- Company: Sophos
- Location: Japan, Philippines, Thailand
Sophos — company details are preparing and update automatically in a few seconds (or refresh).
Sophos is hiring a Senior Penetration Testing Analyst to join its offensive security team across Japan, the Philippines, and Thailand — a full-time, on-site role for an experienced ethical hacker ready to expose and exploit real-world vulnerabilities before adversaries can.
About the Role
As a Senior Penetration Testing Analyst at Sophos, you will apply hands-on threat intelligence to uncover, validate, and weaponize weaknesses inside client environments. Your work will center on one of three disciplines: application security (web and API penetration testing), network security (vulnerability assessments, external and internal penetration tests), or Red Team exercises that simulate genuine cyberattacks. Mastery of every area is not expected — strength in your focus discipline matters most, and broader exposure is a welcome bonus.
Key Responsibilities
- Run application security assessments (web, mobile, API) or network penetration tests using commercial and in-house exploitation tooling, including manual testing for advanced attack scenarios.
- Translate findings into clear, professional security assessment reports and deliver them directly to clients.
- Lead client calls spanning project kick-offs, urgent high- and critical-severity notifications, and close-out sessions covering evidence, reproduction steps, and remediation guidance.
- Research emerging threats, vulnerabilities, and exploits to keep your testing sharp.
- Operate effectively both as a self-directed contributor and within a larger team, and act as a service owner who mentors and technically guides junior colleagues.
Qualifications
- At least five years of experience in web application or penetration testing.
- At least five years using one or more of Nmap, Metasploit, Kali Linux, or Burp Suite.
- Native-level Japanese (business-level Japanese at minimum) plus business-level English.
- Solid grasp of TCP/IP networking and working knowledge of SQL and high-level languages.
- Deep familiarity with common vulnerabilities such as the OWASP Top 10 and diverse application attack vectors.
- Desirable: offensive certifications (GPEN, GWAPT, OSCP, OSEP, OSWE, OSWP), Windows Active Directory or AWS/Azure/GCP testing experience, and a degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field — or equivalent professional experience.
- Strong written and verbal technical communication, sharp analytical thinking, and a track record of helping teammates succeed.
About Sophos
Sophos is a global cybersecurity leader protecting 600,000 organizations through an AI-driven platform and expert-led services, including industry-leading managed detection and response, endpoint, network, email, and cloud security. Headquartered in Oxford, U.K., Sophos pairs machine learning and automation with the human expertise of Sophos X-Ops.
How to Apply
To apply, complete your application directly on this page, or you'll be redirected to the employer's application platform to finish submitting there.
You’ll finish your application on the employer’s website. We don’t ask for a resume on this page.
Local insights for this role are preparing — this section updates automatically in a few seconds (or refresh).
Listing facts
- Role
- Employer Sophos
- Location Japan, Philippines, Thailand
- Type Full Time
- Posted June 21, 2026
- Apply by 2026-07-21
- Country context Thailand
- Overview Full original description on this page (432 words; rewritten for clarity, not a teaser paste)
Facts above come from this job record on Get A Job.AI — not copied from third-party review sites.
Public discussions & open sources
Attributed public threads and profiles — not employee reviews or star ratings.
- Hacker News — The Marines say the F-35 is now ready for combat
- Hacker News — ClamXav just went commercial, no open source version
- Hacker News — LastPass Security Notice
- Hacker News — The Next Twenty Years of Java: Where We've Been and Where We're Going
Cached public sources (Hacker News, Dev.to, GitHub, etc.).
Employer website
Limited public data for this employer
We only show facts we can ground in public sources (Wikidata, O*NET, news/discussion links, or this listing). We do not invent Glassdoor-style ratings, salaries, or testimonials when data is thin. Use the listing facts, occupation context, and related openings below while we continue researching.
Explore related openings
2 other opening(s) at Sophos on Get A Job.AI
Research this employer
Pull public facts we already cached for this company (Wikipedia, news, discussions). We never invent Glassdoor-style ratings.
Open interview kit (print-friendly)
Free candidate alerts — we email you when matching roles go live.
Create alert for “Sophosâ€Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
- Register now to access our free AI resume builder
Hiring instead? Post a job and reach candidates searching right now.
