Security Researcher

Make Your Mark

Cymulate's Continuous Security Validation enables companies to challenge, assess and optimize their cyber-security posture against the evolving cyberthreat landscape, simply and continuously.

With world-class clients we strive to bring the highest level of service to everything we do. Our team is made up of the very best people for the job and as we grow, we're always on the lookout for people with the skills, experience, and personality that will let us both shine. With high scores on Gartner, G2 and Glassdoor, our clients and employees have let us know what they love about us.

Join Cymulate's Content Team as a Cyber Security Researcher, where you'll be at the forefront of developing cutting-edge attack simulations that power our Breach and Attack Simulation platform. You'll dive deep into emerging adversarial tactics, crafting simulations across on-premise and cloud environments including Windows domains, Kubernetes, and network layers ensuring our platform reflects the latest real-world threats

What You Will Do?

• Attack Simulation R&D
• Continuously track and research emerging attack tactics, techniques, and procedures (TTPs).
• Develop detailed, realistic simulations aligned with the MITRE ATT&CK framework and real-world threats.
• Focus areas include:
• Reconnaissance techniques
• Active Directory (on-prem & Azure)
• Cloud infrastructure attacks
• Kubernetes threats
• OS-level and network-based attack vectors
  

• Support Customer Success and Support teams with deep technical expertise.
• Troubleshoot and resolve complex client-side issues related to attack scenarios.
• Ensure technical accuracy and clarity across internal and client-facing documentation.
  
  

• Experience: Practical experience as a penetration tester or red teamer, executing full-scale assessments across the entire attack chain, from initial reconnaissance through to exploitation and post-exploitation activities.
  
  

• Demonstrated experience in penetration testing or red teaming
• Hands-on involvement across the attack chain from initial access to post-exploitation
• Familiarity with tools like Metasploit, Cobalt Strike, BloodHound, Nessus, Nmap, etc.
• Strong knowledge of the MITRE ATT&CK framework and adversary simulation
  
  

• Python: Building internal tooling, security testing frameworks, and automation
• Bash: Linux scripting and automation for attack execution and system manipulation
• PowerShell: Advanced scripting for Windows-based environments
  
  

• Experience in cloud pen testing (AWS/Azure/GCP) or containerized environments
• Security audit background or familiarity with cloud posture management
  
  

• Strong self-learning capabilities and curiosity to stay up to date with evolving threats
• Ability to work both independently and as part of a collaborative team