Security Content Engineer

Summary

Join BlueVoyant's fast-paced team as a Security Content Engineer to build automated security analysis solutions. This fully remote role focuses on developing detection logic, automation, and visualizations for actionable security insights. Collaborate with internal teams and customers to enhance security operations through innovative content engineering. You will enrich security signals, research threats, design automation, assist clients with testing, identify reusable content, collaborate with integration teams, deliver research-driven content, and contribute to security policies and procedures. The role also involves communicating with clients, supporting incident response, and advancing security standard operating procedures. This position offers the opportunity to work remotely and contribute to a dynamic team focused on improving cybersecurity.

Requirements

• Strong collaboration and interpersonal skills, especially in distributed team environments
• Excellent written and verbal communication skills; ability to explain complex topics clearly
• Experience in writing detection signatures or algorithms
• Proficiency in analyzing event logs and identifying indicators of compromise
• Hands-on experience with Microsoft Azure, Sentinel, Defender, and related tools
• Familiarity with: Sentinel Incidents, Workbooks, Hunting Queries, Notebooks
• Kusto Query Language (KQL) or similar
• Complex JSON structures
• Development tools (Git, IDEs, CI/CD pipelines)
• Strong scripting skills (Python, Ruby, etc.)
• Experience in digital forensics and blue team operations
• Solid understanding of network protocols and infrastructure
• Ability to gather client requirements and translate them into technical solutions
• Deep knowledge of: SIEM/SOAR platforms
• API integrations
• Endpoint Detection and Response (EDR)
• Log analysis and malware detection
• Network monitoring tools
• Case management systems
• Atlassian Suite (Jira, Confluence)
• Email security, DLP, encryption, and vulnerability management

Responsibilities

• Enrich security signals to improve SOC efficiency and outcomes
• Research threat actors and attack vectors to develop detection content for emerging threats
• Design and build automation content for onboarding new products
• Assist clients in testing and tuning detection logic to reduce false positives and alert fatigue
• Identify and promote reusable content (rules, automations, dashboards) across clients
• Collaborate with integration teams to optimize log ingestion and reduce noise
• Deliver research-driven content such as queries, signatures, rules, and knowledge base articles
• Develop supplemental detection coverage for high-risk vulnerabilities and exploits
• Contribute to the evolution of security policies, procedures, and automation frameworks
• Communicate regularly with client IT teams to provide guidance and ensure operational readiness
• Support the development of incident response processes and documentation
• Assist with advancing security standard operating procedures and incident response reporting

Preferred Qualifications

• Background in intrusion analysis, detection engineering, or penetration testing
• 5+ years of experience in IT or cybersecurity, with a focus on SIEM and detection content
• Relevant certifications such as Microsoft 365 Certified: Security Administrator Associate, GCFA, GCFE, or OSCP
• Bachelor's degree in a related field or equivalent professional experience and certifications