Threat Researcher 2

Bangalore, KA, IN, 560103

Sophos Labs

As a worldwide leader in next-generation cybersecurity, Sophos protects nearly 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs – a global threat intelligence and data science team – Sophos’ cloud-native and AI-enhanced solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cybercriminal tactics and techniques, including automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more. The award-winning Sophos Central cloud-based platform integrates Sophos’ entire portfolio of best-of-breed products, from the Intercept X endpoint solution to the XG Firewall, into a single system called Synchronized Security. Sophos products are exclusively available through a global channel of more than 47,000 partners and Managed Service Providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.”

SophosLabs is a global network of highly skilled and trained analysts and IT security professionals that is the front line in protecting businesses from known and emerging threats.  
Our analysts cover every area of IT security with integrated systems tracking malware, vulnerabilities, intrusions, spam, legitimate applications, legitimate and infected websites and mobile threats. Our automated systems work with Big Data technologies and continuously populate databases with legitimate and malicious content.

Sophos is focused on delivering the best IT security and data protection for businesses. Today Sophos products protect over 100,000 businesses and 100 million users, in more than 150 countries. We provide an excellent, supportive, open and lively work environment with exposure to leading technologies and opportunities for professional development and training.



Education –

-        Bachelor/Master Degree in Engineering, Computer Science/Electronics OR Bachelor/Master of Computer Application

-       Good to have certifications such as CEH, CCNA/CCNP, CISSP etc.


Experience –

-        Experience in Vulnerability/Exploit Research and IPS Signature Development/Test (preferably on Snort or equivalent engine)

-        Good understanding of various network and end-point security providing technologies such as conventional Firewalls, NGFWs, IDS/IPS, AV/UTM, Proxy Servers etc


Main Duties –


As a Threat Researcher you will be part of the front line responsible for helping to protect millions of users worldwide from computer security threats like malware, spam and phishing.

The successful candidate will provide analysis and detection of the latest threats and help create the next generation of SophosLabs research tools. The ideal candidate is passionate about computer security and has high aptitude for solving challenging puzzles with an attention to detail.


-        Analyze cyber threats/exploits in SWs and Applications

-        Reverse Engineer the threat/exploits, PoC code etc

-        Develop high-quality detection/IPS Signatures to detect and prevent threats/exploits.

-        Build, test and publish the detection / IPS Signatures

-        Write threat/exploit descriptions for publication on the Sophos website and threat research whitepapers. 

-        Track 0-days and new/latest Vulnerabilities and X-wares on regular basis and strive to provide timely protection against them to the customers.

-        Independently conduct research and reverse engineer the threat/exploits and able to provide research report.

-        Triage requests submitted by other departments, respond to tasks or escalate complex issues to senior team members

-        Answer customer queries routed through Technical Support and internal queries from all departments

-        Identify opportunities to write blogs for the Sophos website to raise customer awareness



Must Have Skills –


-        Extremely Strong and practical understanding of TCP/IP protocol suite, L2/L3/L4 network communication  and L7 protocols such as HTTP, SMTP, POP3, DNS, Telnet, HTTPS/SSL, FTP etc and ability to decode them in packet analyzer tools such as Wireshark, Ethereal, tcp-dump etc.

-        Very strong and practical understanding of commonly employed techniques used such as Cross Site Scripting (XSS), SQL Injection, Cross Site Request Forgery (CSRF), Directory Traversal, Buffer Overflow etc

-        Very strong/Hands-on experience with automation with any of the scripting language such as Python/Ruby/PERL/Shell/TCL etc and good understanding of C, C++, Java-Script, HTML, VB etc.

-        Experience with Snort or equivalent IPS engine, Snort rules and their constructs and ability to develop signatures/rules using Snort or equivalent constructs. Must be able to craft performance friendly patterns using PCRE.

-        Strong practical experience with commonly used open source and commercial attack simulating and pen-test tools such as Metasploit (MSF), Canvas, Core Impact, Ixia/BPS, Karalon, Spirent and Evader etc.

-        Able to craft packets and hands on experience on tools such as Wget, Curl, nmap, Hping2, Burp, Fiddler.

-        Strong hands-on experience on various OSes of UNIX flavors and Windows flavors.



At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.

Job Segment: Cisco, Developer, Computer Science, Java, Database, Technology