BlueVoyant · 3 days ago
Security Content Engineer
United States
Full-time
Remote
Mid, Senior Level
5+ years expBlueVoyant is seeking an experienced and proficient Security Content Engineer to join our Threat Fusion Cell (TFC). In this role, you will autonomously develop and enhance detection content, conduct advanced tuning, and lead threat-informed research to protect global clients.
Cyber SecurityNetwork SecuritySecuritySoftware
No H1B
U.S. Citizen Only
Responsibilities
Own and Enhance Detection Content: Autonomously develop, test, and maintain high-fidelity detection logic in KQL for the Microsoft Sentinel environment. You will own a portfolio of content, ensuring its long-term effectiveness and performance
Conduct Advanced Tuning & Optimization: Perform independent and complex global tuning to improve SOC efficiency and outcomes. Proactively identify and resolve sources of alert fatigue and false positives across our customer base
Lead Threat-Informed Research: Independently research emerging threats, attack vectors, and high-risk vulnerabilities to design and develop proactive detection strategies, not just reactive rules
Develop Scalable Automation: Design and build automation content for key security workflows, including product onboarding and incident enrichment, with a focus on reusability and efficiency
Serve as a Technical Resource: Act as a knowledgeable point of contact for clients on complex tuning requests and provide clear guidance on detection logic. Collaborate with integration teams to define requirements for optimizing log ingestion
Improve Team Frameworks: Contribute to the evolution of security policies and automation frameworks by providing expert feedback and identifying areas for improvement based on hands-on experience
Qualification
Required
5-8 years of direct experience in Detection Engineering, Security Operations, or a similar role with a heavy focus on content creation
Deep, hands-on expertise with the Microsoft security stack, including Microsoft Sentinel, Microsoft 365 Defender, and Logic Apps
High proficiency in Kusto Query Language (KQL), with proven experience writing complex, optimized queries for detection and hunting
Strong, demonstrated experience automating security workflows using SOAR platforms, APIs, or scripting languages (Python, PowerShell)
Proven ability to operate with a high degree of autonomy, managing competing priorities and complex projects with minimal supervision
In-depth knowledge of attacker TTPs, the MITRE ATT&CK framework, and modern blue team operations
Excellent analytical and problem-solving skills, with experience in deep log analysis and digital forensics
Strong collaboration and communication skills, with the ability to clearly explain complex technical concepts
Preferred
Experience in a large-scale Managed Detection and Response (MDR) environment
Familiarity with CI/CD pipelines and version control (Git) for managing 'detections-as-code.'
Advanced industry certifications such as GCIH, GDAT, GCFA, or OSCP
Company
BlueVoyant
BlueVoyant provides advanced threat intelligence, managed security services, and cybersecurity consulting to businesses and organizations.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$665.5MKey Investors
Liberty Strategic CapitalManhattan Venture Partners (MVP)Temasek Holdings
2023-11-29Series E· $140M
2023-04-24Secondary Market
2022-02-23Series D· $250M
Leadership Team
Tim Yost
Chief Financial Officer
Gad Goldstein
President of BlueVoyant, International and Chairman, Israel
Recent News
2025-10-23
2025-10-18
Company data provided by crunchbase