Senior Threat Researcher – Threat Detection Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Create countermeasures for detecting advanced threats, utilizing research and intelligence from the CTU team.

• Examine endpoint behaviors and logs to formulate detections through multi-source telemetry.

• Continuously enhance and oversee detection rules to maximize the signal-to-noise ratio for alerts.

• Investigate and implement alert handling for new device ingestions, ensuring the delivery of high-value signals.

• Utilize internal tools to differentiate between native and standard integrations to improve detection accuracy.

• Collaborate in the development of internal tools, automation, and detection infrastructure.

• Serve as a subject matter expert across various departments, including Product Management, Marketing, and Labs Research.

⛳️ Requirements

• Over 10 years of relevant experience in threat research, with at least 5 years in detection writing.

• Practical experience with scripting languages (PowerShell, Bash, Python) and the use of Python data science libraries (e.g., NumPy, Pandas, Matplotlib).

• Understanding of CI/CD pipelines, testing frameworks, and automation principles.

• Expertise in analyzing logs from firewalls, proxies, and security infrastructure to detect anomalies.

• Familiarity with event logs, traffic pattern anomalies, and methodologies for threat hunting.

• Strong knowledge of endpoint detection, Linux/Unix and Windows OS internals, vulnerability identification, and workflow automation.

• Experience with event correlation and incident reconstruction using log data is advantageous.

• Skills in network traffic analysis, including the identification of anomalous or malicious traits is a plus.

• A solid understanding of database querying, systems architecture, and process automation for operational enhancements is a nice-to-have.

• Experience in malware analysis, encompassing both static/dynamic techniques and reverse engineering (IA32/64, ARM binaries).

• Forensic analysis of memory and disk images across various operating systems and file system types.

🏝️ Benefits

• Sophos operates with a remote-first working model, where remote work is the primary option for most employees, although some positions may require a hybrid approach.

• Our team fosters a culture of innovation and creativity, all while maintaining a vibrant sense of fun and camaraderie.

• Employee-led diversity and inclusion networks that foster community engagement and provide education and advocacy.

• Annual charity initiatives and fundraising events, along with volunteer days for employees to give back to local communities.

• Global employee sustainability efforts aimed at reducing our environmental impact.

• Global fitness and trivia competitions to ensure our bodies and minds remain sharp.

• Global wellbeing days dedicated to helping employees relax and recharge.

• Monthly wellbeing webinars and training sessions to support employee health and wellness.