Threat Researcher - Linux
About The Position
Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. Sophos is looking for a Linux Threat Researcher to join their team. The ideal candidate has extensive knowledge of Linux internals, is fluent in assembly, and has a knack for getting to the bottom of any issue. They enjoy thinking creatively, combining deep technical knowledge, tenacity for innovation, and a can-do attitude to solve complex and challenging problems on a daily basis.
Requirements
- Deep knowledge of Linux operating system, internals and APIs
- Experience in computer security and/or threat research
- Dynamic and static malware analysis experience
- Programming experience
Nice To Haves
- Threat hunting
- Data mining
- Reverse engineering skills
- Knowledge of exploitation techniques
- Knowledge of offensive tools and techniques
Responsibilities
- Implementing context-aware & behavior-based detection to provide multiple layers of protection from attacks targeting Linux infrastructure
- Mapping protection & detection of attack behaviors to MITRE ATT&CK framework
- Linux kernel exploit research and detection
- Threat hunting, data mining, and using other methods of research to discover new threats to Linux and opportunities to improve protection
- Working with product teams to adapt protection technology to the rapidly evolving threat landscape
- Reverse engineering and debugging malware, understanding the complete end-to-end kill chain, from attack vector to persistent payload
- Publish research articles and whitepapers on the corporate blog
Benefits
- additional compensation including bonus eligibility
- a comprehensive benefits package
- Sophos operates a remote-first working model, making remote work the primary option for most employees
- Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
- Employee-led diversity and inclusion networks that build community and provide education and advocacy
- Annual charity and fundraising initiatives and volunteer days for employees to support local communities
- Global employee sustainability initiatives to reduce our environmental footprint
- Global fitness and trivia competitions to keep our bodies and minds sharp
- Global wellbeing days for employees to relax and recharge
- Monthly wellbeing webinars and training to support employee health and wellbeing
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
Number of Employees
1,001-5,000 employees
