Organize, plan and deliver penetration tests against Sophos web applications across a wide range of technologies
Organize, plan and deliver penetration tests against the Sophos infrastructure including on-premise networks, AWS/Azure and virtual environments
Use AI-assisted workflows (including internal agents/skills where available) to augment penetration testing activities and improve coverage and efficiency, with appropriate oversight and review
Assist in the scoping, planning and delivery of pentests by 3rd party vendors
Disseminate results to teams throughout the business
Work closely with the wider Cybersecurity team to develop common goals and outcomes

A solid background in both application and infrastructure penetration testing
Familiarity with common web technologies (PHP, Javascript, API etc)
Good knowledge of offensive techniques, OWASP & MITRE ATT&CK frameworks
Experience working with or assessing systems that incorporate AI or LLMs, including an understanding of common AI‑related security risks and abuse scenarios
Experience in delivery of security testing projects
Practical knowledge of AWS technologies (S3, EC2, IAM, Lambda etc)
Good interpersonal & networking skills
Industry recognised ethical hacking qualifications: OSCP, GPEN or equivalent

Sophos operates a remote-first working model
Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
Employee-led diversity and inclusion networks that build community and provide education and advocacy
Annual charity and fundraising initiatives and volunteer days for employees to support local communities
Global employee sustainability initiatives to reduce our environmental footprint
Global fitness and trivia competitions to keep our bodies and minds sharp
Global wellbeing days for employees to relax and recharge
Monthly wellbeing webinars and training to support employee health and wellbeing

Penetration Tester

Key skills