15 of 15 Kusto Query Language Jobs in the North West

XDR to conduct in-depth incident response. - Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats. Threat Hunting & Detection Engineering - Perform proactive threat hunting using KQL within Microsoft Sentinel. - Develop and fine-tune custom analytics rules, workbooks, and hunting queries. - Apply the MITRE ATT&CK framework to build coverage and improve threat visibility. Security Engineering & Platform More ❯

methodologies. Ability to work autonomously while collaborating across security, engineering, and business teams. Strong use of Splunk Programming Language. Strong scripting/query language skills (e.g., Python, KQL, SQL, PowerShell). Hands-on experience using Jupyter Notebooks for data exploration, automation, and visualization in a security context. Knowledge of cloud products and log events such as Azure, Amazon More ❯

to ensure a secure environment. To be successful as a Security Engineer, you should have the following skills/experience: SIEM experience - Azure Sentinel or Splunk (proficiency in writing KQL and SPL; log sources, ingestion patterns, and correlation rules). DevOps knowledge (Git/BitBucket/GitLab). Security Fundamentals (threat detection, incident response, threat intelligence; knowledge of the MITRE More ❯

SOC performance reports and threat intelligence summaries Required Skills & Experience: 5+ years in cybersecurity, with 2+ years at SOC Level 3 or senior analyst level Expertise in Microsoft Sentinel (KQL, custom rules, automation, dashboards) Strong hands-on experience with Microsoft Defender for Endpoint, , and Office 365 Proficient in handling incidents aligned with MITRE ATT&CK framework Solid understanding of Windows More ❯

SOC performance reports and threat intelligence summaries Required Skills & Experience: 5+ years in cybersecurity, with 2+ years at SOC Level 3 or senior analyst level Expertise in Microsoft Sentinel (KQL, custom rules, automation, dashboards) Strong hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365 Proficient in handling incidents aligned with MITRE ATT&CK framework Solid understanding of More ❯

SOC performance reports and threat intelligence summaries Required Skills & Experience: 5+ years in cybersecurity, with 2+ years at SOC Level 3 or senior analyst level Expertise in Microsoft Sentinel (KQL, custom rules, automation, dashboards) Strong hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365 Proficient in handling incidents aligned with MITRE ATT&CK framework Solid understanding of More ❯

SOC performance reports and threat intelligence summaries Required Skills & Experience: 5+ years in cybersecurity, with 2+ years at SOC Level 3 or senior analyst level Expertise in Microsoft Sentinel (KQL, custom rules, automation, dashboards) Strong hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365 Proficient in handling incidents aligned with MITRE ATT&CK framework Solid understanding of More ❯

log source onboarding and cost analysis Can demonstrate strong experience and track record in MS Purview information protection & Data Loss Prevention (DLP) Experienced in Azure Resource Manager template, Git, KQL, PowerShell Can work with control frameworks such as NIST 800-53, SANS Top 20 CSC, ISO 27001, Risk Assessment (ISO27005), Privacy and other frameworks as requested by clients. Able to More ❯

have: Over 5 years of experience in cybersecurity, including a minimum of 2 years in a Level 3 SOC or equivalent role. Expert-level proficiency with Microsoft Sentinel, including KQL, custom analytic rules, and automation. Hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365. Strong knowledge of the MITRE ATT&CK framework, threat intelligence, and adversary TTPs. More ❯

We are hunting for an experienced SOC Analyst that’s spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

log source onboarding and cost analysis Can demonstrate strong experience and track record in MS Purview information protection & Data Loss Prevention (DLP) Experienced in Azure Resource Manager template, Git, KQL, PowerShell Can work with control frameworks such as NIST 800-53, SANS Top 20 CSC, ISO 27001, Risk Assessment (ISO27005), Privacy and other frameworks as requested by clients. Able to More ❯

hire. Key Skills required: 2+ years’ experience working in a SOC environment – ideally MSSP. Experience in a technical security role is also considered. Experience with SIEM tools e.g. Sentinel, KQL, ELK, QRadar, AlienVault, or similar. A cyber security qualification, certification, or degree e.g. CySA+, CompTIA SEC+, or similar experience. Microsoft SC-200 Certs are desirable. Assess risks and threats for More ❯

and Service Extend Support Machines Additional Knowledge Management Tools - Microsoft SCCM, Windows Admin Center, SCOM Monitoring - SCOM, WAC, Windows Network, Azure Log analytical Workspace, Sentinel Workspace, Event Logs and Kusto Queries Skills Ability to work under own initiative Ability to follow written and verbal instructions Ability to work to strict deadlines Ability to provide training to other team members More ❯

and Service Extend Support Machines Additional Knowledge Management Tools – Microsoft SCCM, Windows Admin Center, SCOM Monitoring – SCOM, WAC, Windows Network, Azure Log analytical Workspace, Sentinel Workspace, Event Logs and Kusto Queries Skills Ability to work under own initiative Ability to follow written and verbal instructions Ability to work to strict deadlines Ability to provide training to other team members More ❯

Continuously monitoring network traffic, security alerts, and system logs for signs of suspicious activity or security breaches. Requirements Proven experience with Microsoft Sentinel, Defender for Endpoint, Defender for Identity KQL experience In depth understanding of PCAP analysis using Wireshark or equivalent. OT operations/security (optional, but a bonus) #J-18808-Ljbffr More ❯