At a Glance
- Tasks: Conduct penetration tests on web applications and infrastructure to enhance security.
- Company: Join Sophos, a leading cybersecurity firm dedicated to innovation and protection.
- Benefits: Competitive salary, inclusive culture, and opportunities for professional growth.
- Other info: Diverse and inclusive workplace committed to equality and personal development.
- Why this job: Make a real impact by improving security and protecting users with cutting-edge technology.
- Qualifications: Experience in penetration testing and knowledge of web technologies and security frameworks.
The predicted salary is between 50000 - 70000 € per year.
As a security company, Sophos takes its own security very seriously and has a Cyber Security team that focuses on protecting its products, systems, and infrastructure. We’ll need you to contribute to the continual improvement of our security posture through testing of Sophos applications and infrastructure. This role is not customer‑facing; you will perform tests and see the impact of your findings as you help the teams design and architect resolutions to the issues you find. The ideal candidate will have real‑world experience in a Red Team and have worked through all stages of penetration testing from scoping to reporting. You should be highly motivated, have an innovative mindset, and exhibit good attention to detail, staying up to date with the latest techniques and threats to help protect Sophos and its customers.
Responsibilities
- Organize, plan, and deliver penetration tests against Sophos web applications across a wide range of technologies.
- Organize, plan, and deliver penetration tests against the Sophos infrastructure, including on‑premise networks, AWS/Azure, and virtual environments.
- Use AI‑assisted workflows (including internal agents/skills where available) to augment penetration testing activities and improve coverage and efficiency, with appropriate oversight and review.
- Assist in the scoping, planning, and delivery of pentests by 3rd‑party vendors.
- Disseminate results to teams throughout the business.
- Work closely with the wider Cybersecurity team to develop common goals and outcomes.
Qualifications
- A solid background in both application and infrastructure penetration testing.
- Familiarity with common web technologies (PHP, JavaScript, API, etc.).
- Good knowledge of offensive techniques, OWASP & MITRE ATT&CK frameworks.
- Experience working with or assessing systems that incorporate AI or LLMs, including an understanding of common AI‑related security risks and abuse scenarios.
- Experience in delivering security testing projects.
- Practical knowledge of AWS technologies (S3, EC2, IAM, Lambda, etc.).
- Good interpersonal and networking skills.
- Industry‑recognised ethical hacking qualifications: OSCP, GPEN, or equivalent.
We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.
Penetration Tester employer: Sophos Group
At Sophos, we pride ourselves on fostering a dynamic and inclusive work environment where innovation thrives. As a Penetration Tester, you'll not only enhance your skills through hands-on experience with cutting-edge technologies but also contribute to a culture that values collaboration and continuous improvement. With a commitment to employee growth and a focus on diversity, Sophos offers a rewarding career path in the heart of the cybersecurity landscape.
StudySmarter Expert Advice🤫
We think this is how you could land Penetration Tester
✨Tip Number 1
Network like a pro! Connect with folks in the cybersecurity field on LinkedIn or at local meetups. You never know who might have the inside scoop on job openings or can refer you directly to hiring managers.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your penetration testing projects, including any reports or findings. This will give potential employers a taste of what you can do and set you apart from the crowd.
✨Tip Number 3
Stay updated on the latest trends and techniques in cybersecurity. Follow industry blogs, attend webinars, and participate in online forums. This not only boosts your knowledge but also gives you great talking points during interviews.
✨Tip Number 4
Apply through our website! We love seeing candidates who are genuinely interested in joining us at Sophos. Tailor your application to highlight your relevant experience and how you can contribute to our security team.
We think you need these skills to ace Penetration Tester
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Penetration Tester role. Highlight your experience in both application and infrastructure testing, and don’t forget to mention any relevant qualifications like OSCP or GPEN. We want to see how your skills align with what we’re looking for!
Show Off Your Projects:Include specific examples of penetration testing projects you’ve worked on. Whether it’s scoping, planning, or delivering tests, we love to see real-world applications of your skills. This helps us understand your hands-on experience and innovative mindset.
Be Clear and Concise:When writing your application, keep it clear and concise. Use bullet points where possible to make it easy for us to read. We appreciate attention to detail, so make sure there are no typos or grammatical errors!
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s super straightforward, and you’ll be able to submit all your documents in one go. Plus, it shows us you’re serious about joining our team!
How to prepare for a job interview at Sophos Group
✨Know Your Stuff
Make sure you brush up on your penetration testing knowledge, especially around the OWASP and MITRE ATT&CK frameworks. Be ready to discuss your real-world experiences and how you've tackled various security challenges in the past.
✨Show Off Your Skills
Prepare to demonstrate your technical skills during the interview. You might be asked to solve a problem or explain how you would approach a specific penetration test. Practise articulating your thought process clearly and confidently.
✨Stay Current
The cybersecurity landscape is always changing, so keep yourself updated on the latest threats and techniques. Mention any recent trends or tools you've been exploring, especially those related to AI and LLMs, as they are increasingly relevant in today's security environment.
✨Be a Team Player
Since you'll be working closely with the Cybersecurity team, highlight your interpersonal skills and ability to collaborate. Share examples of how you've successfully worked with others to achieve common goals in previous roles.
