Penetration Tester

As a security company, Sophos takes its own security very seriously and has a Cyber Security team that focuses on protecting its products, systems, and infrastructure. We'll need you to contribute to the continual improvement of our security posture through testing of Sophos applications and infrastructure. This role is not customer facing; you will perform tests and see the impact of your findings as you help the teams design and architect resolutions to the issues you find. The ideal candidate will have real world experience in a Red Team and have worked through all stages of penetration testing from scoping to reporting. You should be highly motivated, have an innovative mindset, and exhibit good attention to detail, staying up to date with the latest techniques and threats to help protect Sophos and its customers.

• Organize, plan, and deliver penetration tests against Sophos web applications across a wide range of technologies.
• Organize, plan, and deliver penetration tests against the Sophos infrastructure, including on premise networks, AWS/Azure, and virtual environments.
• Use AI assisted workflows (including internal agents/skills where available) to augment penetration testing activities and improve coverage and efficiency, with appropriate oversight and review.
• Assist in the scoping, planning, and delivery of pentests by 3rd party vendors.
• Disseminate results to teams throughout the business.
• Work closely with the wider Cybersecurity team to develop common goals and outcomes.

• A solid background in both application and infrastructure penetration testing.
• Familiarity with common web technologies (PHP, JavaScript, API, etc.).
• Good knowledge of offensive techniques, OWASP & MITRE ATT&CK frameworks.
• Experience working with or assessing systems that incorporate AI or LLMs, including an understanding of common AI related security risks and abuse scenarios.
• Experience in delivering security testing projects.
• Practical knowledge of AWS technologies (S3, EC2, IAM, Lambda, etc.).
• Good interpersonal and networking skills.
• Industry recognised ethical hacking qualifications: OSCP, GPEN, or equivalent.

We're proud of the diverse and inclusive environment we have at Sophos, and we're committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.