Senior Cyber Security Content Engineer (IR/Tabletops)

TryHackMe is the fastest-growing online cyber security training platform. Our mission is to make learning and teaching cyber security easier by providing gamified security exercises and challenges. Having only been around for handful of years, we've grown to more than 4 million community members and our growth isn't slowing down! 🥷

The Role

We’re looking for a Senior Content Engineer to lead strategy, design and execution of a new content stream within TryHackMe, focused on technical tabletop exercises for SOCs, Security Analysts and anyone interested in Defensive Security. The ideal candidate has extensive experience in blue team cyber security roles, with experience in security engineering and security architecture, has participated in or led tabletop exercises before, and has an interest in AI/ML.

Technical Skills & Experience

To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. Experience in roles like Security Engineer, Security Architect, Security Operations Technical Lead / Manager also preferred

You should also demonstrate:

• Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics.
• A deep understanding of networking, computing, and operating systems as they relate to security practices.
• Experience in designing and running tabletop exercises, from selecting use cases and scenarios to measuring success and outcomes.
• Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE Defend, NIST 800-53, NIST CSF, etc.)
• Experience in setting up new products, services or streams from the ground up - taking initiatives from absolute 0 to day-to-day operations
• Strong verbal and written English communication skills, essential for conveying complex technical concepts.

Job Responsibilities

• Research, design, and develop defensive cybersecurity tabletop exercises
• Collaborate with the Product and Software Engineering teams to design the infrastructure and flow of the support product architecture
• Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities.
• Act as a mentor and leader for other members of the content engineering team assigned to the project
• Develop and configure virtual machines and sample datasets for realistic cybersecurity labs.
• Collaborate with the Content Engineering Leadership to continuously improve the content development process.
• Analyze industry trends in tooling and techniques and recreate them as teachable content.

Preferred Skills (nice-to-have):

• Programming experience in any of the following: Python, PHP, Bash, Powershell
• AI/ML experience for automatic grading and reporting
• Experience leading/ coaching/ mentoring others
• Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2, CISSP

Benefits & Perks:

🚣 100% Remote - In a fully digital world, work from anywhere you want!

🕒 Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm)

💻 Tools - a dedicated work laptop + any accessories you need to do your best work.

👕 Swag Pack - start your TryHackMe journey with a branded swag bundle!

💪 Personal Development - £2,500 training budget to acquire certifications, and more.

⛱️ Company Retreat - an annual company retreat, fully paid for by us!

🧡 Health Insurance - if you're in a country that doesn't have public health care.

🍼 Enhanced Maternity & Paternity- an enhanced package on top of statutory requirements.

💸 401k / Pension - TryHackMe makes it easy to save money for your retirement.

Our Hiring Process

• Stage 1: Short introduction call (30 mins)
• Stage 2: Technical Take Home Exercise
• Stage 3: Interview with our Head of Content Engineering (one hour)
• Stage 4: Final call with a Co-Founder (30 mins)

At this time, we are unable to provide sponsorship.