Cyber Range Engineer

Cyber Range Engineer

We are looking for a Cyber Range Engineer focused on designing, building, and running realistic cyber range scenarios that reflect current threat activity. This role is hands-on and adversary-minded: you will translate threat landscape reporting and real-world TTPs into end-to-end exercise content (attack paths, injects and artifacts).

Responsibilities

• Create/Develop Cyber Range scenarios based on current threat landscape, adversary trends and relevant risk.
• Create realistic exercise artefacts and injects (e.g., phishing emails, malicious documents, command histories, web logs, domain activity, cloud audit events, IAM changes) to support Blue Team exercises.
• Validate scenario functionality in the range: ensure dependencies are in place, paths execute as intended, and “teachable moments” are aligned to learning objectives.
• Support exercise execution and facilitation:
  • Assist with dry runs and rehearsals, adjust scenario pacing, and provide technical support during live execution.
  • Record outcomes, key timelines, and notable participant actions for post-exercise review.
  • Maintain accurate documentation of scenario packages, threat mappings (e.g., ATT&CK), prerequisites, and known issues/edge cases.
• Contribute to post-exercise reporting by providing the attack narrative, evidence trail, expected vs observed detections, and improvement recommendations for detection/response.
• Understand best practices in hardening and policy configurations for organizations.

Requirements

• 1 to 2 years of experience in one or more of the following:
  • Security operations / incident response support
  • Penetration testing / red teaming / purple teaming
  • Detection engineering labs / cyber range / CTF scenario development

Added Advantage (Preferred Knowledge / Skills)

• CISSP, OSCP, GCIH or other related cyber certifications
• Windows and Linux fundamentals, including common logging sources (Windows Event Logs, Sysmon concepts, Linux auth logs)
• Networking fundamentals (IP addressing, DNS, HTTP/S, routing, segmentation concepts)
• Familiarity with adversary techniques and frameworks (MITRE ATT&CK, kill chain concepts)
• Practical scripting capability for repeatability/automation (PowerShell, Python, Bash)
• Basic understanding of cloud platforms (AWS, Azure, or GCP), especially audit/logging concepts
• Exposure to security tooling and telemetry sources:
  • EDR concepts (e.g., CrowdStrike, Microsoft Defender for Endpoint, SentinelOne)
  • SIEM/log platforms (Splunk, Microsoft Sentinel, Elastic/Wazuh)
  • Network/security controls (Palo Alto, Fortinet) and relevant log types

Location

Work location: Jurong East