Threat Researcher

Vancouver, CA, V6C 1W6

Sophos Labs

Threat Researcher - Generic Detection


Job Purpose:

SophosLabs is recruiting an Intermediate Threat Researcher to join our Generic Detection Team - the global team of highly skilled security experts that deliver protection against Windows executable threats and applications.


As a member of the Generic Detection Team, you will leverage existing skills and learn new ones. You will use reverse engineering skills to develop new techniques for classifying and differentiating suspicious and clean files, and new methods for grouping and detecting executable threats and applications. You will employ unpacking and emulation methods to decrypt and deobfuscate packed code, allowing us to understand the hidden functionality. You will also contribute to research and data mining initiatives to discover new threats and opportunities improve protection.


The Generic Detection Team has members across the multiple locations that make up the global SophosLabs organization. You will work with local and remote security researchers across multiple teams to analyze, classify and create protection for malware, occasionally contributing to our customer response efforts within a local rotation.


Main Duties

  • Participate in or lead research efforts within a particular threat research area 
  • Conduct research and analysis of a variety of different malware families and threats
  • Produce high-quality proactive protection against Windows malware and applications
  • Identify opportunity for and contribute to articles and/or whitepapers on research
  • Develop tools, workflow and/or systems improvements

Experience & Skills


  • 2+ years in computer security field
  • Reverse engineering using IDA Pro
  • Solid expertise in particular threat type or detection technology
  • Proven ability to prioritise and organise assigned tasks
  • Ability to work both independently and as part of a team
  • Good written and verbal communication skills
  • Bachelor degree in Computer Software (or equivalent)


  • Debugging using OllyDbg or WinDbg
  • Knowledge of Windows internals and kernel-level analysis
  • Published technical / whitepapers
  • Data mining experience
  • Knowledge of a scripting language, such as Python or Perl

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.

Job Segment: Data Mining, Technology