sophos - Senior Threat Researcher

• Develop countermeasures to detect advanced threats based on research and intelligence from the CTU team. • Analyze endpoint behaviors and logs to design detections using multi-source telemetry. • Continuously refine and monitor detection rules to optimize the signal-to-noise ratio for alerts. • Research and implement alert handling for new device ingestions, ensuring high-value signal delivery. • Leverage internal tooling to distinguish native from standard integrations for detection accuracy. • Collaborate on the development of internal tools, automation, and detection infrastructure. • Act as a subject matter expert across departments including Product Management, Marketing, and Labs Research. • Strong passion for cybersecurity research and the ability to quickly learn emerging technologies. • Hands-on experience in scripting languages (PowerShell, Bash, Python) and use of Python data science libraries (e.g., NumPy, Pandas, Matplotlib). • Knowledge of CI/CD pipelines, testing frameworks, and automation principles. • Proficiency in analyzing logs from firewalls, proxies, and security infrastructure to identify anomalies. • Familiarity with event logs, traffic pattern anomalies, and threat hunting methodologies. • Strong understanding of endpoint detection, Linux/Unix and Windows OS internals, vulnerability identification, and workflow automation. • Forensic analysis of memory and disk images across various OS and file system types is a plus. • Experience in malware analysis, including static/dynamic techniques and reverse engineering (IA32/64, ARM binaries) is a plus. • Experience with event correlation and incident reconstruction using log data is a plus. • Network traffic analysis skills, including identification of anomalous or malicious traits is a plus. • Solid grasp of database querying, systems architecture, and process automation for operational improvements is a nice to have. • Ready to Join Us?