19 of 19 Kusto Query Language Jobs in the UK

Microsoft Sentinel Engineer, you will design, implement, and optimise Sentinel solutions across enterprise environments. You will connect multiple data sources, write complex KQL queries, build automation playbooks, and work closely with clients to strengthen their security operations and response capabilities. This is a technically advanced role that combines engineering depth … Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and visualise raw security data. Integrate third-party tools (firewalls, IAM, telemetry) into Sentinel. Use MITRE ATT&CK to anticipate and counter ...

threat categories. Analyze logs generated by applications using Azure Log Analytics and Azure Sentinel to identify anomalies and potential threats. Design, build, and maintain KQL queries to extract and correlate security-relevant data from logs. Implement automated alerting and reporting workflows through Azure Logic Apps integrated with Azure Sentinel. Collaborate … configuration, customization, and automation. In-depth knowledge of Azure Log Analytics , log ingestion, and data analysis. Proficiency in Kusto Query Language (KQL) for creating efficient, scalable queries. Experience with Azure Logic Apps to orchestrate automated response and reporting workflows. Solid understanding of application security principles, common threat ...

customers. Required Skills Basic understanding of cybersecurity principles and threat landscapes Experience working with Microsoft Security tools (Sentinel, Defender XDR, Entra ID) Basics in KQL (Kusto query language) Strong analytical and problem-solving skills Excellent verbal and written communication skills Preferred Qualifications About 12 months of experience ...

threat categories Analyse logs generated by applications using Azure Log Analytics and Azure Sentinel to identify anomalies and potential threats Design, build and maintain KQL queries Implement automated alerting and reporting workflows through Azure Logic Apps with Azure Sentinel Collaborate with the Information Security team to ensure actionable insights … Strong expertise in Azure Sentinel, including configuration, customisation and automation Azure Log Analytics, log ingestion and data analysis Kusto Query Language (KQL) Azure Logic Apps Understanding of application security principles, common threat categories and attack vectors. Excellent communication skills to document findings and present complex technical information ...

including Azure AD, and Azure ecosystem. Working knowledge of medallion architecture and how it fits within a data platform. Working knowledge of Log Analytics, KQL and how it fits within monitoring solutions. Essential Knowledge, Skills & Experience Experience/Knowledge Integrations development involving Azure Integrations, SQL Server/Azure SQL, APIs ...

technologies such as Defender or Azure security tools Strong analytical thinking and willingness to learn Nice to Have Experience writing queries for investigations (e.g. KQL) Microsoft security certifications (SC-200, SC-900, AZ-500) Exposure to incident response or threat detection activities Location This role requires 2 days per week ...

with Terraform as the primary tool and Bicep as an Azure-native IaC language. Ideally, you will have the ability to write and use KQL for dashboards, alerts, investigations, and insights in Log Analytics, Azure Monitor, and Application Insights. Experience administering and optimizing Windows Server workloads on Azure Virtual Machines ...

DESIRABLE Databases – SQL Server, MySQL, PostgreSQL, MariaDB, ADLS, CosmoDB - DESIRABLE Monitoring – SCOM, WAC, Windows Network, Azure Log analytical Workspace, Sentinel Workspace, Event Logs and Kusto Queries - DESIRABLE CORE COMPETENCIES & SKILLS Ability to work under own initiative Ability to follow written and verbal instructions Ability to work to strict deadlines ...

environments Strong working knowledge of SIEM, EDR, and email security platforms Practical experience with Microsoft XDR technologies Ability to create and tune detections using KQL Track record of supporting or mentoring other analysts SC-200, CySA+, or comparable certifications (desirable) Clear communicator in both technical and business contexts Analytical, methodical ...

desirable) Platforms & Infrastructure: Active Directory/Entra hybrid identity Windows Server and Linux Networking, VPNs, firewalls, endpoint management Tooling & Automation: KQL PowerShell API integrations Automation tooling Key Responsibilities Technical Delivery Lead technical discussions with customers, guiding architecture, design decisions, and best practice implementations. Own the end-to-end delivery … Design and implement detections, automation workflows, and runbooks. Conduct technical assessments across identity, endpoint, cloud posture, logging, and security operations. Develop, optimise, and tune KQL queries for detection engineering and threat hunting. Review and enhance security configurations across cloud and SIEM/SOAR platforms. Manage engagements through architecture, deployment, tuning ...

Security Engineer - SIEM, KQL- sought by investment bank based in London. *Inside IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost … further details - Alex Reeder Harvey Nash 3+ years in a Security Engineer, SOC Analyst, or similar role Hands-on experience with Microsoft Sentinel and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ...

Defender XDR • Deep understanding of Azure security architecture and ingestion strategy • Proven experience configuring connectors and tuning detection rules • Experience with SOAR platforms • Strong KQL capability • Ability to manage competing priorities in fast-paced environments • Experience managing ingestion costs or cloud service optimisation • Confident customer communication Desirable • Integration experience (Mimecast ...

Data Factory (pipelines, orchestration) o Data Engineering (Lakehouse, notebooks, Apache Spark) o Data Warehouse (SQL endpoints, schemas, MPP performance tuning) o Real-Time Analytics (KQL databases, event ingestion) o Manage and enhance OneLake architecture, delta lake tables, security policies, and data governance within Fabric. o Build scalable, reusable data assets ...

engineering role Strong familiarity with security monitoring platforms such as SIEM, SOAR, and threat intelligence tooling Experience writing or tuning detection logic, ideally using KQL or similar query languages Practical exposure to threat hunting and analysing security alerts or incidents Experience building integrations or automation across security tooling Experience ...

deep technical analysis Clear stakeholder communication Security Analyst (Contract) Focus: Detection, Response & Optimisation Key Responsibilities Advanced Microsoft Defender analysis & optimisation Write, tune, and troubleshoot KQL queries Investigate alerts and support incident response workflows Liaise with SOC & technical teams Analyse ITSM backlog/ticket trends Recommend improvements to Conditional Access … policies Required Experience Strong Microsoft Defender expertise Advanced KQL capability (hands-on) SOC/incident investigation background Analytical mindset with operational focus Strong communication & user engagement skills Security Engineer & Analyst Contracts - London RSG Plc is acting as an Employment Business in relation to this vacancy. ...

flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard Endpoint and desktop security: EDR deployment … flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard Endpoint and desktop security: EDR deployment ...

tools (Sentinel or Elastic) EDR deployment and management (Tanium, Trellix, Defender, or similar) Log ingestion creation (OOTB and custom integrations) Familiarity with scripting languages (KQL, Python, or PowerShell) TO BE CONSIDERED: Please either apply through this advert or email me directly via . For further information, please call … subject to required skills) your application to our client in conjunction with this vacancy only. KEY SKILLS SIEM Engineer, Sentinel, Elastic, EDR, Syslog, Linux, KQL, PowerShell, SC Cleared ...

Technical Architect - Microsoft Fabric Chester - Hybrid working 2 x per week Salary: Up to £90,000 per annum A leading client in Chester seeks a Technical Architect to design and deliver data and AI solutions ...

Splunk Enterprise Security Strong background in detection engineering and SIEM operations Experience designing and managing large scale data ingestion pipelines Advanced knowledge of SPL, KQL or EQL for detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques … your application to our client in conjunction with this vacancy only. KEY SKILLS Elastic Security, Splunk Enterprise Security, SIEM, Detection Engineering, Elastic Stack, SPL, KQL, EQL, MITRE ATT and CK, Security Monitoring, Log Ingestion, Terraform, Ansible, SOC Engineering, NSD. ...