Senior Threat Researcher- Threat Detection Engineer

Sophos·Remote(India)
Software Development
AdjustExcel

WFA Digital Insight

As the demand for cybersecurity specialists continues to surge, with a 25% increase in 2025, roles like this Senior Threat Researcher position at Sophos are becoming increasingly crucial. With the rise of complex web attacks and malware, companies are looking for experts who can translate threat intelligence into actionable detections. Sophos, a global leader in cybersecurity, offers a unique opportunity for threat researchers to work with cutting-edge technologies and collaborative teams. Before applying, candidates should be aware of the high level of technical expertise required and the fast-paced environment of the cybersecurity industry.

Job Description

About the Role

The Senior Threat Researcher- Threat Detection Engineer role at Sophos is a critical position that involves analyzing and detecting advanced security threats. As part of the X-OPS team, the successful candidate will be responsible for developing countermeasures to detect complex threats, leveraging data from over 40 third-party and internal sources. This role requires a deep understanding of endpoint behavior, malware analysis, and detection development.

The X-OPS team at Sophos is composed of experienced security professionals who work together to provide high-fidelity detections across the company's platform. As a Senior Threat Researcher, you will be working closely with the Counter Threat Unit (CTU) team to gather threat intelligence and develop effective countermeasures.

The role of a Senior Threat Researcher at Sophos is not only technically challenging but also highly rewarding. With the increasing demand for cybersecurity specialists, this position offers a unique opportunity to work with cutting-edge technologies and contribute to the protection of over 28,000 organizations worldwide.

What You Will Do

  • Develop countermeasures to detect advanced threats based on research and intelligence from the CTU team
  • Analyze endpoint behaviors and logs to design detections using multi-source telemetry
  • Continuously refine and monitor detection rules to optimize the signal-to-noise ratio for alerts
  • Research and implement alert handling for new device ingestions, ensuring high-value signal delivery
  • Leverage internal tooling to distinguish native from standard integrations for detection accuracy
  • Collaborate on the development of internal tools, automation, and detection infrastructure
  • Act as a subject matter expert across departments, including Product Management, Marketing, and Labs Research
  • Partner with the CTU Threat Intelligence team to gather threat intelligence and develop effective countermeasures
  • Utilize data from various sources to identify patterns and anomalies in endpoint behavior

What We Are Looking For

  • Strong passion for cybersecurity research and the ability to quickly learn emerging technologies
  • 10+ years of relevant experience in threat research, 5+ years in detection writing
  • Hands-on experience in scripting languages (PowerShell, Bash, Python) and use of Python data science libraries (e.g., NumPy, Pandas, Matplotlib)
  • Knowledge of CI/CD pipelines, testing frameworks, and automation principles
  • Proficiency in analyzing logs from firewalls, proxies, and security infrastructure to identify anomalies
  • Familiarity with event logs, traffic pattern anomalies, and threat hunting methodologies
  • Strong understanding of endpoint detection, Linux/Unix and Windows OS internals, vulnerability identification, and workflow automation
  • Experience with event correlation and incident reconstruction using log data
  • Network traffic analysis skills, including identification of anomalous or malicious traits

Nice to Have

  • Experience with cloud security and cloud-based threat detection
  • Familiarity with containerization and container orchestration tools (e.g., Docker, Kubernetes)
  • Knowledge of machine learning and artificial intelligence applications in cybersecurity
  • Certification in cybersecurity or a related field (e.g., CISSP, CEH)

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a global leader in cybersecurity
  • Collaborative and dynamic work environment
  • Professional development and training opportunities
  • Flexible working hours and remote work options
  • Access to cutting-edge technologies and tools
  • Recognition and reward for outstanding performance

How to Stand Out

  • Develop a strong portfolio of your threat research and detection work to demonstrate your expertise to potential employers.
  • Stay up-to-date with the latest developments in cybersecurity and threat intelligence to increase your chances of success in this role.
  • Practice your communication skills to effectively collaborate with cross-functional teams and present complex technical information to non-technical stakeholders.
  • Highlight your experience with automation tools and scripting languages to demonstrate your ability to work efficiently and effectively.
  • Prepare to discuss your experience with threat hunting methodologies and event log analysis during the interview process.
  • Be prepared to provide examples of your experience with CI/CD pipelines and testing frameworks.
  • Research the company culture and values to ensure you are a good fit for the organization.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.