Offensive Security Researcher Posted Oct 13
Sophos , Abingdon, Oxfordshire, United Kingdom
 
  • This employer requests that only candidates in United Kingdom apply to this job.

    You appear to be located in United States, not United Kingdom, so you will not be able to apply for this job.

Role

SophosLabs is developing a team of security researchers focused onoffensive techniques. This newly created team will work in conjunctionwith existing SophosLabs teams, which are focused on protectiontechnology development. The goal is to combine our existing 30 years ofexpertise in fighting malware with a deeper knowledge of modern hackingtechniques to further advance the protection capabilities in ourproducts and services.

The team will research and conduct analysis of existing and newcyber-attack techniques and tools. One of their tasks is to bypassexisting defense mechanisms in order to provide recommendation forproduct improvements. The team members will have opportunities tointernally and externally share their expertise and research atconferences, on social networks, publishing research papers andcontributing to defense testing tools and frameworks.

The ideal candidate is passionate about ethical hacking and is keen toapply their skills and talent to improve cyber-defenses as opposed tojust reporting on them. This is a unique opportunity for the securityresearchers who routinely expose gaps in corporate IT security and wouldlike to direct this knowledge to improve security solutions thatprotects millions of PCs, Macs, servers, networks and mobile devices.

Main Duties:

- Track and research modern attack techniques and share this knowledgeinternally and externally

- Develop deep understanding of popular offensive security tools and frameworks

- Identify protection gaps in Sophos products and provide suggestionsfor improvements

- Discover new mechanisms for orchestrating cyber-attacks and createtools around them for testing existing and future defenses

- Research 0-day attacks and exploits to fully understand their mechanics

- Develop and maintain internal attack playbooks and testing environments

- Analyze Sophos cyber-security product portfolio to discover any weakspots or new attack vectors.

- Partner and collaborate with the engineering team and otherSophosLabs teams to develop remediation recommendations and solutions

- Write blogs and whitepapers on the topics of cyberattacks, exploitsand offensive security

Experience and Skills:

- Experience in IT offensive security experience, including pentesting,red or purple teams, CTF participation, attack tool development

- In-depth understanding of modern computing platforms, architecturesand ways to attack them and their stored data

- Programming and automation experience, scripting

- Strong understanding of Internet technologies and protocols

- Knowledge of software exploitation techniques in modern operation systems

- Knowledge of malware and anti-malware problem domain

- Reverse engineering of executable files

- Good understanding of file formats used as attack vectors

- Excellent written and verbal communication skills

Desired:

- Advanced vulnerability analysis and exploitation skills

- Static and dynamic malware analysis

- Network protocol analysis

- Open-source software contributions

- Ethical hacking focused certifications

Benefits

The remuneration package includes:

- Annual holiday entitlement of 25 days

- Group personal pension scheme

- Private medical insurance

- Critical illness insurance

- Death in service policy (life assurance)

- Permanent health insurance

- Travel insurance

- Personal accident cover

Working conditions at Sophos are very good and include:

- Subsidised staff restaurant

- Free beverages, fruit and pastries

NOTICE TO RECRUITERS & PLACEMENT AGENCIES

If you are a recruiter or placement agency, please do not submitresumes to any person or email address at Sophos prior to having asigned agreement from Human Resources. Sophos is not liable for and willnot pay placement fees for candidates submitted by any agency.Furthermore, any resumes sent to us without an agreement in place willbe considered your company's gift to Sophos and may be forwarded to ourrecruiters for their attention. Thank you.

- provided by Dice

Employment Type: Permanent

Share