Security Researcher

Make Your Mark

Cymulate's Continuous Security Validation enables companies to challenge, assess and optimize their cyber-security posture against the evolving cyberthreat landscape, simply and continuously.

With world-class clients we strive to bring the highest level of service to everything we do. Our team is made up of the very best people for the job and as we grow, we're always on the lookout for people with the skills, experience, and personality that will let us both shine. With high scores on Gartner, G2 and Glassdoor, our clients and employees have let us know what they love about us.

Join Cymulate's Content Team as a Cyber Security Researcher, where you'll be at the forefront of developing cutting-edge attack simulations that power our Breach and Attack Simulation platform. You'll dive deep into emerging adversarial tactics, crafting simulations across on-premise and cloud environments including Windows domains, Kubernetes, and network layers ensuring our platform reflects the latest real-world threats

What You Will Do?

Attack Simulation R&D

Continuously track and research emerging attack tactics, techniques, and procedures (TTPs).
Develop detailed, realistic simulations aligned with the MITRE ATT&CK framework and real-world threats.
Focus areas include:
Reconnaissance techniques
Active Directory (on-prem & Azure)
Cloud infrastructure attacks
Kubernetes threats
OS-level and network-based attack vectors

Cross-Departmental Collaboration

Support Customer Success and Support teams with deep technical expertise.
Troubleshoot and resolve complex client-side issues related to attack scenarios.
Ensure technical accuracy and clarity across internal and client-facing documentation.

What Will You Have?

Experience: Practical experience as a penetration tester or red teamer, executing full-scale assessments across the entire attack chain, from initial reconnaissance through to exploitation and post-exploitation activities.

Offensive Security Experience

Demonstrated experience in penetration testing or red teaming
Hands-on involvement across the attack chain from initial access to post-exploitation
Familiarity with tools like Metasploit, Cobalt Strike, BloodHound, Nessus, Nmap, etc.
Strong knowledge of the MITRE ATT&CK framework and adversary simulation

Programming & Scripting Proficiency

Python: Building internal tooling, security testing frameworks, and automation
Bash: Linux scripting and automation for attack execution and system manipulation
PowerShell: Advanced scripting for Windows-based environments

Cloud & Infrastructure Security (Advantage)

Experience in cloud pen testing (AWS/Azure/GCP) or containerized environments
Security audit background or familiarity with cloud posture management

Learning & Collaboration

Strong self-learning capabilities and curiosity to stay up to date with evolving threats
Ability to work both independently and as part of a collaborative team