Remote Security Content Engineer

Description:

• BlueVoyant is seeking a Security Content Engineer to join their fast-paced team focused on building automated security analysis solutions.
• This is a fully remote role based in the United States.
• The position involves developing detection logic, automation, and visualizations to help clients derive actionable security insights.
• Responsibilities include enriching security signals to improve SOC efficiency, researching threat actors and attack vectors, and developing detection content for emerging threats.
• The engineer will design and build automation content for onboarding new products and assist clients in testing and tuning detection logic to reduce false positives and alert fatigue.
• The role requires identifying and promoting reusable content across clients, collaborating with integration teams to optimize log ingestion, and delivering research-driven content such as queries, signatures, rules, and knowledge base articles.
• Additional tasks include developing supplemental detection coverage for high-risk vulnerabilities, contributing to the evolution of security policies and procedures, and communicating regularly with client IT teams to ensure operational readiness.

Requirements:

• Candidates must have strong collaboration and interpersonal skills, especially in distributed team environments.
• Excellent written and verbal communication skills are required, with the ability to explain complex topics clearly.
• Experience in writing detection signatures or algorithms is necessary.
• Proficiency in analyzing event logs and identifying indicators of compromise is essential.
• Hands-on experience with Microsoft Azure, Sentinel, Defender, and related tools is required.
• Familiarity with Sentinel Incidents, Workbooks, Hunting Queries, Notebooks, Kusto Query Language (KQL), complex JSON structures, and development tools (Git, IDEs, CI/CD pipelines) is expected.
• Strong scripting skills in languages such as Python or Ruby are necessary.
• Experience in digital forensics and blue team operations is required.
• A solid understanding of network protocols and infrastructure is essential.
• Candidates must be able to gather client requirements and translate them into technical solutions.
• Deep knowledge of SIEM/SOAR platforms, API integrations, Endpoint Detection and Response (EDR), log analysis, malware detection, network monitoring tools, case management systems, and the Atlassian Suite (Jira, Confluence) is required.
• Familiarity with email security, DLP, encryption, and vulnerability management is also necessary.

Benefits:

• BlueVoyant offers a fully remote work environment, allowing for flexibility in work location.
• The company provides equal employment opportunities to all employees and applicants, promoting a diverse and inclusive workplace.
• Employees are part of a highly skilled team that includes former government cyber officials with extensive experience in responding to advanced cyber threats.
• The company emphasizes the importance of accuracy, actionability, timeliness, and scalability in its services.
• BlueVoyant is committed to compliance with applicable state and local laws governing non-discrimination in employment.