Remote - Offensive Security Engineer

Who is SimSpace:

SimSpace launched in 2015 with a singular purpose – addressing the most urgent and sophisticated cybersecurity challenges to reduce risk for our most vulnerable and valuable infrastructure. The organizations around the world that we depend on every day to keep our loved ones safe and secure. Our healthcare facilities, schools, financial institutions, transit centers, grocery stores, and workplaces just to name a few. To deliver global resiliency, we provide an elite cyber range platform to curate unassailable cyber defenses, data driven decisions, cutting edge training labs, live attack scenarios, and extensive individual and dynamic team readiness training. 

SimSpace works as OneTeam to elevate humanity around the world. We are committed to continuously improving and delivering a cultivated member experience whether that is accomplished through focusing on supporting our client’s teams or our own mission driven SimSpacers. 

We are an international company headquartered in Boston's Fort Point in the U.S. If you are interested in elevating the technology and creative solutions necessary to secure and safeguard our future while working alongside others who share your passion for purpose and development, we want to meet you!

Why should you choose a career at SimSpace?

We are an organization that is focused on building our culture and mindfully enhancing our atmosphere everyday which is why we have collaborated on an integral value system. Our governing philosophy of being Human Centered is deeply embedded within our value system. We apply this philosophy to every one of our internal team members, external clients, and their customers.

Our core values:

• Serve to Protect – We provide safe space, deliver on the mission, and elevate humanity
• Acquire Understanding – We seek and provide clarity 10x, cultivate comprehension, and believe information goes both all ways
• Operate as Innovators – We stay curious, practice consistency over intensity, and continue to be the change we need in the world
• Teamwork Without Borders – We are never alone, we solve for all, and keep people at the heart of everything we do

We are looking for:

An Offensive Security Engineer to work on the Scenario Development team which includes the development, deployment, integration and automation of various components within the SimSpace Platform. Existing experience with penetration testing suites such as Metasploit, Cobalt Strike, and similar C2 frameworks is preferred, but not required. As an Offensive Security Engineer, you will have the opportunity to work with distributed systems, ensuring that each component and the system as a whole reliably emulate real-world threat actors at each step in the kill chain. The Scenario Development team is charged with creating advanced, compelling automated attack scenarios for use in the SimSpace Platform.

SimSpace is growing its portfolio of offensive security content by integrating external tools as well as creating our own APT-inspired campaigns. We deliver a catalog of automated attack scenarios and the ability to create new attack components and scenarios from scratch, emulating a wide range of adversary behaviors. The SimSpace Platform provides full control of multi-step attacks along with detailed visualization and reporting. SimSpace follows the Agile process for development and utilizes modern toolchains and methods to develop our frameworks and services in teams.

What will you be doing as an Offensive Security Engineer at SimSpace?

• Research, implement, integrate and automate new attack content (attack tools, attack scenarios, etc.) into the Scenario Development portfolio
• Perform end-to-end testing of attack content to ensure functionality in common environments and the ability to evade common defensive tools
• Collaborate with our passionate software developers on the Offensive Engineering team to ensure that the Scenario Development team’s work is representative and useful during a variety of customer event types

What are the qualifications to apply? To be successful as an Offensive Security Engineer, you need:

• Understanding of tactics and techniques used during offensive network operations and the ability to modify them to subvert defensive countermeasures
• Demonstrable experience emulating real-world cyber threats, covering full attack chains and the application of threat intelligence
• Professional experience in Python 3, PowerShell, or other scripted languages (Ruby, Bash, Batch, PHP, etc.) and compiled languages (C/C++, Golang, etc.) 
• Demonstrated experience with distributed systems, communication frameworks (RESTful API and rMQ), network protocols and configuration, data handling, and the proper use of security constructs
• General cybersecurity knowledge including familiarity with industry standards like MITRE ATT&CK and D3FEND, the NIST Cybersecurity Framework, STIX/TAXII, and OpenIOC
• Experience with defensive tools/techniques such as industry standard host-based, network analysis, incident response, and forensics tools
• Experience with the commonly-used attack frameworks (Metasploit, Cobalt Strike, CANVAS, Empire, Core Impact, etc.)
• Relevant certifications from organizations like Offensive Security (OSCP/OSCE), or SANS (GPEN, GXPN, GWAPT), or equivalent experience with demonstrable requisite skills is a bonus
• Fluent with Git, GitHub, Docker, CI/CD and modern team software development and testing tools and practices, including Secure SDLC approaches
• Experience working with virtualization solutions

Additional skills:

• Strong verbal and written communication skills
• Ability to think “outside the box”, tying together capabilities to build resilient automated processes
• Proficiency in conceptualizing and implementing automated solutions and distributed systems
• Experience in developing robust, high-quality software that adheres to best practices in design, implementation, instrumentation, and security
• Self-starter who is highly motivated, accepting of other’s opinions/feedback, and can work effectively in a team

We offer the following benefits:

• Salary Range $110,000-$140,000
• 401k match
• Flex time, the time off you need when you need it
• Equity options at hire and potential for additional based on performance
• Generous employee referral bonus program
• Peloton Interactive Wellness Program
• LinkedIn Learning Membership
• Monthly reimbursement for meaningful connections with other SimSpacers
• Comprehensive benefits package that start on day one

SimSpace is an Equal Opportunity Employer:

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire. 

SimSpace does not and shall not discriminate based on race, color, religion (creed), gender, gender expression and identity, age, national origin (ancestry), disability, marital status, sexual orientation, or military/veteran status, in any of its activities or operations. We are committed to providing an inclusive and welcoming environment for all members of our staff, clients, volunteers, subcontractors, vendors, and clients.

Research shows that women and people from underrepresented groups only apply to jobs if they meet all of the qualifications. However, no one ever meets 100% of the qualifications. SimSpace encourages you to break that statistic and to apply. We look forward to your application!

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact careers@simspace.com.

SimSpace does not accept unsolicited resumes from employment agencies.

Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range.