Cyber Security Content Engineer, Blue Team

TryHackMe is the fastest-growing online cyber security training platform. Our mission is to make learning and teaching cyber security easier by providing gamified security exercises and challenges. Having only been around for handful of years, we've grown to more than 4 million community members and our growth isn't slowing down! ????

The Role

We’re looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development.

Technical Skills & Experience

To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator.

You should also demonstrate:

• Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics.
• A deep understanding of networking, computing, and operating systems as they relate to security practices.
• Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis).
• Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content.
• Strong verbal and written English communication skills, essential for conveying complex technical concepts.

Job Responsibilities

• Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis).
• Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities.
• Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs.
• Provide guidance and support to other Content Engineering Team members in areas of expertise.
• Take charge of planning and designing portions of the content development roadmap.
• Collaborate with the Head of Content Engineering to continuously improve the content development process.
• Analyze industry trends in tooling and techniques and recreate them as teachable content.
• Strategically plan, review, and schedule content with our blue team content engineering team.

Preferred Skills (nice-to-have):

• Creating challenges for capture the flags (CTFs)
• Programming experience in any of the following: Python, PHP, Bash, Powershell
• Experience leading/ coaching/ mentoring others
• Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2

Benefits & Perks:

100% Remote -In a fully digital world, work from anywhere you want!

Flexi Time -Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm)

Tools -a dedicated work laptop + any accessories you need to do your best work.

Swag Pack -start your TryHackMe journey with a branded swag bundle!

Personal Development -£2,500 training budget to acquire certifications, and more.

️ Company Retreat -an annual company retreat, fully paid for by us!

Lunch on us- whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches.

Health Insurance -if you're in a country that doesn't have public health care.

Enhanced Maternity & Paternity- an enhanced package on top of statutory requirements.

401k / Pension -TryHackMe makes it easy to save money for your retirement.

Our Hiring Process

• Stage 1: Short introduction call (30 mins)
• Stage 2: Technical Take Home Exercise
• Stage 3: Interview with our Head of Content Engineering (one hour)
• Stage 4: Final call with a Co-Founder (30 mins)

At this time, we are unable to provide sponsorship.