1 to 25 of 33 Kusto Query Language Jobs in the UK

/SIEM platforms (e.g., Elastic, Sentinel, Splunk), including query languages used for investigations and detections such as: Kusto Query Language (KQL) ES|QL Kibana Query Language Strong understanding of attacker tactics, techniques, and procedures (TTPs), including detecting indicators of compromise (IOCs) and knowing ...

Skills * Strong knowledge of SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic) * Experience writing and tuning queries using: o Kusto Query Language (KQL) o ES|QL/Kibana Query Language o Splunk SPL * Understanding of event correlation, alerting, and detection use-case development ________________________________________ Technical Foundations * Strong … client's supplier list for this role. ________________________________________ Keywords SIEM Analyst, Security Monitoring Analyst, SOC Analyst, Cyber Security Analyst, Microsoft Sentinel, Splunk, Elastic SIEM, KQL, SPL, ES|QL, Threat Detection, Incident Response, EDR, IDS/IPS, MITRE ATT&CK, Cyber Defence ...

Validate indicators of compromise and assess potential business impact Conduct proactive threat hunting activities Query and analyse security data using Microsoft Sentinel and KQL Support vulnerability management and remediation activities Work closely with technical teams to coordinate containment and recovery actions Produce incident reports, documentation and recommendations Contribute … technologies Strong analytical and problem-solving skills Experience working within a security operations environment Excellent communication and documentation skills Desirable Skills Microsoft Sentinel experience KQL (Kusto Query Language) Microsoft Defender XDR technologies Threat Hunting experience Detection Engineering Security Automation Vulnerability Assessment platforms such as Qualys Knowledge ...

Validate indicators of compromise and assess potential business impact Conduct proactive threat hunting activities Query and analyse security data using Microsoft Sentinel and KQL Support vulnerability management and remediation activities Work closely with technical teams to coordinate containment and recovery actions Produce incident reports, documentation and recommendations Contribute … technologies Strong analytical and problem-solving skills Experience working within a security operations environment Excellent communication and documentation skills Desirable Skills Microsoft Sentinel experience KQL (Kusto Query Language) Microsoft Defender XDR technologies Threat Hunting experience Detection Engineering Security Automation Vulnerability Assessment platforms such as Qualys Knowledge ...

with SIEM technologies, log analysis, and threat detection Strong understanding of Microsoft security tooling including Microsoft Sentinel, Defender XDR and Entra ID Experience with KQL (Kusto Query Language) for investigations and threat detection Good understanding of MITRE ATT&CK framework Knowledge of network security, Firewalls, VPNs, endpoint ...

Assist with monthly SOC reporting and contribute insights into customer security posture Support client service reviews and communicate cyber risks in clear, business-friendly language Conduct security assessments, including vulnerability testing and risk analysis Ensure timely, high-quality incident resolution in line with SOC standards and SLAs … responding to cyber security incidents Hands-on experience with SIEM, EDR, and email security tooling Experience working in a Microsoft XDR SOC Strong KQL (Kusto Query Language) skills Experience mentoring and supporting analysts at different levels Excellent written and verbal communication skills Strong analytical thinking, judgement ...

documentation, runbooks, and operational procedures. Skills & Experience Experience engineering and supporting SIEM platforms, ideally Microsoft Sentinel. Strong scripting and automation skills (Python, PowerShell, Bash, KQL). Experience with SOAR technologies and security automation. Knowledge of detection engineering and threat hunting. Strong understanding of Windows and Linux logging. Good networking knowledge ...

with the ability to explain technical issues to varied audiences Demonstrated commitment to continuous learning Desirable Skills Experience with scripting or automation (e.g. PowerShell, KQL, Python) Exposure to threat hunting or threat intelligence practices Experience mentoring or supporting junior colleagues Familiarity with vulnerability management or digital forensics What’s Offered ...

vulnerability management • Sophos MDR or similar MDR/SIEM tooling • Windows/Linux hardening and secure configuration • Disaster Recovery and Business Continuity testing • PowerShell, KQL or Python desirable • Microsoft Defender, Sentinel or CIS exposure beneficial The successful candidate will work closely with Infrastructure, Service Desk and operational IT teams ...

implement sustainable fixes (automation over repeated manual intervention). Monitor and improve platform health using Azure observability tooling (e.g., Azure Monitor, Log Analytics/KQL, Application Insights, Science Logic), and improve alerting and diagnostics. Lead reliability and resilience improvements such as such as performance tuning, resource optimisation, cost optimization using ...

