Ground every answer in facts on this page and the original listing. We never invent Glassdoor-style reviews or salaries that are not in our data.
Website: sophos.com
Sophos Limited is a British security software and hardware company. It develops and markets managed security services and cybersecurity software and hardware, such as managed detection and response, incident response and endpoint security software. Sophos was listed on the London Stock Exchange until it was acquired by Thoma Bravo, an American private equity firm in March 2020.
Public cache only — not an employee review.
Sophos is hiring a Senior Penetration Testing Analyst to join its offensive security team across Japan, the Philippines, and Thailand — a full-time, on-site role for an experienced ethical hacker ready to expose and exploit real-world vulnerabilities before adversaries can. About the Role As a Senior Penetration Testing Analyst at Sophos, you will apply hands-on threat intelligence to uncover, validate, and weaponize weaknesses inside client environments. Your work will center on one of three disciplines: application security (web and API penetration testing), network security (vulnerability assessments, external and internal penetration tests), or Red Team exercises that simulate genuine cyberattacks. Mastery of every area is not expected — strength in your focus discipline matters most, and broader exposure is a welcome bonus. Key Responsibilities Run application security assessments (web, mobile, API) or network penetration tests using commercial and in-house exploitation tooling, including manual testing for advanced attack scenarios. Translate findings into clear, professional security assessment reports and deliver them directly to clients. Lead client calls spanning project kick-offs, urgent high- and critical-severity notifications, and close-out sessions covering evidence, reproduction steps, and remediation guidance. Research emerging threats, vulnerabilities, and exploits to keep your testing sharp. Operate effectively both as a self-directed contributor and within a larger team, and act as a service owner who mentors and technically guides junior colleagues. Qualifications At least five years of experience in web application or penetration testing. At least five years using one or more of Nmap, Metasploit, Kali Linux, or Burp Suite. Native-level Japanese (business-level Japanese at minimum) plus business-level English. Solid grasp of TCP/IP networking and working knowledge of SQL and high-level languages. Deep familiarity with common vulnerabilities such as the OWASP Top 10 and diverse application attack vectors. Desirable: offensive certifications (GPEN, GWAPT, OSCP, OSEP, OSWE, OSWP), Windows Active Directory or AWS/Azure/GCP testing experience, and a degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field — or equivalent professional experience. Strong written and verbal technical communication, sharp analytical thinking, and a track record of helping teammates succeed. About Sophos Sophos is a global cybersecurity leader protecting 600,000 organizations through an…
Generated for personal interview prep · 2026-07-17 UTC · getajob.ai