Key skills
LinuxSQLTCP/IPCommunicationProblem SolvingRemote WorkOWASPPenetration Testing
About this role
Role Overview
- Conduct application security assessments (web, mobile, API, etc.) using off-the-shelf or internally developed exploitation tools to execute manual testing for advanced attacks OR network penetration testing assessments (external pen test, internal pen test, etc.)
- Produce and deliver vulnerability and exploit information to clients in the form of a professional security assessment report
- Conduct client conference calls to include, but not limited to project kick-off calls, notification of high/critical findings during the testing process, and close out calls to review test findings, evidence, process steps to reproduce, and remediation recommendations
- Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
- Conduct exploitation testing using off-the-shelf or self-developed exploitation tools and document findings for client remediation
- Excel as both a self-directed individual contributor and as a member of a larger team
- Perform other essential duties as assigned
Requirements
- Minimum of 3 years of experience with penetration testing / vulnerability assessment.
- Minimum of 2 years of experience with at least one of the following: Nmap, Metasploit, Kali Linux, Burp Suite
- Native-level Japanese language skills (At minimum, business-level Japanese language skills are required)
- Desirable
- Offensive certifications such as CEH, WAPT, GPEN, GWAPT, GAWN, OSCP, etc.
- Knowledge of NetSparker and AppScan operating systems administration and internals (Microsoft Windows / Linux)
- Understanding of TCP/IP networking at a technical level
- Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience
- Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
- Working knowledge of SQL and high-level languages
- Good technical communication skills, both written and verbal; good analytical and problem solving skills
Tech Stack
- Linux
- SQL
- TCP/IP
Benefits
- Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach.
- Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
- Employee-led diversity and inclusion networks that build community and provide education and advocacy
- Annual charity and fundraising initiatives and volunteer days for employees to support local communities
- Global employee sustainability initiatives to reduce our environmental footprint
- Global fitness and trivia competitions to keep our bodies and minds sharp
- Global wellbeing days for employees to relax and recharge
- Monthly wellbeing webinars and training to support employee health and wellbeing