- Salary: $80000 - $170000
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Travel 25
- Telework: Not Provided
SimSpace, a leader in advanced warfare cyber simulations, is expanding its training content architecture and development team with junior, mid, and senior Security Research Engineer / Content Developer candidates to meet growing customer demand for real-world attack/defense live-fire exercises and skills labs.
As a Security Research Engineer / Content Developer at SimSpace, you will design, develop and execute network intrusions on live ranges using real-world adversary tactics coupled with modern security defense and investigative strategies. You will join a team of experienced offensive operators and strategic defenders to develop world-class skills assessment and training, critical in shaping the information security professionals of tomorrow. You will author challenges and training modules to assess and develop foundational to advanced skill levels, providing customers hands-on opportunities to train like they fight, refining their competencies at effectively defending their networks from advanced cyber threats.
- Develop curriculum that encompasses a range of foundational to advanced red team/offensive tactics and/or blue team EDR/investigative strategies
- Create learning materials in the form of briefings, practical exercises, and games
- Architect cyber range scenarios that include adversarial tactics, techniques, and procedures (TTPs) and advanced detection and investigative strategies
- Work with our range-operations and DevOps teams to develop toolsets and scenarios within a cybersecurity range to model real-world threat defense scenarios
- Install and baseline security monitoring, detection, and response technologies in enterprise-scaled cyber ranges
- Stay abreast of the latest in offensive strategies and cybersecurity defenses, technologies, methodologies, policy, and breaches
- Assess the skills and level of cyber defense of individuals and teams
- Travel for quarterly company meetings and occasional customer engagements.
- Broad knowledge of standard cyber defense tools such as logging and monitoring, along with deep specialization knowledge in at least one of the following domains:
- Windows Domain Security
- Application Security
- Host Forensics
- Linux Security
- Network Security
- Threat Hunting
- Incident Response
- DCO/OCO Leadership
- A clear understanding of the current state-of-the-art in computer and network security practices and research, to include exploit mitigation, countermeasures, detection, forensic, auditing, and other defensive tools
- A detailed understanding of cybersecurity recommended best practices (NIST, SANS, CIS, DoD)
- Experience as a practitioner of cyber red-blue exercise concepts as a learning technique
- Complete understanding of adversary kill-chain and exploitation scenarios
- Basic understanding of one or more scripting languages such as PowerShell, Bash, and Python
- Desire to learn, fostering a growth mindset, and sharing knowledge to others on the team
- Strong oral and written communication skills
- U.S. citizenship as required by our existing U.S. Government contracts
- Knowledgeable in several aspects of cybersecurity as applied to Windows, Linux, Network Infrastructure, and Cyber Intelligence
- Can develop and present your own course materials based on your assessment of participant needs
- Can build and operate one's own defensive toolsets
- Experience in multiple technical areas to include incident response, vulnerability assessment, risk management, information assurance, scripting, cyber intelligence, forensics, malware analysis, network and/or host-based monitoring
- Competitive benefits (medical, dental, company-paid vision, 401k, savings and spending accounts, Employee Assistance Program, company-paid Life and AD&D Insurance).
- Competitive salary range ($80,000 - $170,000)
- Performance incentives in the form of an Annual Bonus Plan.
- Equity options at hire and potential for additional based on performance.
- Semi-flexible hours, with the expectation that you overlap the main part of the day to meet deadlines, collaborate with colleagues and attend key meetings.
- We are a hybrid remote/in-person company with an amazing office in Boston's Fort Point. We also have a distributed team outside of Boston. We are currently all remote to follow COVID-19 precautions. We do value in-person collaboration, so if you're located in Boston, we'd love to have you in the office when it's possible!
- Unlimited paid time off