img
Contract TypeFull-time
Workplace typeOn-site
LocationRiyadh

Job Description

About the Cyber Simulation Exercises Scenario Developer Role

FNRCO is seeking a Cyber Simulation Exercises Scenario Developer to design, build, and deliver large-scale cybersecurity simulation exercises. This role is crucial for enhancing workforce cyber capabilities. The position is based in Riyadh and is a full-time engagement. The ideal candidate will possess 5-10 years of relevant experience.

Role and Responsibilities in Scenario Development

The Cyber Simulation Exercises Scenario Developer will be responsible for creating realistic scenarios on a cyber range platform. This includes developing exercise "injects" and artifacts, as well as building and maintaining the supporting lab infrastructure to facilitate repeatable and measurable training at scale. The role involves designing end-to-end cyber simulation exercises that align with organizational capability uplift goals, such as phishing response, ransomware defense, cloud misconfigurations, insider threats, and incident response coordination. Learning objectives will be translated into engaging storylines, technical objectives, and measurable outcomes. Multi-track scenarios will be developed for various audiences, including IT, SOC, incident commanders, and executives, ensuring appropriate complexity and realism that reflects the current threat landscape and common enterprise environments.

Content Creation and Inject Design

This position requires the production of complete exercise packages, including facilitator guides, participant instructions, runbooks, timelines, scoring rubrics, and debrief materials. Realistic artifacts such as emails, chat transcripts, tickets, logs, alerts, threat intelligence snippets, media statements, executive briefings, and policy references will be created. Assessment content, including pre/post checks, knowledge validations, and performance-based evaluation criteria, will also be developed. The role involves creating and managing exercise injects, both technical and non-technical, to drive decision-making and actions during simulations. Inject delivery mechanisms within the cyber range, such as automated triggers, timed releases, and event-driven injects, will be implemented. Coordination of inject timing, escalation paths, and branching logic based on participant actions is also a key responsibility.

Cyber Range Infrastructure and Exercise Support

The Cyber Simulation Exercises Scenario Developer will build and configure lab environments necessary for scenarios, including networks, endpoints, servers, identity services, and security tooling. Integration of common security tools and telemetry sources, such as SIEM, EDR, IDS, email security, and vulnerability scanners, will be performed as required by the exercise. Support for dry runs, pilot sessions, and production execution is expected, along with troubleshooting technical issues during live exercises. Facilitators will be provided with clear runbooks, decision points, and expected participant actions. Exercise telemetry and participant performance data will be captured for reporting and continuous improvement.

Measurement and Continuous Improvement

Key performance indicators (KPIs) and scoring models will be defined, focusing on metrics such as time-to-detect, time-to-contain, decision quality, process adherence, and communication effectiveness. Post-exercise reports and lessons learned will be produced, with recommendations for improvements to content, controls, and processes.

Required Qualifications and Technical Skills

Candidates must hold a Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or possess equivalent practical experience. Proven experience in developing cybersecurity simulation exercises on a cyber range platform is essential. Demonstrated ability to create injects and exercise artifacts that drive realistic participant behavior is required. Experience in building and operating lab infrastructure, whether virtualized or cloud-based, for cyber scenarios is necessary. A strong understanding of the incident response lifecycle, common attack techniques, and defensive controls is expected. Required technical skills include hands-on experience with at least one commercial or open cyber range solution, fundamentals of virtualization and networking (segmentation, routing, DNS, AD basics), basic Windows/Linux administration and Active Directory concepts, proficiency in at least one automation/scripting language (PowerShell, Python, Bash), and knowledge of logging/monitoring concepts (SIEM/EDR telemetry, log sources, alerting logic).


Requirements

  • Requires 5-10 Years experience

Similar Jobs