Security Content Engineer

About The Position

Requirements

• 5-8 years of direct experience in Detection Engineering, Security Operations, or a similar role with a heavy focus on content creation.
• Deep, hands-on expertise with the Microsoft security stack, including Microsoft Sentinel, Microsoft 365 Defender, and Logic Apps.
• High proficiency in Kusto Query Language (KQL), with proven experience writing complex, optimized queries for detection and hunting.
• Strong, demonstrated experience automating security workflows using SOAR platforms, APIs, or scripting languages (Python, PowerShell).
• Proven ability to operate with a high degree of autonomy, managing competing priorities and complex projects with minimal supervision.
• In-depth knowledge of attacker TTPs, the MITRE ATT&CK framework, and modern blue team operations.
• Excellent analytical and problem-solving skills, with experience in deep log analysis and digital forensics.
• Strong collaboration and communication skills, with the ability to clearly explain complex technical concepts.

Nice To Haves

• Experience in a large-scale Managed Detection and Response (MDR) environment.
• Familiarity with CI/CD pipelines and version control (Git) for managing "detections-as-code."
• Advanced industry certifications such as GCIH, GDAT, GCFA, or OSCP.

Responsibilities

• Own and Enhance Detection Content: Autonomously develop, test, and maintain high-fidelity detection logic in KQL for the Microsoft Sentinel environment. You will own a portfolio of content, ensuring its long-term effectiveness and performance.
• Conduct Advanced Tuning & Optimization: Perform independent and complex global tuning to improve SOC efficiency and outcomes. Proactively identify and resolve sources of alert fatigue and false positives across our customer base.
• Lead Threat-Informed Research: Independently research emerging threats, attack vectors, and high-risk vulnerabilities to design and develop proactive detection strategies, not just reactive rules.
• Develop Scalable Automation: Design and build automation content for key security workflows, including product onboarding and incident enrichment, with a focus on reusability and efficiency.
• Serve as a Technical Resource: Act as a knowledgeable point of contact for clients on complex tuning requests and provide clear guidance on detection logic. Collaborate with integration teams to define requirements for optimizing log ingestion.
• Improve Team Frameworks: Contribute to the evolution of security policies and automation frameworks by providing expert feedback and identifying areas for improvement based on hands-on experience.