- Salary: $80000 - $150000
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided
Do you think like an adversary, do you love to break into systems and enjoy penetrating and exploiting networks to reach a specified target? Are you capable of automating these processes? The Attack Content team is charged with creating advanced, compelling automated attack scenarios for use in the SimSpace Platform.
SimSpace is growing its portfolio of offensive security content by integrating external tools as well as creating our own APT-inspired campaigns. The goal is to make it easy for our users to make use of pre-existing attack scenarios, mix and match individual attack components, or create new attack components and scenarios from scratch to simulate adversary behavior. Full control of the multi-step attacks and visualization is required so users can concentrate on how to defend against adversaries that employ such attack techniques.
The software engineering role involves utilizing Python 3.x and/or Golang to develop, integrate, deploy, and maintain integrations of various internal and external attack content. Existing knowledge and experience with testing suites such as Metasploit is preferred, but not required. You will apply your computer science abilities to architecture, API design, data structures, data handling, concurrency, and permission models. SimSpace follows the Agile process for development and utilize modern toolchains and methods to develop our frameworks and services in teams.
Our attack content team is a combination of remote developers and local developers in our Boston headquarters. Working remotely is an option for experienced engineers located in the US and Canada that have successful experience with working remotely. We bring our entire team together for quarterly off-sites, which facilitates team bonding and some face-to-face interaction. For less experienced engineers or those who have not worked remotely before, we have a strong preference for the Boston area to facilitate mentoring and interaction with more experienced staff.
• Develop and integrate new attack content (attack tools, attack scenarios, etc.) into the SimSpace Attack Content portfolio
• Research, implement and refine tactics, techniques and procedures, to bolster the SimSpace Attack Content portfolio
• End-to-end testing of attack content to ensure functionality in common environments and the ability to evade common defensive tools
• Collaborate with our passionate Attack Content team of experienced software developers and others to ensure that SimSpace Attack Content is representative and useful during various types of events.
• Relevant certifications from organizations like Offensive Security (OSCP/OSCE), or SANS (GPEN, GXPN, GWAPT),
• Equivalent experience with demonstrable requisite skills
• Professional Software Engineering experience in Python 3.x., Golang, or other languages is a plus
• Ability to think outside the box, tying together disparate vulnerabilities or misconfigurations to create an attack scenario
• Solid understanding of tactics and techniques used during offensive network operations and the ability to modify them to subvert defensive countermeasures
• Demonstrated experience with distributed systems, communication frameworks, network protocols (RESTful API and rMQ), data handling, and proper use of security constructs.
• Experience with multiple operating systems (Windows, Unix/Linux etc.)
• Knowledge of common system and network configurations, for multiple system types.
• Solid understanding of networking, network protocols and their uses
• Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, IR, AV, EDR, etc.)
• Experience working with virtualization solutions
• Experience with the commonly used attack frameworks (Cobalt Strike, Metasploit, CANVAS, Empire, Core Impact, etc.)
• Experience in Web Application Penetration Testing or Cloud Penetration Testing
• A strong sense of pride in crafting well-tested and well-designed code that is delivered on-time. We have to deliver and it has to work.
• Strong verbal and written communication skills
• Self-starter that is highly motivated, accepting of other opinions, and can work effectively in a team
• Produce high quality software that is well-written, well-instrumented, tested thoroughly and securely designed and implemented
• Proficiency in Python 3.x is required
• Programming ability with any of the following: Scripted Languages (Ruby, PowerShell, Bash, Batch, PHP, etc.) & Compiled Languages (C/C++, Golang, etc.)