BlueVoyant
Senior Security Content Engineer (Automations)
BlueVoyant, Myrtle Point, Oregon, United States, 97458
Location & Eligibility
Location:
US Based Remote
Citizenship / Authorization:
Must be authorized to work in the US (US Citizenship Preferred)
Job Overview BlueVoyant is seeking a Security Consultant, Content Engineering to join our fast‑paced team focused on building automated security analysis solutions. This fully remote role involves developing detection logic, automation, and visualizations to help clients derive actionable security insights at an expert level. You’ll work closely with internal teams and customers to enhance security operations through innovative content engineering.
Key Responsibilities
Enrich security signals to improve SOC efficiency and outcomes
Research threat actors and attack vectors to develop detection content for emerging threats, leading research initiatives to improve our detection posture
Design and build automation content for onboarding new products
Design and build complex detection analytic rules, improving our global detection capabilities
Assist clients in testing and tuning detection logic to reduce false positives and alert fatigue
Perform expert level global tuning for complex alerts
Identify and promote reusable content (rules, automations, dashboards) across clients
Lead integration initiatives to optimize log ingestion and reduce noise
Deliver research‑driven content such as queries, signatures, rules, and knowledge base articles; mentor developing team members
Develop supplemental detection coverage for high‑risk vulnerabilities and exploits
Develop security policies, procedures, and automation frameworks
Communicate regularly with client IT teams to provide guidance and ensure operational readiness
Support the development of incident response processes and documentation
Advance security standard operating procedures and incident response reporting
Qualifications
Strong collaboration and interpersonal skills, especially in distributed team environments
Excellent written and verbal communication skills; ability to explain complex topics clearly
Expert experience in writing detection signatures or algorithms
Expert level proficiency in analyzing event logs and identifying indicators of compromise
Hands‑on experience with Microsoft Azure, Sentinel, Defender, and related tools
Deep experience with Sentinel Incidents, Workbooks, Hunting Queries, Notebooks
Kusto Query Language (KQL) or similar
Complex JSON structures
Development tools (Git, IDEs, CI/CD pipelines)
Expert scripting skills (Python, Ruby, etc.)
Experience in digital forensics and blue team operations
Expert understanding of network protocols and infrastructure
Ability to gather client requirements and translate them into technical solutions
Deep knowledge of SIEM/SOAR platforms, API integrations, Endpoint Detection and Response (EDR), Log analysis and malware detection, Network monitoring tools, Case management systems, Atlassian Suite (Jira, Confluence), Email security, DLP, encryption, and vulnerability management
Preferred Qualifications
Background in intrusion analysis, detection engineering, or penetration testing
12+ years of experience in IT or cybersecurity, with a focus on SIEM and detection content
Relevant certifications such as Microsoft 365 Certified: Security Administrator Associate, GCFA, GCFE, or OSCP
Education
Bachelor's degree in a related field or equivalent professional experience and certifications. A master's degree in cybersecurity, computer science, information assurance, or a similar technical field is preferred.
About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, work as a force multiplier to secure your full ecosystem.
BlueVoyant was founded in 2017 by Fortune 500 executives, including Executive Chairman Tom Glocer, and former government cyber officials. We are headquartered in New York City with offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.
BlueVoyant is a collaborative, team‑based environment and places a high priority on providing an inclusive, respectful workplace. All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non‑discrimination in employment in every location in which the company has facilities.
Disclaimer: Pursuant to contractual requirements and applicable law, U.S. citizenship is required for employees who must perform work on certain federal contracts. This may be contingent on verification of citizenship status and may be subject to background checks and fingerprinting.
#J-18808-Ljbffr
US Based Remote
Citizenship / Authorization:
Must be authorized to work in the US (US Citizenship Preferred)
Job Overview BlueVoyant is seeking a Security Consultant, Content Engineering to join our fast‑paced team focused on building automated security analysis solutions. This fully remote role involves developing detection logic, automation, and visualizations to help clients derive actionable security insights at an expert level. You’ll work closely with internal teams and customers to enhance security operations through innovative content engineering.
Key Responsibilities
Enrich security signals to improve SOC efficiency and outcomes
Research threat actors and attack vectors to develop detection content for emerging threats, leading research initiatives to improve our detection posture
Design and build automation content for onboarding new products
Design and build complex detection analytic rules, improving our global detection capabilities
Assist clients in testing and tuning detection logic to reduce false positives and alert fatigue
Perform expert level global tuning for complex alerts
Identify and promote reusable content (rules, automations, dashboards) across clients
Lead integration initiatives to optimize log ingestion and reduce noise
Deliver research‑driven content such as queries, signatures, rules, and knowledge base articles; mentor developing team members
Develop supplemental detection coverage for high‑risk vulnerabilities and exploits
Develop security policies, procedures, and automation frameworks
Communicate regularly with client IT teams to provide guidance and ensure operational readiness
Support the development of incident response processes and documentation
Advance security standard operating procedures and incident response reporting
Qualifications
Strong collaboration and interpersonal skills, especially in distributed team environments
Excellent written and verbal communication skills; ability to explain complex topics clearly
Expert experience in writing detection signatures or algorithms
Expert level proficiency in analyzing event logs and identifying indicators of compromise
Hands‑on experience with Microsoft Azure, Sentinel, Defender, and related tools
Deep experience with Sentinel Incidents, Workbooks, Hunting Queries, Notebooks
Kusto Query Language (KQL) or similar
Complex JSON structures
Development tools (Git, IDEs, CI/CD pipelines)
Expert scripting skills (Python, Ruby, etc.)
Experience in digital forensics and blue team operations
Expert understanding of network protocols and infrastructure
Ability to gather client requirements and translate them into technical solutions
Deep knowledge of SIEM/SOAR platforms, API integrations, Endpoint Detection and Response (EDR), Log analysis and malware detection, Network monitoring tools, Case management systems, Atlassian Suite (Jira, Confluence), Email security, DLP, encryption, and vulnerability management
Preferred Qualifications
Background in intrusion analysis, detection engineering, or penetration testing
12+ years of experience in IT or cybersecurity, with a focus on SIEM and detection content
Relevant certifications such as Microsoft 365 Certified: Security Administrator Associate, GCFA, GCFE, or OSCP
Education
Bachelor's degree in a related field or equivalent professional experience and certifications. A master's degree in cybersecurity, computer science, information assurance, or a similar technical field is preferred.
About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, work as a force multiplier to secure your full ecosystem.
BlueVoyant was founded in 2017 by Fortune 500 executives, including Executive Chairman Tom Glocer, and former government cyber officials. We are headquartered in New York City with offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.
BlueVoyant is a collaborative, team‑based environment and places a high priority on providing an inclusive, respectful workplace. All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non‑discrimination in employment in every location in which the company has facilities.
Disclaimer: Pursuant to contractual requirements and applicable law, U.S. citizenship is required for employees who must perform work on certain federal contracts. This may be contingent on verification of citizenship status and may be subject to background checks and fingerprinting.
#J-18808-Ljbffr