About Us
Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response.
Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats.
Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at
www.sophos.com.Role Summary
The X-Ops Insights team sits inside the Security organization, reporting to the CISO. As threat actors become more organized and AI reshapes the security landscape, we need a senior researcher who can operate at the intersection of applied AI, threat intelligence, and cyber operations—someone who can both advance what we know and change how we work.
This is a senior individual contributor role for a researcher who lives at the frontier of AI and cybersecurity. Your primary mission is to research how threat actors are adopting, weaponizing, and exploiting AI; from LLM-powered social engineering and automated vulnerability discovery to real-world attacks against agentic AI implementations. You'll help instrument telemetry to detect adversarial use of AI in the wild, assess emerging risks as AI capabilities evolve, and produce research that keeps Sophos and the broader security community ahead of the curve. As a domain expert in AI threats, you'll also be expected to help drive operational efficiencies across the Insights team, bringing the tools and techniques you research into our own workflows. You’ll report to the Sr. Manager, Threat Research and work alongside CTU researchers, SophosLabs malware analysts, MDR threat hunters, incident responders, engineering teams, and data scientists.
What You Will Do
Research & Analysis
- Investigate how threat actors are leveraging AI across the attack lifecycle, including: AI assisted social engineering, AI-generated malware, automated reconnaissance, and adversarial attacks against ML-based defenses.
- Research real-world threats to agentic AI systems, AI supply chains, and enterprise AI deployments, assessing risk and developing detection strategies.
- Help instrument and tune telemetry to identify indicators of AI-driven attacker behavior at scale.
- Analyze global telemetry, case data, and OSINT to surface emerging AI-related threat trends and early-warning indicators.
Automation & Efficiency
- As a practitioner of the technology you research, identify opportunities to automate repetitive research and reporting workflows using LLMs, scripting, and internal tooling.
- Help the team evolve its operating model as new AI capabilities become available.
- Cross-Functional Collaboration
- Work closely with CTU researchers, SophosLabs analysts, MDR threat hunters, data
- scientists, and engineering teams to synthesize findings into unique reporting with actionable intelligence.
- Contribute to the joint task-force intelligence cycle, ensuring insights flow rapidly into protections, detection rules, and operational systems.
Content & Publication
- Produce high-quality written intelligence outputs, including deep-dive research, rapid
- analyses, and strategic forecasting.
- Author work that is suitable for external publication via Sophos blogs, industry reports,
- and conference presentations.
- Present findings to internal stakeholders, external partners, and the broader security
- community.
What You Will Bring
Required Qualifications
- Ability to interpret data from diverse telemetry sources and transform it into actionable
intelligence.
- Exceptional written communication skills suitable for both technical and executive
audiences.
- Demonstrated experience in at least two of the following: threat intelligence, malware analysis, detection engineering, or AI/ML research.
- Strong knowledge of threat actor ecosystems, modern attack techniques, and the MITRE ATT&CK framework.
- Hands-on proficiency with Python and modern AI development patterns, including building and orchestrating multi-agent systems, working with LLM APIs, and designing agentic workflows with sub-agents, tool use, and retrieval-augmented generation.
- Experience building or using automation tools to streamline analytical or reporting
workflows.
Preferred Qualifications
- Experience working in MDR, incident response, or real-time security operations environments.
- Prior authorship of externally published threat research (blogs, reports, conference presentations).
- Experience with LLMs, prompt engineering, or building AI-assisted analytical tools.
- Familiarity with large-scale telemetry pipelines, security data lakes, or SIEM/SOAR platforms.
In Canada, the base salary for this role ranges from $129,000 to $215,000. In addition to base salary, we offeradditional compensation including bonus eligibility and a comprehensive benefits package. Acandidate’s specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and otherbusiness and organizational needs.
#li-remote
#b2
#li-ND2
Ready to Join Us?
At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.
What's Great About Sophos?
· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.
· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
· Employee-led diversity and inclusion networks that build community and provide education and advocacy
· Annual charity and fundraising initiatives and volunteer days for employees to support local communities
· Global employee sustainability initiatives to reduce our environmental footprint
· Global fitness and trivia competitions to keep our bodies and minds sharp
· Global wellbeing days for employees to relax and recharge
· Monthly wellbeing webinars and training to support employee health and wellbeing
Our Commitment To You
We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.
Data Protection
If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy
Cybersecurity as a Service Delivered | Sophos