Sophos

Sr. AI Threat Researcher

Sophos$129K — $215K *
US-AnywhereRemote in Canada
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in threat intelligence, malware analysis, or AI research.
  • Strong proficiency in Python and AI development patterns.
  • Exceptional written communication skills for technical and executive audiences.
  • Proven knowledge of MITRE ATT&CK framework and attack techniques.
  • Experience in automation tools for analytics or reporting workflows.

Responsibilities

  • Investigate AI use in diverse attack vectors like social engineering and generated malware.
  • Research risks to AI systems and create detection strategies.
  • Instrument telemetry for identifying AI-driven attacks at scale.
  • Collaborate with cross-functional teams to synthesize research findings.
  • Produce publishable insights, reports, and strategic forecasts.

Benefits

  • Comprehensive benefits package including bonuses.
  • Flexible remote work environment.
  • Opportunities for professional development and training.
  • Engagement with a leading-edge team focused on AI and cybersecurity.
Full Job Description
Role Summary

The X-Ops Insights team sits inside the Security organization, reporting to the CISO. As threat actors become more organized and AI reshapes the security landscape, we need a senior researcher who can operate at the intersection of applied AI, threat intelligence, and cyber operations-someone who can both advance what we know and change how we work.

This is a senior individual contributor role for a researcher who lives at the frontier of AI and cybersecurity. Your primary mission is to research how threat actors are adopting, weaponizing, and exploiting AI; from LLM-powered social engineering and automated vulnerability discovery to real-world attacks against agentic AI implementations. You'll help instrument telemetry to detect adversarial use of AI in the wild, assess emerging risks as AI capabilities evolve, and produce research that keeps Sophos and the broader security community ahead of the curve. As a domain expert in AI threats, you'll also be expected to help drive operational efficiencies across the Insights team, bringing the tools and techniques you research into our own workflows. You'll report to the Sr. Manager, Threat Research and work alongside CTU researchers, SophosLabs malware analysts, MDR threat hunters, incident responders, engineering teams, and data scientists.

What You Will Do

Research & Analysis
  • Investigate how threat actors are leveraging AI across the attack lifecycle, including: AI assisted social engineering, AI-generated malware, automated reconnaissance, and adversarial attacks against ML-based defenses.
  • Research real-world threats to agentic AI systems, AI supply chains, and enterprise AI deployments, assessing risk and developing detection strategies.
  • Help instrument and tune telemetry to identify indicators of AI-driven attacker behavior at scale.
  • Analyze global telemetry, case data, and OSINT to surface emerging AI-related threat trends and early-warning indicators.

Automation & Efficiency
  • As a practitioner of the technology you research, identify opportunities to automate repetitive research and reporting workflows using LLMs, scripting, and internal tooling.
  • Help the team evolve its operating model as new AI capabilities become available.
  • Cross-Functional Collaboration
  • Work closely with CTU researchers, SophosLabs analysts, MDR threat hunters, data
  • scientists, and engineering teams to synthesize findings into unique reporting with actionable intelligence.
  • Contribute to the joint task-force intelligence cycle, ensuring insights flow rapidly into protections, detection rules, and operational systems.

Content & Publication
  • Produce high-quality written intelligence outputs, including deep-dive research, rapid
  • analyses, and strategic forecasting.
  • Author work that is suitable for external publication via Sophos blogs, industry reports,
  • and conference presentations.
  • Present findings to internal stakeholders, external partners, and the broader security
  • community.


What You Will Bring

Required Qualifications
  • Ability to interpret data from diverse telemetry sources and transform it into actionable
    intelligence.
  • Exceptional written communication skills suitable for both technical and executive
    audiences.
  • Demonstrated experience in at least two of the following: threat intelligence, malware analysis, detection engineering, or AI/ML research.
  • Strong knowledge of threat actor ecosystems, modern attack techniques, and the MITRE ATT&CK framework.
  • Hands-on proficiency with Python and modern AI development patterns, including building and orchestrating multi-agent systems, working with LLM APIs, and designing agentic workflows with sub-agents, tool use, and retrieval-augmented generation.
  • Experience building or using automation tools to streamline analytical or reporting
    workflows.


Preferred Qualifications
  • Experience working in MDR, incident response, or real-time security operations environments.
  • Prior authorship of externally published threat research (blogs, reports, conference presentations).
  • Experience with LLMs, prompt engineering, or building AI-assisted analytical tools.
  • Familiarity with large-scale telemetry pipelines, security data lakes, or SIEM/SOAR platforms.


In Canada, the base salary for this role ranges from $129,000 to $215,000. In addition to base salary, we offeradditional compensation including bonus eligibility and a comprehensive benefits package. Acandidate's specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and otherbusiness and organizational needs.

#li-remote

#b2

#li-ND2

About Sophos

Sophos Group plc is a British based security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily focused on providing security software to 100- to 5,000-seat organizations. While not a primary focus, Sophos also protects home users, through free and paid antivirus solutions intended to demonstrate product functionality. It was listed on the London Stock Exchange until it was acquired by Thoma Bravo in February 2020.
Learn more about Sophos

Similar Jobs

More Jobs at Sophos

More Information Technology Jobs

Find similar Sr. AI Threat Researcher jobs: