Threat Researcher Detection Engineer Position Available In Montgomery, Pennsylvania

Job Description:

Sophos is a global leader and innovator of advanced securitysolutions for defeating cyberattacks. The company acquiredSecureworks in February 2025, bringing together two pioneers thathave redefined the cybersecurity industry with their innovative,native AI-optimized services, technologies and products. Sophos isnow the largest pure-play Managed Detection and Response (MDR)provider, supporting more than 28,000 organizations. In addition toMDR and other services, Sophos’ complete portfolio includesindustry-leading endpoint, network, email, and cloud security thatinteroperate and adapt to defend through the Sophos Centralplatform. Secureworks provides the innovative, market-leadingTaegis XDR/MDR, identity threat detection and response (ITDR),next-gen SIEM capabilities, managed risk, and a comprehensive setof advisory services. Sophos sells all these solutions throughreseller partners, Managed Service Providers (MSPs) and ManagedSecurity Service Providers (MSSPs) worldwide, defending more than600,000 organizations worldwide from phishing, ransomware, datatheft, other every day and state-sponsored cybercrimes. Thesolutions are powered by historical and real-time threatintelligence from Sophos X-Ops and the newly added Counter ThreatUnit (CTU). Sophos is headquartered in Oxford, U.K. Role Summary Weare seeking a detail-oriented and technically skilled DetectionEngineer to join our X-OPS team. In this role, you will beresponsible for analyzing advanced security threats—ranging frommalware to complex web attacks—and translating threat intelligenceinto high-fidelity detections across our platform. Your work willhelp ensure our analysts and clients receive highly accurate,actionable alerts with minimal noise. You will leverage data fromover 40 third-party and internal sources, partner with our CTUThreat Intelligence team, and use a range of scripting andautomation tools to strengthen detection capabilities. The idealcandidate is a hands-on security practitioner with a deepunderstanding of endpoint behavior, malware analysis, and detectiondevelopment who thrives in fast-paced, technical environments. WhatYou Will Do

• Develop countermeasures to detect advanced threatsbased on research and intelligence from the CTU team.
• Analyzeendpoint behaviors and logs to design detections using multi-sourcetelemetry.
• Continuously refine and monitor detection rules tooptimize the signal-to-noise ratio for alerts.
• Research andimplement alert handling for new device ingestions, ensuringhigh-value signal delivery.
• Leverage internal tooling todistinguish native from standard integrations for detectionaccuracy.
• Collaborate on the development of internal tools,automation, and detection infrastructure.
• Act as a subject matterexpert across departments including Product Management, Marketing,and Labs Research. What You Will Bring
• Strong passion forcybersecurity research and the ability to quickly learn emergingtechnologies.
• Hands-on experience in scripting languages(PowerShell, Bash, Python) and use of Python data science libraries(e.g., NumPy, Pandas, Matplotlib).
• Knowledge of CI/CD pipelines,testing frameworks, and automation principles.
• Proficiency inanalyzing logs from firewalls, proxies, and security infrastructureto identify anomalies.
• Experience in malware analysis, includingstatic/dynamic techniques and reverse engineering (IA32/64, ARMbinaries).
• Forensic analysis of memory and disk images acrossvarious OS and file system types.
• Familiarity with event logs,traffic pattern anomalies, and threat hunting methodologies.
• Strong understanding of endpoint detection, Linux/Unix and WindowsOS internals, vulnerability identification, and workflowautomation.
• Experience with event correlation and incidentreconstruction using log data is a plus,
• Network traffic analysisskills, including identification of anomalous or malicious traitsis a plus.
• Solid grasp of database querying, systemsarchitecture, and process automation for operational improvementsis a nice to have.