- Company: Sophos
- Location: Japan, Philippines, Thailand
Sophos at a glance
sophos.com- Founded 1985
SEC filings mentioning "Sophos": 630 — search EDGAR
1,179 employees covered under a retirement plan (2024 filing) — via DOL Form 5500 / EFAST2
4,750 Wikipedia views in June 2026 — a rough gauge of public visibility.
Sophos is hiring a Senior Penetration Testing Analyst to join its offensive security team across Japan, the Philippines, and Thailand — a full-time, on-site role for an experienced ethical hacker ready to expose and exploit real-world vulnerabilities before adversaries can.
About the Role
As a Senior Penetration Testing Analyst at Sophos, you will apply hands-on threat intelligence to uncover, validate, and weaponize weaknesses inside client environments. Your work will center on one of three disciplines: application security (web and API penetration testing), network security (vulnerability assessments, external and internal penetration tests), or Red Team exercises that simulate genuine cyberattacks. Mastery of every area is not expected — strength in your focus discipline matters most, and broader exposure is a welcome bonus.
Key Responsibilities
- Run application security assessments (web, mobile, API) or network penetration tests using commercial and in-house exploitation tooling, including manual testing for advanced attack scenarios.
- Translate findings into clear, professional security assessment reports and deliver them directly to clients.
- Lead client calls spanning project kick-offs, urgent high- and critical-severity notifications, and close-out sessions covering evidence, reproduction steps, and remediation guidance.
- Research emerging threats, vulnerabilities, and exploits to keep your testing sharp.
- Operate effectively both as a self-directed contributor and within a larger team, and act as a service owner who mentors and technically guides junior colleagues.
Qualifications
- At least five years of experience in web application or penetration testing.
- At least five years using one or more of Nmap, Metasploit, Kali Linux, or Burp Suite.
- Native-level Japanese (business-level Japanese at minimum) plus business-level English.
- Solid grasp of TCP/IP networking and working knowledge of SQL and high-level languages.
- Deep familiarity with common vulnerabilities such as the OWASP Top 10 and diverse application attack vectors.
- Desirable: offensive certifications (GPEN, GWAPT, OSCP, OSEP, OSWE, OSWP), Windows Active Directory or AWS/Azure/GCP testing experience, and a degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field — or equivalent professional experience.
- Strong written and verbal technical communication, sharp analytical thinking, and a track record of helping teammates succeed.
About Sophos
Sophos is a global cybersecurity leader protecting 600,000 organizations through an AI-driven platform and expert-led services, including industry-leading managed detection and response, endpoint, network, email, and cloud security. Headquartered in Oxford, U.K., Sophos pairs machine learning and automation with the human expertise of Sophos X-Ops.
How to Apply
To apply, complete your application directly on this page, or you'll be redirected to the employer's application platform to finish submitting there.
Apply now
Takes about a minute — like Indeed Apply. The employer sees you in their Candidates list.
To apply for this job please visit himalayas.app.
Explore Sophos online
What people say about Sophos
- The Marines say the F-35 is now ready for combat
- ClamXav just went commercial, no open source version
- LastPass Security Notice
- The Next Twenty Years of Java: Where We've Been and Where We're Going
Recent news
- When AI agents look like attackers: what behavioral telemetry tells us - Sophos
- Sophos Flags Vect-TeamPCP Cybercriminal Ransomware Alliance - Cyber Magazine
- ZAWYA: Sophos appoints Naveed Malik to accelerate and scale its EMEA MSP partner ecosystem - TradingView
- AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers - The Hacker News
- Exploit Mitigation for the AI Era: Why Default-On Protection Matters - Sophos
Aggregated from public discussions and news; opinions are the authors’ own.
Working in Japan
Japan is an island country in East Asia. Located in the Pacific Ocean off the northeast coast of the Asian mainland, it is bordered to the west by the Sea of Japan and extends from the Sea of Okhotsk in the north to the East China Sea in the south. The Japanese archipelago consists of four major islands alongside 14,121 smaller islands. Japan is divided into 47 administrative prefectures and eight traditional regions, and around 75% of its terrain is mountainous and heavily forested, concentrating its agriculture and highly urbanized population along its eastern coastal plains. With a populati
🇹🇭 Relocation safety for Thailand: Exercise Increased Caution — via Warnely, CC BY 4.0
National unemployment rate in Thailand: 0.8% — via World Bank
GDP per capita in Thailand: $8,057 — via World Bank
Consumer price inflation in Thailand: -0.1% (annual) — via World Bank
Real GDP growth in Thailand: 2.4% (annual) — via World Bank
Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.
Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.
Listing facts
- Role Senior Penetration Testing Analyst
- Employer Sophos
- Location Japan, Philippines, Thailand
- Type Full Time
- Posted June 21, 2026
- Apply by 2026-07-21
- Country context Thailand
- Overview Full original description on this page (432 words; rewritten for clarity, not a teaser paste)
Facts above come from this job record on Get A Job.AI — not copied from third-party review sites.
Public discussions & open sources
Attributed public threads and profiles — not employee reviews or star ratings.
- Hacker News — The Marines say the F-35 is now ready for combat
- Hacker News — ClamXav just went commercial, no open source version
- Hacker News — LastPass Security Notice
- Hacker News — The Next Twenty Years of Java: Where We've Been and Where We're Going
Cached public sources (Hacker News, Dev.to, GitHub, etc.).
Employer website
Limited public data for this employer
We only show facts we can ground in public sources (Wikidata, O*NET, news/discussion links, or this listing). We do not invent Glassdoor-style ratings, salaries, or testimonials when data is thin. Use the listing facts, occupation context, and related openings below while we continue researching.
Explore related openings
2 other opening(s) at Sophos on Get A Job.AI
Research this employer
Pull public facts we already cached for this company (Wikipedia, news, discussions). We never invent Glassdoor-style ratings.
Open interview kit (print-friendly)
Get email alerts for similar jobs
Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
- Register now to access our free AI resume builder
Hiring instead? Post a job and reach candidates searching right now.
