Senior Manager, Penetration Testing

About Us

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary 

ソフォスは、日本を拠点とする「Sophos Red Team」のリーダーを募集しています。このポジションでは、確立された実績を持つ、高いパフォーマンスを発揮する攻撃的セキュリティの専門家チームを率いていただくことになります。当社の文化は、謙虚でありながら情熱に満ち、高度な技術力を持ち、サイバーセキュリティへの情熱を共有するプロフェッショナルたちが融合した、ユニークなものです。このリーダーシップポジションでは、APJ北/日本担当ディレクターと緊密に連携し、グローバルなプラクティスリーダーや他の部門横断的なパートナーと協力して、卓越したサービス提供を実現していただきます。理想的な候補者は、攻撃的セキュリティチームを率いた経験を有していることが求められます。ビジネスリーダーとして、この役職は特定のプラクティス指標（収益、利益率、NPS／顧客満足度など）の達成に責任を負い、営業、マーケティング、その他の組織と緊密に連携してプラクティスの成長を支援します。これは戦略的なリーダーシップポジションであり、チームミーティング、全社ミーティング、戦略会議、その他のワークショップを通じて、現地での強力なリーダーシップを発揮し、チームの成果が顧客を満足させ、最先端であることを保証する必要があります。

Sophos is looking for a Japan based leader on the Sophos Red Team in Japan to lead a well-established, high performing team of offensive security professionals.  Our culture is a unique mix of low ego – high energy, highly technical, and motivated professionals with a passion for cybersecurity. This leadership position will partner closely with the Director of APJ North/Japan and will work collaboratively with global practice leadership and other cross-functional partners to achieve service delivery excellence. The ideal candidate will have experience leading offensive security teams. As a business leader this role will be responsible for achieving select practice metrics (Revenue, Margin, NPS/customer satisfaction, etc.) and partner closely with sales, marketing and other organizations to help grow the practice. This is a strategic leadership position which requires strong local leadership presence through team meetings, all hands, strategy sessions, and other workshops to ensure the team’s delivery is customer delighting and at the bleeding edge. 

What You Will Do

• 複数年にわたるサービス提供計画の策定と主導、および財務戦略のサポートを通じて、会社の目標達成と攻撃型セキュリティ分野における業界リーダーとしての地位強化に貢献する。 

• 多様な攻撃型セキュリティ業務（侵入テスト、アプリケーションセキュリティテスト、本格的なレッドチーム活動など）を提供する、ハイパフォーマンスな技術コンサルタントチームを率いる。 

• 予測、バックログ管理、稼働率、スケジュー管理を含む損益管理を支援する。 

• 営業組織やその他の事業開発リーダーと連携し、複雑な攻撃型テストのニーズにおいて「頼れる存在」として認識される。 

• インシデント対応チーム、脅威対策ユニット、マーケティング、営業など、ソフォス社内の部門横断的な関係を構築・強化する。 

• チームの効率化を図るため、人材、プロセス、テクノロジーといった機会を特定する。 

• ソフォスのレッドチームサービスポートフォリオを代表し、新しいサービス、機能、提案を特定・推進する。また、思想的リーダーシップを発揮し、ポートフォリオ内のサービスに関連する市場投入戦略を策定する。 

• ビジネス上の優先事項、提供のベストプラクティス、新しいアイデアの実装について、チーム内で合意形成を促進する。変化を受け入れ、アイデアを積極的に提案し、他者の意見に耳を傾け、他者から学ぶ意欲を持つ。現状に疑問を投げかける姿勢。 

• チームメンバーのキャリア開発を促進し、キャリア開発機会（カンファレンス、研修、資格取得、メンタリング制度など）を積極的に支援する。 

• NPS(ネットプロモータースコア)と顧客満足度を責任をもって管理し、期待される目標を達成、あるいは上回るように努める。質の高い顧客サービスを提供する文化を維持する。 

• Help develop and lead a multi-year service, delivery, as well as supporting with financial strategy, to meet company objectives and reinforce our position as an industry leader in offensive security. 

• Lead a high performing team of technical consultants delivering a variety of offensive security engagements (penetration testing, application security testing, full scale Red Team, etc.) 

• Help manage a P&L including forecasting, backlog management, utilization, and scheduling   

• Partner with the sales organization and other business development leaders and be seen as a “go to” for complex adversarial testing needs 

• Build and advance cross-functional relationships within Sophos that include the Incident Response Team, Counter Threat Unit, Marketing, Sales.  