Kubernetes and containerised environments Confident with Infrastructure-as-Code (Bicep/Terraform) and policy-as-code approaches Proficiency in scripting and automation (PowerShell, Python, KQL) Good grounding in identity & access management, network security and modern attack vectors (OWASP Top 10, MITRE ATT&CK) Nice to have Certifications such ...

operations (coverage management, escalation handling, policy tuning). Familiarity with Microsoft Defender suite and/or Microsoft Sentinel. Scripting/automation skills (PowerShell, KQL, Python). Knowledge of ransomware recovery patterns (immutable backups, restore validation, offline documentation). Exposure to audit/compliance requirements (ISO 27001, NIST, CIS) and evidence ...

implement sustainable fixes (automation over repeated manual intervention). Monitor and improve platform health using Azure observability tooling (e.g., Azure Monitor, Log Analytics/KQL, Application Insights, Science Logic), and improve alerting and diagnostics. Plan and implement operational improvements such as performance tuning, resource optimisation and resilience enhancements, aligned ...

third-party security operations service. * Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. * Contribute to threat hunting activities using KQL queries and intelligence-led techniques. * Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). * Support DPIA processes through ...

logs, databases, messaging platforms, external integrations) rather than through a single tool Strong working knowledge of Microsoft Azure, including Portal fluency, Application Insights/KQL, Log Analytics, Azure Functions, Storage and Key Vault Practical experience of event-driven messaging platforms (Azure Service Bus or equivalent) producer/consumer patterns, dead ...

escalation point for insider risk matters, providing technical advice, case support and judgement across complex or sensitive activity. The role will use threat hunting, KQL and detection engineering to identify indicators of misuse, compromise, inappropriate access or unusual activity requiring review. The post holder will analyse Microsoft Defender for Endpoint ...

runbooks. We’re looking for 3+ years in a SOC or MSSP, hands-on with SIEM, EDR, and Microsoft 365/Entra ID security. KQL or PowerShell scripting, phishing and malware triage experience, and clear written communication are essential. Security+, SC-200, BTL1 or similar certs beneficial. ...

reduce noise. Good understanding of data pipeline engineering, log enrichment, data quality and large-scale ingestion architectures. Strong knowledge of SPL; experience with KQL and EQL would be beneficial, but is not essential. Experience with automation and Infrastructure-as-Code within security monitoring or SIEM environments. Solid understanding of SIEM ...

function, this role identifies opportunities to streamline processes, accelerate incident response, and reduce operational overhead through intelligent automation, leveraging Artificial Intelligence (AI) and Large Language Models (LLMs). In addition to building scalable automation workflows, this individual will contribute to the broader Security Engineering team, including supporting Detection Engineering … such as Azure Logic Apps, SOAR tools (e.g., Microsoft Sentinel, Splunk SOAR, Cortex XSOAR). Experience building and tuning detections using SIEM platforms (e.g., KQL, SPL) and working with security telemetry across endpoint, identity, network, and cloud. Experience designing SOAR workflows for automated security response and incident triage. Proven experience ...

detection and response capability What we’re looking for Strong hands-on experience with Microsoft Sentinel Experience across Defender suite (Endpoint, Identity etc) Solid KQL skills (detection engineering) Background in SIEM engineering/SecOps platforms Experience integrating systems and handling large-scale log ingestion Scripting (PowerShell/Python) for automation ...

governance principles Understanding of identity and access control (e.g. Entra ID, RBAC) Experience across structured and unstructured data Scripting/automation skills (PowerShell, Python, KQL) Qualifications Relevant technical qualifications or equivalent experience. Microsoft certifications (e.g. SC-400, AZ-500, DP-203, AZ-305) Experience with Azure data services (e.g. Data ...

governance principles Understanding of identity and access control (e.g. Entra ID, RBAC) Experience across structured and unstructured data Scripting/automation skills (PowerShell, Python, KQL) Qualifications Relevant technical qualifications or equivalent experience. Microsoft certifications (e.g. SC-400, AZ-500, DP-203, AZ-305) Experience with Azure data services (e.g. Data ...

Analytics, Defender for Cloud) Excellent understanding of cloud performance, IaaS/PaaS, networking fundamentals, API performance and capacity modelling Skilled in dashboards, log queries (KQL), custom metrics and performance analysis Ability to diagnose complex issues across infrastructure, networks, applications or databases Confident scripting and automation skills (PowerShell, Azure Automation, Graph ...

Analytics, Defender for Cloud) Excellent understanding of cloud performance, IaaS/PaaS, networking fundamentals, API performance and capacity modelling Skilled in dashboards, log queries (KQL), custom metrics and performance analysis Ability to diagnose complex issues across infrastructure, networks, applications or databases Confident scripting and automation skills (PowerShell, Azure Automation, Graph ...

Analytics, Defender for Cloud) Excellent understanding of cloud performance, IaaS/PaaS, networking fundamentals, API performance and capacity modelling Skilled in dashboards, log queries (KQL), custom metrics and performance analysis Ability to diagnose complex issues across infrastructure, networks, applications or databases Confident scripting and automation skills (PowerShell, Azure Automation, Graph ...