Cyber Range Engineer

Cyber Range Engineer

We are looking for a Cyber Range Engineer focused on designing, building, and running realistic cyber range scenarios that reflect current threat activity. This role is hands-on and adversary-minded: you will translate threat landscape reporting and real-world TTPs into end-to-end exercise content (attack paths, injects and artifacts). Create/Develop Cyber Range scenarios based on current threat landscape, adversary trends and relevant risk. Create realistic exercise artefacts and injects (e.g., phishing emails, malicious documents, command histories, web logs, domain activity, cloud audit events, IAM changes) to support Blue Team exercises. Validate scenario functionality in the range: ensure dependencies are in place, paths execute as intended, and "teachable moments" are aligned to learning objectives. Support exercise execution and facilitation: Assist with dry runs and rehearsals, adjust scenario pacing, and provide technical support during live execution. Record outcomes, key timelines, and notable participant actions for post-exercise review. Maintain accurate documentation of scenario packages, threat mappings (e.g., ATT&CK), prerequisites, and known issues/edge cases. Contribute to post-exercise reporting by providing the attack narrative, evidence trail, expected vs observed detections, and improvement recommendations for detection/response. Understand best practices in hardening, policy configurations for organisations.

Requirements:

• 1 to 2 years of experience in one or more of the following: security operations / incident response support penetration testing / red teaming / purple teaming detection engineering labs / cyber range / CTF scenario development
• Added Advantage (Preferred Knowledge / Skills): CISSP, OSCP, GCIH or any other related cyber certifications Windows and Linux fundamentals, including common logging sources (Windows Event Logs, Sysmon concepts, Linux auth logs). Networking fundamentals (IP addressing, DNS, HTTP/S, routing, segmentation concepts). Familiarity with adversary techniques and frameworks (MITRE ATT&CK, kill chain concepts). Practical scripting capability for repeatability/automation (PowerShell, Python, Bash). Basic understanding of cloud platforms (AWS, Azure, or GCP), especially audit/logging concepts. Exposure to security tooling and telemetry sources: EDR concepts (e.g., CrowdStrike, Microsoft Defender for Endpoint, SentinelOne) SIEM/log platforms (Splunk, Microsoft Sentinel, Elastic/Wazuh) Network/security controls (Palo Alto, Fortinet) and relevant log types