Sophos

Sr. AI Threat Researcher

Sophos · Canada

  • Hybrid
  • Full-time
  • CA$172,000 / year
  • Canada

Job highlights

  • Research AI weaponization by threat actors.
  • Detect adversarial AI use in real-world attacks.
  • Assess emerging risks from evolving AI capabilities.
  • Automate research and reporting workflows.
  • Collaborate with diverse security teams.

About the role

About Us

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

The X-Ops Insights team sits inside the Security organization, reporting to the CISO. As threat actors become more organized and AI reshapes the security landscape, we need a senior researcher who can operate at the intersection of applied AI, threat intelligence, and cyber operations—someone who can both advance what we know and change how we work. This is a senior individual contributor role for a researcher who lives at the frontier of AI and cybersecurity. Your primary mission is to research how threat actors are adopting, weaponizing, and exploiting AI; from LLM-powered social engineering and automated vulnerability discovery to real-world attacks against agentic AI implementations. You'll help instrument telemetry to detect adversarial use of AI in the wild, assess emerging risks as AI capabilities evolve, and produce research that keeps Sophos and the broader security community ahead of the curve. As a domain expert in AI threats, you'll also be expected to help drive operational efficiencies across the Insights team, bringing the tools and techniques you research into our own workflows. You’ll report to the Sr. Manager, Threat Research and work alongside CTU researchers, SophosLabs malware analysts, MDR threat hunters, incident responders, engineering teams, and data scientists.

What You Will Do

Research & Analysis
  • Investigate how threat actors are leveraging AI across the attack lifecycle, including: AI assisted social engineering, AI-generated malware, automated reconnaissance, and adversarial attacks against ML-based defenses.
  • Research real-world threats to agentic AI systems, AI supply chains, and enterprise AI deployments, assessing risk and developing detection strategies.
  • Help instrument and tune telemetry to identify indicators of AI-driven attacker behavior at scale.
  • Analyze global telemetry, case data, and OSINT to surface emerging AI-related threat trends and early-warning indicators.
Automation & Efficiency
  • As a practitioner of the technology you research, identify opportunities to automate repetitive research and reporting workflows using LLMs, scripting, and internal tooling.
  • Help the team evolve its operating model as new AI capabilities become available.
Cross-Functional Collaboration
  • Work closely with CTU researchers, SophosLabs analysts, MDR threat hunters, datascientists, and engineering teams to synthesize findings into unique reporting with actionable intelligence.
  • Contribute to the joint task-force intelligence cycle, ensuring insights flow rapidly into protections, detection rules, and operational systems.
Content & Publication
  • Produce high-quality written intelligence outputs, including deep-dive research, rapid analyses, and strategic forecasting.
  • Author work that is suitable for external publication via Sophos blogs, industry reports, and conference presentations.
  • Present findings to internal stakeholders, external partners, and the broader security community.

Key skills/competency

  • AI Threat Research
  • Cybersecurity
  • Machine Learning
  • LLM
  • Threat Intelligence
  • Python
  • Malware Analysis
  • Detection Engineering
  • Social Engineering
  • MITRE ATT&CK

Skills & topics

  • AI Threat Researcher
  • Cybersecurity
  • AI
  • Machine Learning
  • Threat Intelligence
  • Python
  • LLM
  • Security Research
  • Sophos
  • Remote Job

How to get hired

  • Tailor your resume: Highlight AI threat research, Python, and LLM experience.
  • Showcase AI expertise: Detail projects involving AI in cybersecurity or threat analysis.
  • Demonstrate collaboration: Provide examples of working with diverse technical teams.
  • Prepare for technical questions: Be ready to discuss AI attack vectors and defense strategies.
  • Research Sophos X-Ops: Understand their threat intelligence and research focus areas.

Technical preparation

Master Python for AI research and automation.,Practice LLM API integration and agentic workflows.,Study adversarial AI techniques and defenses.,Familiarize with threat intelligence frameworks.

Behavioral questions

Describe a complex threat you researched.,How do you collaborate with technical teams?,Share an example of automating a workflow.,Discuss your approach to novel AI threats.

Frequently asked questions

What is the primary focus of the Sr. AI Threat Researcher role at Sophos?
The primary focus is to research how threat actors are adopting, weaponizing, and exploiting AI, including LLM-powered social engineering and attacks against agentic AI implementations, and to develop detection strategies and operational efficiencies.
What are the key technical skills required for this AI Threat Researcher position?
Key technical skills include proficiency in Python, modern AI development patterns (multi-agent systems, LLM APIs, RAG), threat intelligence, malware analysis, detection engineering, and knowledge of threat actor ecosystems and MITRE ATT&CK.
Does Sophos offer remote work options for the Sr. AI Threat Researcher role?
Yes, Sophos operates on a remote-first model, making remote work the primary option for most employees, though some roles may require a hybrid approach. Candidates must have legal authorization to work in the posting's jurisdiction without sponsorship.
What kind of research outputs are expected from this AI Threat Researcher?
You will produce high-quality written intelligence outputs, including deep-dive research, rapid analyses, and strategic forecasting. Work is expected to be suitable for external publication on Sophos blogs, industry reports, and conference presentations.
How does Sophos leverage AI in its hiring process for roles like the Sr. AI Threat Researcher?
Sophos may use AI tools to assist in reviewing applications, analyzing resumes, and assessing responses. These tools support the recruitment team but do not replace human judgment; final hiring decisions are made by humans.
What is the salary range for the Sr. AI Threat Researcher in Canada?
In Canada, the base salary for this role ranges from $129,000 to $215,000 CAD, in addition to bonus eligibility and a comprehensive benefits package.
What is the significance of the Sophos X-Ops team for this role?
The X-Ops Insights team is part of Sophos's Security organization, where this role resides. It's crucial for understanding and analyzing emerging threats, especially those involving AI, and collaborating with other Sophos X-Ops researchers.