Offensive Security Engineer

Summary

Join SimSpace's Scenario Development team as an Offensive Security Engineer and contribute to the creation of advanced, automated attack scenarios for our cybersecurity platform. You will research, implement, and integrate new attack content, perform rigorous testing, and collaborate with software developers. This role requires expertise in offensive network operations, experience emulating real-world cyber threats, and proficiency in various programming languages. We offer a competitive salary, comprehensive benefits starting day one, flexible time off, and opportunities for professional development. SimSpace values a collaborative and inclusive work environment, encouraging applications from diverse backgrounds.

Requirements

• Understanding of tactics and techniques used during offensive network operations and the ability to modify them to subvert defensive countermeasures
• Demonstrable experience emulating real-world cyber threats, covering full attack chains and the application of threat intelligence
• Professional experience in Python 3, PowerShell, or other scripted languages (Ruby, Bash, Batch, PHP, etc.) and compiled languages (C/C++, Golang, etc.)
• Demonstrated experience with distributed systems, communication frameworks (RESTful API and rMQ), network protocols and configuration, data handling, and the proper use of security constructs
• General cybersecurity knowledge including familiarity with industry standards like MITRE ATT&CK and D3FEND, the NIST Cybersecurity Framework, STIX/TAXII, and OpenIOC
• Experience with defensive tools/techniques such as industry standard host-based, network analysis, incident response, and forensics tools
• Experience with the commonly-used attack frameworks (Metasploit, Cobalt Strike, CANVAS, Empire, Core Impact, etc.)
• Fluent with Git, GitHub, Docker, CI/CD and modern team software development and testing tools and practices, including Secure SDLC approaches
• Experience working with virtualization solutions

Responsibilities

• Research, implement, integrate and automate new attack content (attack tools, attack scenarios, etc.) into the Scenario Development portfolio
• Perform end-to-end testing of attack content to ensure functionality in common environments and the ability to evade common defensive tools
• Collaborate with our passionate software developers on the Offensive Engineering team to ensure that the Scenario Development team’s work is representative and useful during a variety of customer event types

Preferred Qualifications

• Strong verbal and written communication skills
• Ability to think “outside the box”, tying together capabilities to build resilient automated processes
• Proficiency in conceptualizing and implementing automated solutions and distributed systems
• Experience in developing robust, high-quality software that adheres to best practices in design, implementation, instrumentation, and security
• Self-starter who is highly motivated, accepting of other’s opinions/feedback, and can work effectively in a team
• Relevant certifications from organizations like Offensive Security (OSCP/OSCE), or SANS (GPEN, GXPN, GWAPT), or equivalent experience with demonstrable requisite skills

Benefits

• Salary Range $110,000-$140,000
• 401k match with immediate vesting
• Flex time, the time off you need when you need it
• Equity options at hire and potential for additional based on performance
• Generous employee referral bonus program
• Peloton Interactive Wellness Program
• LinkedIn Learning Membership
• Monthly reimbursement for meaningful connections with other SimSpacers
• Comprehensive benefits package that start on day one