Penetration Testing Advisor

This is a fully remote position, open to applicants in Japan.

📋 Description

• Perform security assessments on applications (web, mobile, API, etc.) utilizing off-the-shelf or custom exploitation tools to carry out manual testing for advanced attack scenarios or network penetration testing evaluations (external and internal pen tests).

• Create and present vulnerability and exploit information to clients through a comprehensive professional security assessment report.

• Facilitate client conference calls, which may include project kick-off meetings, notifications of high/critical findings during the testing phase, and final calls to discuss test outcomes, evidence, procedural steps for reproduction, and remediation suggestions.

• Engage in proactive research to identify and comprehend emerging threats, vulnerabilities, and exploits.

• Conduct exploitation testing utilizing both commercial and self-developed exploitation tools, documenting findings for client remediation purposes.

• Excel as an independent contributor as well as a collaborative team member.

• Undertake other critical responsibilities as assigned.

⛳️ Requirements

• A minimum of 3 years of experience in penetration testing or vulnerability assessment.

• At least 2 years of experience with one or more of the following tools: Nmap, Metasploit, Kali Linux, Burp Suite.

• Proficiency in the Japanese language at a native level (at least business-level proficiency is required).

• Preferred certifications include Offensive certifications such as CEH, WAPT, GPEN, GWAPT, GAWN, OSCP, etc.

• Familiarity with NetSparker and AppScan, including operating systems administration and internals (Microsoft Windows / Linux).

• Technical understanding of TCP/IP networking.

• A Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience.

• Experience with various application attack vectors and security testing processes, along with a solid understanding of common vulnerabilities (e.g., OWASP Top 10).

• Proficient in SQL and high-level programming languages.

• Strong technical communication skills, both written and verbal, along with good analytical and problem-solving abilities.

🏝️ Benefits

• Sophos promotes a remote-first working model, making remote work the primary option for most employees, although some roles may require a hybrid approach.

• Our team fosters innovation and creativity, all while enjoying a strong sense of fun and camaraderie.

• Employee-led diversity and inclusion networks that cultivate community and provide education and advocacy.

• Annual charity and fundraising initiatives, along with volunteer days, allowing employees to support local communities.

• Global employee sustainability initiatives aimed at minimizing our environmental impact.

• Worldwide fitness and trivia competitions to keep both body and mind in top shape.

• Global well-being days for employees to unwind and recharge.

• Monthly well-being webinars and training sessions to enhance employee health and wellness.