Security Research Engineer 2 - Remote

SimSpace • Full-time • Remote (US, United States) • 3w ago

Who is SimSpace:

SimSpace launched in 2015 with a singular purpose – addressing the most urgent and sophisticated cybersecurity challenges to reduce risk for our most vulnerable and valuable infrastructure. The organizations around the world that we depend on every day to keep our loved ones safe and secure. Our healthcare facilities, schools, financial institutions, transit centers, grocery stores, and workplaces just to name a few. To deliver global resiliency, we provide an elite cyber range platform to curate unassailable cyber defenses, data driven decisions, cutting edge training labs, live attack scenarios, and extensive individual and dynamic team readiness training.

SimSpace works as OneTeam to elevate humanity around the world. We are committed to continuously improving and delivering a cultivated member experience whether that is accomplished through focusing on supporting our client’s teams or our own mission driven SimSpacers.

We are hybrid, remote, and in-person with offices in Boston's Fort Point and Maryland in the U.S. We also have offices in the UK, Germany, Israel, Australia, Czech Republic, Japan, Singapore, and Egypt. If you are interested in elevating the technology and creative solutions necessary to secure and safeguard our future while working alongside others who share your passion for purpose and development, we want to meet you!

Why should you choose a career at SimSpace?

We are an organization that is focused on building our culture and mindfully enhancing our atmosphere everyday which is why we have collaborated on an integral value system. Our governing philosophy of being Human Centered is deeply embedded within our value system. We apply this philosophy to every one of our internal team members, external clients, and their customers.

Our core values:

Serve to Protect – We provide safe space, deliver on the mission, and elevate humanity
Acquire Understanding – We seek and provide clarity 10x, cultivate comprehension, and believe information goes both all ways
Operate as Innovators – We stay curious, practice consistency over intensity, and continue to be the change we need in the world
Teamwork Without Borders – We are never alone, we solve for all, and keep people at the heart of everything we do

We are looking for:

A Security Research Engineer / Content Developer at SimSpace, who will design, develop and execute network intrusions on live ranges using real-world adversary tactics coupled with modern security defense and investigative strategies. You will join a team of experienced offensive operators and strategic defenders to develop world-class skills assessments and training, critical in shaping information security professionals of tomorrow. As a Security Research Engineer, you will author challenges and training modules to assess and develop foundational to advanced skill levels, providing customers hands-on opportunities to train like they fight, refining their competencies at effectively defending their networks from advanced cyber threats

What will you be doing as a Security Research Engineer at SimSpace?

Develop educational curriculum that encompasses a range of foundational to advanced red team/offensive tactics and/or blue team EDR/investigative strategies.
Create learning materials in the form of briefings, white papers, practical exercises, and games.
Architect cyber range scenarios that include adversarial tactics, techniques, and procedures (TTPs) and advanced detection and investigative strategies.
Work with our range-operations and DevOps teams to develop toolsets and scenarios within a cybersecurity range to model real-world threat offense or defense scenarios.
Install and baseline security monitoring, detection, and response technologies in enterprise-scaled cyber ranges.
Stay abreast of the latest in offensive strategies and cybersecurity defenses, technologies, methodologies, policy, and breaches.
Assess the skills and level of cyber defense of individuals and teams.

What are the qualifications to apply? To be successful as a Security Research Engineer, you need to have:

Broad knowledge of standard cyber defense tools and offensive cyber techniques, along with deep specialization knowledge in at least one of the following domains:
- Windows Domain Security
- Application Security
- Host Forensics
- Linux Security
- Network Forensics
- Threat Hunting
- Incident Response
- Malware Analysis and Triage
- Red Teaming or Penetration Testing
- Reverse Engineering
Solid understanding of tactics and techniques used during offensive network operations and the ability to modify them to subvert defensive countermeasures.
A clear understanding of the current state-of-the-art in computer and network security practices and research, to include exploit mitigation, countermeasures, detection, forensic, auditing, and other defensive tools.
Experience as a practitioner of cyber red-blue exercise concepts as a learning technique.
Complete understanding of adversary kill-chain and exploitation scenarios.
Basic understanding of one or more scripting languages such as PowerShell, Bash, and Python.
Can build and operate one’s own defensive toolsets.
Experience in multiple technical areas to include incident response, vulnerability assessment, risk management, information assurance, scripting, cyber intelligence, forensics, malware analysis, network and/or host-based monitoring.
Experience with the commonly used attack frameworks (Cobalt Strike, Metasploit, CANVAS, Empire, Core Impact, etc.).
Desire to learn, fostering a growth mindset, and sharing knowledge to others on the team.
Ability to develop and present your own course materials based on your assessment of participant needs.
U.S. citizenship as required by our existing U.S. Government contracts.

We also provide the following:

Salary Range $90,000-$135,000
Benefits that start on first day of hire (medical, dental, company-paid vision, savings and spending accounts, Employee Assistance Program, company-paid Life and AD&D Insurance)
401k with immediate vesting
Unlimited paid time off
Equity options at hire and potential for additional based on performance
Generous employee referral bonus program
Peloton Interactive Wellness Program
Semi-flexible hours, with the expectation that you overlap the main part of the day to meet deadlines, collaborate with colleagues and attend key meetings.

SimSpace is an Equal Opportunity Employer:

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

SimSpace does not and shall not discriminate based on race, color, religion (creed), gender, gender expression and identity, age, national origin (ancestry), disability, marital status, sexual orientation, or military/veteran status, in any of its activities or operations. We are committed to providing an inclusive and welcoming environment for all members of our staff, clients, volunteers, subcontractors, vendors, and clients.

Research shows that women and people from underrepresented groups only apply to jobs if they meet all of the qualifications. However, no one ever meets 100% of the qualifications. SimSpace encourages you to break that statistic and to apply. We look forward to your application!