Cyber Simulation Exercises Scenario Developer📣 إعلان

About the Role

FNRCO is seeking a Cyber Simulation Exercises Scenario Developer to design, build, and deliver large-scale cybersecurity simulation exercises. This full-time role, based in Riyadh, focuses on enhancing workforce cyber capabilities through realistic scenario development on a cyber range platform. The position requires 5-10 years of experience, with salary details not disclosed.

Cyber Range Exercise and Scenario Development

The primary responsibility involves designing comprehensive cyber simulation exercises that align with organizational goals for capability uplift. This includes developing engaging storylines, technical objectives, and measurable outcomes for various scenarios such as phishing response, ransomware attacks, cloud misconfigurations, insider threats, and incident response coordination. Scenarios will be designed for different audience levels, including IT, SOC, incident commanders, and executives, ensuring appropriate complexity and realism. The scenarios will reflect the current threat landscape and common enterprise environments, including Windows/Linux, Active Directory, email, web applications, cloud, and endpoints.

Content Creation and Inject Design

This role requires the creation of complete exercise packages, including facilitator guides, participant instructions, runbooks, timelines, scoring rubrics, and debrief materials. Realistic artifacts such as emails, chat transcripts, tickets, logs, alerts, threat intelligence snippets, media statements, and executive briefings will be produced. The developer will also build assessment content, including pre/post checks and performance-based evaluation criteria. Furthermore, the role involves designing and managing exercise injects, both technical and non-technical, to guide participant decision-making and actions. Inject delivery mechanisms within the cyber range, including automated triggers and timed releases, will be implemented, with careful coordination of timing, escalation paths, and branching logic based on participant actions.

Cyber Range Infrastructure and Support

Responsibilities include building and configuring the necessary lab environments for scenarios, encompassing networks, endpoints, servers, identity services, and security tooling. Integration of common security tools and telemetry sources, such as SIEM, EDR, IDS, email security, and vulnerability scanners, will be performed as required by the exercise. Support will be provided for dry runs, pilot sessions, and production execution, including troubleshooting technical issues during live exercises. Facilitators will be equipped with clear runbooks and guidance on expected participant actions. Exercise telemetry and participant performance data will be captured for reporting and continuous improvement.

Measurement, Reporting, and Continuous Improvement

Key performance indicators (KPIs) and scoring models will be defined, focusing on metrics such as time-to-detect, time-to-contain, decision quality, process adherence, and communication effectiveness. Post-exercise reports and lessons learned will be produced, with recommendations for improvements to content, controls, and processes.

Required Qualifications and Skills

Candidates must possess a Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience. Proven experience in developing cybersecurity simulation exercises on a cyber range platform is essential. Demonstrated ability to create realistic injects and exercise artifacts that drive participant behavior is required. Experience in building and operating lab infrastructure, whether virtualized or cloud-based, for cyber scenarios is necessary. A strong understanding of the incident response lifecycle, common attack techniques, and defensive controls is expected. Technical skills include hands-on experience with at least one cyber range solution, fundamentals of virtualization and networking (segmentation, routing, DNS, AD basics), basic Windows/Linux administration and Active Directory concepts, proficiency in at least one scripting language (PowerShell, Python, Bash), and knowledge of logging/monitoring concepts including SIEM/EDR telemetry and alerting logic.