5 of 5 Kusto Query Language Jobs in Central London

flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns - SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard - Endpoint and desktop security: EDR deployment ...

potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through … data subject rights Experience analysing logs, alerts, or data from security tools. Strong documentation, investigation, and analytical skills. Desirable Hands‐on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. ...

maintain and tune the detection catalogue Build automated reporting dashboards using Microsoft Sentinel workbooks Support security initiatives including ISO 27001 activities and KQL-based tasks Ensure monitoring coverage across cloud platforms, SaaS apps, and internal systems Contribute to documentation of processes, tools, and detection logic What You’ll Bring Must … Have Skills & Experience: Previously worked as a Threat Detection Engineer or in a similar role. Strong proficiency in KQL and hands-on experience with Microsoft Sentinel Familiarity with Microsoft Defender tools (Endpoint & O365) Exposure to Azure cloud logging and Kubernetes environments Knowledge of attacker TTPs and MITRE ATT&CK frameworks ...

commercial experience in SOC content engineering, detection engineering, or SIEM administration Strong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design ...

engineering, detection engineering, or SIEM administration Strong commercial experience with Splunk Strong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design ...