Azure Security Content Engineer

CyberJab is building a hands-on cybersecurity training platform with realistic Azure-based cyber range labs. We’re looking for a Content Engineer who can help design and build blue team / purple team labs that feel like real SOC work—log investigation, threat hunting, detection engineering, and i ---------- response.

This is a part-time role to start (1–3 months). If we work well together, this can extend longer-term and potentially grow into a full-time role.

You will not be doing everything from scratch or solo. You will be working with the owner who is the principal security engineer for the company.

What you’ll do

You will help us create training labs from idea ? working environment ? tested lesson:
• Design cyber range labs (scenarios, objectives, expected outputs, and “student success criteria”)
• Build Azure lab environments using repeatable setups (Terraform/ARM/Bicep or documented console steps)
• Create or improve VM images and lab assets (scripts, log generators, vulnerable apps where appropriate)
• Produce clear, structured documentation: lab guides, walkthroughs, troubleshooting, and reset instructions
• QA and iteration: run your labs end-to-end, fix issues, and adjust based on feedback

Example lab topics (what we’re building)
• Azure Activity + resource logs: “What happened?” investigations
• Microsoft Sentinel basics: KQL hunting + analytic rules + alerts
• I ---------- response workflows: triage ? scope ? containment ? post-i ---------- notes
• Purple team validation: simulate attacker behavior and confirm detections fire
• Detection-as-code basics (nice to have): version control of detections and lab configs

Required skills (must have)
• Solid experience with Azure (networking basics, VMs, IAM/RBAC, resource groups, logging)
• Strong security fundamentals (IR, SOC operations, threat hunting mindset)
• Ability to write step-by-step technical documentation that beginners can follow
• Comfortable with scripting for automation/log generation (PowerShell or Bash)

Nice-to-haves (not required, but a plus)
• Microsoft Sentinel (KQL, analytic rules, workbooks)
• Infrastructure-as-code: Terraform (preferred), ARM/Bicep acceptable
• Familiarity with Windows Event Logs / Sysmon, Linux audit logs
• Experience building labs for platforms like TryHackMe / LetsDefend (or similar)

Work style / expectations
• Part-time: 10–20 hours/week (flexible)
• Mostly async, but must overlap at least 2 hours/week with Pacific Time for review/check-ins
• You’ll work from a task board with clearly defined deliverables
• The work must be repeatable and documented—we’re building a product, not one-off demos

Deliverables (what success looks like)

By the end of the first month, you should deliver:
• 3–6 complete labs, each with:
• Lab plan (objectives, prerequisites, success criteria)
• Azure build steps or IaC
• Student guide + troubleshooting
• QA checklist and known issues
• Optional: scripts/assets for repeatable log generation and scenario validation

Screening questions (include in your application)
1. Share 1–2 examples of content you’ve written (lab guide, runbook, docs, etc.).
2. What Azure services have you used hands-on? (List them.)
3. Have you worked with Microsoft Sentinel and KQL? If yes, describe what you built.
4. What’s your preferred IaC tool (Terraform/ARM/Bicep) and why?
5. Describe a lab scenario you would build for blue team students (short outline).