presence across technology alliances, marketplaces and the cyber insurance ecosystem. Sophos will also continue to maintain its focus across resellers, service providers, and OEM channels.A core piece of Sophos’ channel strategy is to better equip partners in addressing the evolving security challenges faced by businesses of all sizes

Sophos
Apr 8th, 2025
Sophos Firewall v21.5 early access is now available

Last year, Sophos Group launched its DNS Protection service and made it free for all Xstream protection-licensed firewall customers.

ChannelVision Magazine
Apr 8th, 2025
Sophos Names SVP, Global Channel, Alliances, Corporate Development

Bell joined Sophos following its acquisition of Secureworks, where he served as chief strategy officer, and was responsible for long-term vision, strategic partnerships, corporate development and strategy.

Femme Hub
Apr 8th, 2025
Chris Bell Appointed Senior VP of Global Channel at Sophos

Sophos has been recognized as a Champion in the Canalys Global Cybersecurity Leadership Matrix 2025, underscoring its excellence in channel management and market performance.

TechMoran
Apr 3rd, 2025
Compromised Login Credentials Are The Root Cause Of Cyber Attacks-Sophos Report

Share thisCompromised login credentials are the root cause of cyber attacks according to a new report by Sophos, a global leader of innovative security solutions for defeating cyberattacks.The report, dubbed the 2025 Sophos Active Adversary Report, found that the primary way attackers gained initial access to networks [56% of all cases across MDR and IR] was by exploiting external remote services, which includes edge devices such as firewalls and VPNs, by leveraging valid accounts.The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in row, compromised credentials were the number one root cause of attacks [41% of cases]. This was followed by exploited vulnerabilities [21.79%] and brute force attacks [21.07%].Understanding The Speed of AttacksWhen analyzing MDR and IR investigations, the Sophos X-Ops team looked specifically at ransomware, data exfiltration, and data extortion cases to identify how fast attackers progressed through the stages of an attack within an organization. In those three types of cases, the median time between the start of an attack and exfiltration was only 72.98 hours [3.04 days]. Furthermore, there was only a median of 2.7 hours from exfiltration to attack detection.“Passive security is no longer enough. While prevention is essential, rapid response is critical

INACTIVE