Security Content Engineer

Job Title: Security Content Engineer
Location: Remote, US
Work Authorization: US Citizenship Required

Summary:
BlueVoyant is seeking an experienced and proficient Security Content Engineer to join our Threat Fusion Cell (TFC). As a trusted and established member of our team, you will operate with a high degree of autonomy to own and enhance the detection and automation content that protects our global clients. You are a dependable, hands-on expert in the full content lifecycle, capable of managing complex logic, optimizing for signal quality, and serving as a reliable technical resource for the team. This role is ideal for a seasoned professional who consistently delivers high-quality work with minimal supervision.

Key Responsibilities:

• Own and Enhance Detection Content: Autonomously develop, test, and maintain high-fidelity detection logic in KQL for the Microsoft Sentinel environment. You will own a portfolio of content, ensuring its long-term effectiveness and performance.

• Conduct Advanced Tuning & Optimization: Perform independent and complex global tuning to improve SOC efficiency and outcomes. Proactively identify and resolve sources of alert fatigue and false positives across our customer base.

• Lead Threat-Informed Research: Independently research emerging threats, attack vectors, and high-risk vulnerabilities to design and develop proactive detection strategies, not just reactive rules.

• Develop Scalable Automation: Design and build automation content for key security workflows, including product onboarding and incident enrichment, with a focus on reusability and efficiency.

• Serve as a Technical Resource: Act as a knowledgeable point of contact for clients on complex tuning requests and provide clear guidance on detection logic. Collaborate with integration teams to define requirements for optimizing log ingestion.

• Improve Team Frameworks: Contribute to the evolution of security policies and automation frameworks by providing expert feedback and identifying areas for improvement based on hands-on experience.

Required Qualifications & Experience:

• 5-8 years of direct experience in Detection Engineering, Security Operations, or a similar role with a heavy focus on content creation.

• Deep, hands-on expertise with the Microsoft security stack, including Microsoft Sentinel, Microsoft 365 Defender, and Logic Apps.

• High proficiency in Kusto Query Language (KQL), with proven experience writing complex, optimized queries for detection and hunting.

• Strong, demonstrated experience automating security workflows using SOAR platforms, APIs, or scripting languages (Python, PowerShell).

• Proven ability to operate with a high degree of autonomy, managing competing priorities and complex projects with minimal supervision.

• In-depth knowledge of attacker TTPs, the MITRE ATT&CK framework, and modern blue team operations.

• Excellent analytical and problem-solving skills, with experience in deep log analysis and digital forensics.

• Strong collaboration and communication skills, with the ability to clearly explain complex technical concepts.

Preferred Qualifications & Experience:

• Experience in a large-scale Managed Detection and Response (MDR) environment.

• Familiarity with CI/CD pipelines and version control (Git) for managing "detections-as-code."

• Advanced industry certifications such as GCIH, GDAT, GCFA, or OSCP.

About BlueVoyant
At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.

BlueVoyant uses AI-assisted tools within our applicant tracking system to help identify candidates whose experience and skills best match the requirements of a role. This technology provides hiring teams with additional insights to support fair and efficient hiring decisions. Please note that all applications are reviewed by a member of our hiring team, and final hiring decisions are made by humans, not AI. By submitting your application, you acknowledge that AI tools may assist in the evaluation of your resume as part of the recruitment process. For more information on how we process your personal data, please review our Candidate Privacy Notice available at https://www.bluevoyant.com/candidate-privacy-notice.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. Furthermore, individuals may be subject to additional background checks and fingerprinting.

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice