Junior Penetration Tester

📋 Description

• Plan, organize and execute penetration tests on Sophos web applications utilizing a diverse array of technologies.

• Plan, organize and execute penetration tests on the Sophos infrastructure, including on-premise networks, AWS/Azure, and virtual environments.

• Leverage AI-assisted workflows (including internal agents/skills where available) to enhance penetration testing efforts and boost coverage and efficiency, with suitable oversight and review.

• Support in the scoping, planning, and execution of penetration tests conducted by third-party vendors.

• Communicate results to various teams across the organization.

• Collaborate closely with the broader Cybersecurity team to establish shared objectives and outcomes.

⛳️ Requirements

• A robust background in both application and infrastructure penetration testing.

• Familiarity with commonly used web technologies (such as PHP, JavaScript, APIs, etc.).

• Strong understanding of offensive techniques, as well as the OWASP & MITRE ATT&CK frameworks.

• Experience in working with or evaluating systems that utilize AI or LLMs, including knowledge of prevalent AI-related security risks and misuse scenarios.

• Proven experience in delivering security testing projects.

• Practical knowledge of AWS technologies (including S3, EC2, IAM, Lambda, etc.).

• Excellent interpersonal and networking skills.

• Industry-recognized ethical hacking certifications: OSCP, GPEN, or equivalent.

🏝️ Benefits

• Sophos employs a remote-first working model.

• Our team thrives on innovation and creativity, all while fostering a vibrant sense of fun and camaraderie.

• Employee-led diversity and inclusion networks that foster community building and provide education and advocacy.

• Annual charity and fundraising initiatives, along with volunteer days for employees to engage with local communities.

• Global sustainability initiatives aimed at reducing our environmental impact.

• Worldwide fitness and trivia competitions to keep our minds and bodies active.

• Global well-being days for employees to unwind and rejuvenate.

• Monthly well-being webinars and training sessions to promote employee health and wellness.