About the Role
Remote – Offensive Security Engineer
Remote – U.S.
Who is SimSpace:
SimSpace launched in 2015 with a singular purpose – addressing the most urgent and sophisticated cybersecurity challenges to reduce risk for our most vulnerable and valuable infrastructure. The organizations around the world that we depend on every day to keep our loved ones safe and secure. Our healthcare facilities, schools, financial institutions, transit centers, grocery stores, and workplaces just to name a few. To deliver global resiliency, we provide an elite cyber range platform to curate unassailable cyber defenses, data driven decisions, cutting edge training labs, live attack scenarios, and extensive individual and dynamic team readiness training.
SimSpace works as OneTeam to elevate humanity around the world. We are committed to continuously improving and delivering a cultivated member experience whether that is accomplished through focusing on supporting our client’s teams or our own mission driven SimSpacers.
We are an international company headquartered in Boston’s Fort Point in the U.S. If you are interested in elevating the technology and creative solutions necessary to secure and safeguard our future while working alongside others who share your passion for purpose and development, we want to meet you!
Why should you choose a career at SimSpace?
We are an organization that is focused on building our culture and mindfully enhancing our atmosphere everyday which is why we have collaborated on an integral value system. Our governing philosophy of being Human Centered is deeply embedded within our value system. We apply this philosophy to every one of our internal team members, external clients, and their customers.
Our core values:
- Serve to Protect – We provide safe space, deliver on the mission, and elevate humanity
- Acquire Understanding – We seek and provide clarity 10x, cultivate comprehension, and believe information goes both all ways
- Operate as Innovators – We stay curious, practice consistency over intensity, and continue to be the change we need in the world
- Teamwork Without Borders – We are never alone, we solve for all, and keep people at the heart of everything we do
We are looking for:
An Offensive Security Engineer to work on the Scenario Development team which includes the development, deployment, integration and automation of various components within the SimSpace Platform. Existing experience with penetration testing suites such as Metasploit, Cobalt Strike, and similar C2 frameworks is preferred, but not required. As an Offensive Security Engineer, you will have the opportunity to work with distributed systems, ensuring that each component and the system as a whole reliably emulate real-world threat actors at each step in the kill chain. The Scenario Development team is charged with creating advanced, compelling automated attack scenarios for use in the SimSpace Platform.
SimSpace is growing its portfolio of offensive security content by integrating external tools as well as creating our own APT-inspired campaigns. We deliver a catalog of automated attack scenarios and the ability to create new attack components and scenarios from scratch, emulating a wide range of adversary behaviors. The SimSpace Platform provides full control of multi-step attacks along with detailed visualization and reporting. SimSpace follows the Agile process for development and utilizes modern toolchains and methods to develop our frameworks and services in teams.
What will you be doing as an Offensive Security Engineer at SimSpace?
- Research, implement, integrate and automate new attack content (attack tools, attack scenarios, etc.) into the Scenario Development portfolio
- Perform end-to-end testing of attack content to ensure functionality in common environments and the ability to evade common defensive tools
- Collaborate with our passionate software developers on the Offensive Engineering team to ensure that the Scenario Development team’s work is representative and useful during a variety of customer event types
What are the qualifications to apply? To be successful as an Offensive Security Engineer, you need:
- Understanding of tactics and techniques used during offensive network operations and the ability to modify them to subvert defensive countermeasures
- Demonstrable experience emulating real-world cyber threats, covering full attack chains and the application of threat intelligence
- Professional experience in Python 3, PowerShell, or other scripted languages (Ruby, Bash, Batch, PHP, etc.) and compiled languages (C/C++, Golang, etc.)
- Demonstrated experience with distributed systems, communication frameworks (RESTful API and rMQ), network protocols and configuration, data handling, and the proper use of security constructs
- General cybersecurity knowledge including familiarity with industry standards like MITRE ATT&CK and D3FEND, the NIST Cybersecurity Framework, STIX/TAXII, and OpenIOC
- Experience with defensive tools/techniques such as industry standard host-based, network analysis, incident response, and forensics tools
- Experience with the commonly-used attack frameworks (Metasploit, Cobalt Strike, CANVAS, Empire, Core Impact, etc.)
- Relevant certifications from organizations like Offensive Security (OSCP/OSCE), or SANS (GPEN, GXPN, GWAPT), or equivalent experience with demonstrable requisite skills is a bonus
- Fluent with Git, GitHub, Docker, CI/CD and modern team software development and testing tools and practices, including Secure SDLC approaches
- Experience working with virtualization solutions
Additional skills:
- Strong verbal and written communication skills
- Ability to think “outside the box”, tying together capabilities to build resilient automated processes
- Proficiency in conceptualizing and implementing automated solutions and distributed systems
- Experience in developing robust, high-quality software that adheres to best practices in design, implementation, instrumentation, and security
- Self-starter who is highly motivated, accepting of other’s opinions/feedback, and can work effectively in a team