Cyber Simulation Content Developer

Title: Cyber Simulation Content Developer and Trainer 
Work Location: Brooklyn, NY - Hybrid: (3 days in office/2 days remote)

Scope of Services:
The Cyber Simulation Content Developer role is a mission-critical position supporting the Agency Incident Response Readiness (AIRR) program, which delivers annual cyber simulation, tabletop, and hands-on training to approximately 70+ agencies. These engagements rely on custom-developed Immersive Labs simulations, active training proctoring, and deep incident response subject-matter expertise to ensure exercises are realistic, consistent, and aligned with cyber incident response policies and standards.

Tasks:

• Apply incident response experience to develop realistic, operationally accurate cyber incident scenarios
• Translate real-world incidents, threat intelligence, and lessons learned into structured training simulations
• Align all simulations to the Cyber Incident Response lifecycle, including detection, triage, investigation, containment, remediation, and post-incident review
• Develop and maintain Immersive Labs simulation content, including:
• Scenario narratives and timelines
• Injects and decision points
• Supporting artifacts (e.g., logs, alerts, reports)
• Role-based challenges for technical staff, management, and executives
• Customize simulations for agency-specific environments while maintaining consistency with Citywide standards
• Proctor and oversee Immersive Labs training sessions, including:
• Managing scenario flow and inject timing
• Monitoring participant engagement and progress
• Providing guidance without disrupting learning objectives
• Support annual cyber training delivery across approximately 70 agencies
• Document exercise outcomes, participant challenges, and improvement areas to inform future content
• Participate in structured knowledge transfer and shadowing with the current role holder to ensure continuity during military deployment
• Assume independent responsibility for simulation development and training proctoring following the transition period

Mandatory Skills/Experience: Candidates who do not have the mandatory skills will not be considered

• Minimum of 4 years of hands-on cybersecurity incident response experience, including detection, triage, investigation, containment, remediation, and post-incident activities
• Experience responding to common cyber incidents such as ransomware, phishing, credential compromise, data breaches, and third-party/vendor incidents
• Ability to apply real-world incident response experience to the development of realistic training scenarios
• Experience developing, supporting, or delivering cybersecurity training, simulations, or tabletop exercises
• Experience using cyber range or hands-on training platforms (e.g., Immersive Labs or similar)
• Bachelor''s degree in Cybersecurity, Information Technology, Computer Science, or equivalent professional experience

Desired Skills/Experience:

• Direct experience developing content specifically within Immersive Labs
• Prior experience working in government, public sector, or highly regulated environments
• Experience aligning training content to organizational policies, playbooks, and incident response plans
• Familiarity with cloud security incidents (e.g., identity, SaaS, IaaS/PaaS environments)
• Experience incorporating lessons learned, after-action reports, or threat intelligence into training content
• Basic instructional design or adult learning experience
• Experience collecting training metrics and contributing to post-exercise reporting
• Relevant cybersecurity certifications (e.g., Security+, GCIH, GCED, CySA+, CISSP)

Spruce Technology, Inc. is a mid-size, award-winning (Inc 5000, SmartCEO, Entrepreneur of the Year) technology services firm with a steadily growing portfolio of commercial and government clients. Spruce provides innovative technology solutions, specialized IT staff, and IT strategy consulting nationwide. Spruce maintains partnerships with major technology vendors and continually develops leading-edge offerings in service areas such as digital experience, data services, application development, infrastructure, cyber security, and IT staffing.

Spruce Technology, Inc. is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Consistent with the Americans with Disabilities Act, it is the policy of Spruce Technology, Inc. to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process.