SOFT's client is seeking a consultant for a hybrid position (3 days in Brooklyn, 2 remote) supporting incident response readiness to a very large audience. Details below:
This role is a mission-critical position supporting an Incident Response Readiness program, which delivers annual cyber simulation, tabletop, and hands-on training. These engagements rely on custom-developed Immersive Labs simulations, active training proctoring, and deep incident response subject-matter expertise to ensure exercises are realistic, consistent, and aligned with cyber incident response policies and standards.
Location :Brooklyn, 3 days in office/2 days remote
Hybrid Schedule:Monday- Friday; 9 AM - 5 PM
Immediate need
SCOPE OF SERVICES
TASKS:
· Apply incident response experience to develop realistic, operationally accurate cyber incident scenarios
· Translate real-world incidents, threat intelligence, and lessons learned into structured training simulations
· Align all simulations to the Cyber Incident Response lifecycle, including detection, triage, investigation, containment, remediation, and post-incident review
· Develop and maintain simulation content, including:
· - Scenario narratives and timelines
· - Injects and decision points
· - Supporting artifacts (e.g., logs, alerts, reports)
· - Role-based challenges for technical staff, management, and executives
· - Customize simulations for agency-specific environments while maintaining consistency with company standards
· - Proctor and oversee Immersive Labs training sessions, including:
· - Managing scenario flow and inject timing
· - Monitoring participant engagement and progress
· - Providing guidance without disrupting learning objectives
· - Support annual cyber training delivery across large number of business entities
· - Document exercise outcomes, participant challenges, and improvement areas to inform future content
· - Participate in structured knowledge transfer and shadowing with the current role holder to ensure continuity during military deployment
· - Assume independent responsibility for simulation development and training proctoring following the transition period
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered
· 3–5 years of hands-on cybersecurity incident response experience, including detection, triage, investigation, containment, remediation, and post-incident activities
· Experience responding to common cyber incidents such as ransomware, phishing, credential compromise, data breaches, and third-party/vendor incidents
· Ability to apply real-world incident response experience to the development of realistic training scenarios
· Experience developing, supporting, or delivering cybersecurity training, simulations, or tabletop exercises
· Experience using cyber range or hands-on training platforms (e.g., Immersive Labs or similar)
· Familiarity with incident response frameworks and standards (e.g., NIST, MITRE ATT&CK)
· Experience working with security logs, alerts, and technical artifacts (e.g., SIEM, EDR, network or cloud logs)
· Experience supporting or proctoring live training sessions, simulations, or tabletop exercises
· Strong written and verbal communication skills
· Ability to work independently, manage multiple activities, and assume responsibilities quickly during a time-sensitive transition
· Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent professional experience
DESIRABLE SKILLS/EXPERIENCE:
· Direct experience developing content specifically within Immersive Labs
· Experience designing and delivering cyber tabletop exercises for executive, management, and technical audiences
· Experience supporting large-scale, multi-agency or enterprise training programs
· Prior experience working in government, public sector, or highly regulated environments
· Experience aligning training content to organizational policies, playbooks, and incident response plans
· Familiarity with cloud security incidents (e.g., identity, SaaS, IaaS/PaaS environments)
· Experience incorporating lessons learned, after-action reports, or threat intelligence into training content
· Basic instructional design or adult learning experience
· Experience collecting training metrics and contributing to post-exercise reporting
· Relevant cybersecurity certifications (e.g., Security+, GCIH, GCED, CySA+, CISSP)