• Identify opportunities – people, process, and technology -- to improve efficiencies within the team 

• Represent the Sophos Red Team services portfolio; identify and champion new services, capabilities, and offers; provide thought leadership; and develop an associated go-to-market strategy for the services in the portfolio 

• Drive teams to consensus on business priorities, delivery best practices, and implementation of new ideas. Willingness to changes, to contribute ideas, listen to others, and learn from others. Challenge the status quo. 

• Foster career development and champion career development opportunities for the team (conferences, training, certifications, mentoring, etc.)  

• Own NPS/customer satisfaction and ensure practice meets/exceeds expected targets. Maintain a culture of premium customer service

 

What You Will Bring

• サイバーセキュリティ業界において、攻撃型セキュリティ（オフェンシブセキュリティ）を主導した5～7年の実務経験（変化の激しいダイナミックな環境での経験があれば尚可）。 

• 中小企業レベルでのプリセールスおよびポストセールスのサービス提供経験。 

• ハイパフォーマンスなチームを管理し、強固なチーム文化を維持・強化できる能力。 

• 優れた口頭および書面によるコミュニケーション経験や能力。（経営幹部層への報告経験があれば尚可）。 

• グローバル、リモート、多文化チームでの業務経験。 

• 優先順位を付け、業務を委任し、厳しい納期の中でタスクを完了させることができる能力。 

• 優れた対人スキルを持ち、自発的、積極的、意欲的なチームプレーヤーであること。 

• 結果重視かつ顧客志向であること。 

• 課題解決において、主体性と的確な判断力を発揮できること。 

• 経営陣の支援を受けながら、ステークホルダーとの対立管理や交渉を効果的に行えること。 

• マトリックス型のコンサルティング環境において、技術チームの指導・統率経験があること。 

• 業務遂行に必要な日本語能力およびビジネスレベルの英語力が必須。

 

【応募要件 – WANT】  

• 情報セキュリティ分野での7年以上の実務経験。 

• サイバーセキュリティに関連する専門学位、または同等の実務経験。 

• OSCP、OSWP、OSEP、OSWA、OSWE、CEH、GPEN、GCPN、GWAPT、CISSPなどの技術系または専門資格があれば尚可。 

• 営業部門と連携し、案件の範囲設定や提案書の作成などを行った経験（契約締結や顧客対応は通常、営業が担当します） 

• サイバーセキュリティ業界のフォーラムやイベントへの参加経験、および講演や執筆活動（ホワイトペーパー、ブログなど）の経験。  

• Required: 

• 7+ years in the cybersecurity industry leading offensive security, preferably in dynamic and fast changing environments.   

• Presales and post sales delivery experience at the SME Level 

• Demonstrated ability to manage high-performing teams as well as maintain and enhance a strong team culture. 

• Excellent verbal and written communication skills with experience – ideally briefing executive management level also. 

• Experience working with global, remote, multi-cultural teams. 

• Ability to prioritize, delegate and complete tasks within tight timeframes to meets deadlines. 

• Strong interpersonal skills, self-starting, proactive, motivated, team player. 

• Results orientated and customer focused. 

• Ability to demonstrate initiative and good judgment in resolving issues. 

• Effective at managing conflict and negotiating with stakeholders, with support from senior leaderships. 

• Experience mentoring and leading technical teams in a matrixed consulting environment. (align with sales, IR, threat intelligence and global teams) 

• Fluent Japanese proficiency as well as business level English in running business required. 

• Preferences: 

• 7+ years of information security experience. 

• Professional degree relevant to cybersecurity or equivalent work experience. 

• Technical or professional certifications, such as OSCP, OSWP, OSEP, OSWA, OSWE, CEH, GPEN, GCPN, GWAPT, CISSP are a plus. 

• Experience working with sales in scoping engagements, creating proposals, etc.  

• Participation in cybersecurity industry forums and events, including speaking events and written publications (white papers, blogs, etc.).

   

#B2

#LI-Remote

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.

What's Great About Sophos?

·   Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.

·   Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

·   Employee-led diversity and inclusion networks that build community and provide education and advocacy

·   Annual charity and fundraising initiatives and volunteer days for employees to support local communities

·   Global employee sustainability initiatives to reduce our environmental footprint

·   Global fitness and trivia competitions to keep our bodies and minds sharp

·   Global wellbeing days for employees to relax and recharge 

·   Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity.   We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team.  All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation.  We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. 

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos