18 of 18 Permanent Kusto Query Language Jobs in the UK

Microsoft Sentinel Engineer, you will design, implement, and optimise Sentinel solutions across enterprise environments. You will connect multiple data sources, write complex KQL queries, build automation playbooks, and work closely with clients to strengthen their security operations and response capabilities. This is a technically advanced role that combines engineering depth … Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and visualise raw security data. Integrate third-party tools (firewalls, IAM, telemetry) into Sentinel. Use MITRE ATT&CK to anticipate and counter ...

customers. Required Skills Basic understanding of cybersecurity principles and threat landscapes Experience working with Microsoft Security tools (Sentinel, Defender XDR, Entra ID) Basics in KQL (Kusto query language) Strong analytical and problem-solving skills Excellent verbal and written communication skills Preferred Qualifications About 12 months of experience ...

cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as a Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. ...

cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as a Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. ...

technologies such as Defender or Azure security tools Strong analytical thinking and willingness to learn Nice to Have Experience writing queries for investigations (e.g. KQL) Microsoft security certifications (SC-200, SC-900, AZ-500) Exposure to incident response or threat detection activities Location This role requires 2 days per week ...

with Terraform as the primary tool and Bicep as an Azure-native IaC language. Ideally, you will have the ability to write and use KQL for dashboards, alerts, investigations, and insights in Log Analytics, Azure Monitor, and Application Insights. Experience administering and optimizing Windows Server workloads on Azure Virtual Machines ...

DESIRABLE Databases – SQL Server, MySQL, PostgreSQL, MariaDB, ADLS, CosmoDB - DESIRABLE Monitoring – SCOM, WAC, Windows Network, Azure Log analytical Workspace, Sentinel Workspace, Event Logs and Kusto Queries - DESIRABLE CORE COMPETENCIES & SKILLS Ability to work under own initiative Ability to follow written and verbal instructions Ability to work to strict deadlines ...

environments Strong working knowledge of SIEM, EDR, and email security platforms Practical experience with Microsoft XDR technologies Ability to create and tune detections using KQL Track record of supporting or mentoring other analysts SC-200, CySA+, or comparable certifications (desirable) Clear communicator in both technical and business contexts Analytical, methodical ...

experience in a live SaaS/software environment Strong troubleshooting and root cause analysis skills Experience with Application Insights, Azure Monitor, Log Analytics and KQL SQL skills for investigation and remediation PowerShell and/or C# scripting Experience supporting .NET/C# applications is highly beneficial Strong communication skills ...

deploy Microsoft Purview (DLP, classification, compliance) Implement the Defender suite (Endpoint, Identity, Cloud Apps, Office 365) Build and tune Sentinel SIEM: analytics rules, playbooks, KQL, automation Design Zero Trust controls via Entra ID: Conditional Access, PIM, RBAC Lead client-facing workshops and contribute to presales and security strategy Create LLDs ...

desirable) Platforms & Infrastructure: Active Directory/Entra hybrid identity Windows Server and Linux Networking, VPNs, firewalls, endpoint management Tooling & Automation: KQL PowerShell API integrations Automation tooling Key Responsibilities Technical Delivery Lead technical discussions with customers, guiding architecture, design decisions, and best practice implementations. Own the end-to-end delivery … Design and implement detections, automation workflows, and runbooks. Conduct technical assessments across identity, endpoint, cloud posture, logging, and security operations. Develop, optimise, and tune KQL queries for detection engineering and threat hunting. Review and enhance security configurations across cloud and SIEM/SOAR platforms. Manage engagements through architecture, deployment, tuning ...

Defender XDR • Deep understanding of Azure security architecture and ingestion strategy • Proven experience configuring connectors and tuning detection rules • Experience with SOAR platforms • Strong KQL capability • Ability to manage competing priorities in fast-paced environments • Experience managing ingestion costs or cloud service optimisation • Confident customer communication Desirable • Integration experience (Mimecast ...

runtime protection Detection, Monitoring & Incident Response Perform incident response activities including triage, containment, eradication, and recovery Develop and optimise security detections (e.g. Sentinel, KQL, YARA) Manage logging, ingestion pipelines, and monitoring infrastructure Conduct threat hunting and analysis to identify emerging risks Lead or support incident investigations, including post-incident reviews … solutions and MDM/EMM tools Experience securing containerised environments (e.g. Kubernetes) and CI/CD pipelines Scripting and automation experience (e.g. PowerShell, Python, KQL, Bicep) Strong networking and infrastructure security knowledge (protocols, firewalls, IDS/IPS, WAFs, hardening) Familiarity with incident response frameworks (e.g. NIST, SANS) Experience with cloud ...

engineering role Strong familiarity with security monitoring platforms such as SIEM, SOAR, and threat intelligence tooling Experience writing or tuning detection logic, ideally using KQL or similar query languages Practical exposure to threat hunting and analysing security alerts or incidents Experience building integrations or automation across security tooling Experience ...

flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard Endpoint and desktop security: EDR deployment … flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard Endpoint and desktop security: EDR deployment ...

Technical Architect - Microsoft Fabric Chester - Hybrid working 2 x per week Salary: Up to £90,000 per annum A leading client in Chester seeks a Technical Architect to design and deliver data and AI solutions ...

Splunk Enterprise Security Strong background in detection engineering and SIEM operations Experience designing and managing large scale data ingestion pipelines Advanced knowledge of SPL, KQL or EQL for detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques … your application to our client in conjunction with this vacancy only. KEY SKILLS Elastic Security, Splunk Enterprise Security, SIEM, Detection Engineering, Elastic Stack, SPL, KQL, EQL, MITRE ATT and CK, Security Monitoring, Log Ingestion, Terraform, Ansible, SOC Engineering, NSD. ...

Splunk Enterprise Security Strong background in detection engineering and SIEM operations Experience designing and managing large scale data ingestion pipelines Advanced knowledge of SPL, KQL or EQL for detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques … your application to our client in conjunction with this vacancy only. KEY SKILLS Elastic Security, Splunk Enterprise Security, SIEM, Detection Engineering, Elastic Stack, SPL, KQL, EQL, MITRE ATT and CK, Security Monitoring, Log Ingestion, Terraform, Ansible, SOC Engineering, NSD. ...