SOFT's client is seeking a consultant for a hybrid position (3 days in Brooklyn, 2 remote) supporting incident response readiness to a very large audience. Details below:
This role is a mission-critical position supporting an Incident Response Readiness program, which delivers annual cyber simulation, tabletop, and hands-on training. These engagements rely on custom-developed Immersive Labs simulations, active training proctoring, and deep incident response subject-matter expertise to ensure exercises are realistic, consistent, and aligned with cyber incident response policies and standards.
Location :Brooklyn, 3 days in office/2 days remote
Hybrid Schedule: Monday- Friday; 9 AM - 5 PM
Immediate need
SCOPE OF SERVICES
TASKS:
Apply incident response experience to develop realistic, operationally accurate cyber incident scenarios
Translate real-world incidents, threat intelligence, and lessons learned into structured training simulations
Align all simulations to the Cyber Incident Response lifecycle, including detection, triage, investigation, containment, remediation, and post-incident review
Develop and maintain simulation content, including:
- Scenario narratives and timelines
- Injects and decision points
- Supporting artifacts (e.g., logs, alerts, reports)
- Role-based challenges for technical staff, management, and executives
- Customize simulations for agency-specific environments while maintaining consistency with company standards
- Proctor and oversee Immersive Labs training sessions, including:
- Managing scenario flow and inject timing
- Monitoring participant engagement and progress
- Providing guidance without disrupting learning objectives
- Support annual cyber training delivery across large number of business entities
- Document exercise outcomes, participant challenges, and improvement areas to inform future content
- Participate in structured knowledge transfer and shadowing with the current role holder to ensure continuity during military deployment
- Assume independent responsibility for simulation development and training proctoring following the transition period
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered
3 5 years of hands-on cybersecurity incident response experience, including detection, triage, investigation, containment, remediation, and post-incident activities
Experience responding to common cyber incidents such as ransomware, phishing, credential compromise, data breaches, and third-party/vendor incidents
Ability to apply real-world incident response experience to the development of realistic training scenarios
Experience developing, supporting, or delivering cybersecurity training, simulations, or tabletop exercises
Experience using cyber range or hands-on training platforms (e.g., Immersive Labs or similar)
Familiarity with incident response frameworks and standards (e.g., NIST, MITRE ATT&CK)
Experience working with security logs, alerts, and technical artifacts (e.g., SIEM, EDR, network or cloud logs)
Experience supporting or proctoring live training sessions, simulations, or tabletop exercises
Strong written and verbal communication skills
Ability to work independently, manage multiple activities, and assume responsibilities quickly during a time-sensitive transition
Bachelor s degree in Cybersecurity, Information Technology, Computer Science, or equivalent professional experience
DESIRABLE SKILLS/EXPERIENCE:
Direct experience developing content specifically within Immersive Labs
Experience designing and delivering cyber tabletop exercises for executive, management, and technical audiences
Experience supporting large-scale, multi-agency or enterprise training programs
Prior experience working in government, public sector, or highly regulated environments
Experience aligning training content to organizational policies, playbooks, and incident response plans
Familiarity with cloud security incidents (e.g., identity, SaaS, IaaS/PaaS environments)
Experience incorporating lessons learned, after-action reports, or threat intelligence into training content
Basic instructional design or adult learning experience
Experience collecting training metrics and contributing to post-exercise reporting
Relevant cybersecurity certifications (e.g., Security+, GCIH, GCED, CySA+, CISSP)
Please refer to the Position ID when inquiring about a job posting or sending in your resume.
***INDEPENDENT CONSULTANTS ONLY! NO THIRD PARTIES/NO SUB CONTRACTORS***
Never miss an opportunity! Create an alert based on the job you applied for.
