25 of 25 Permanent Kusto Query Language Jobs in the UK excluding London

on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. * Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. * Identifying and escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response … Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. * Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search and filter logs effectively. * Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information. * Able to communicate clearly and efficiently with team More ❯

on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. * Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. * Identifying and escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response … Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. * Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search and filter logs effectively. * Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information. * Able to communicate clearly and efficiently with team More ❯

improving security posture Provide technical support within client service reviews along with attending any other meetings at the CSOC Managers discretion Articulation of security risk to customers in a language that can be understood by business representatives Responsible for continual service improvement activities within the CSOC Ensuring the integrity of client IT infrastructures Protecting information systems residing upon them … strict SLAs. Experience with, SIEM, EDR and Email Security toolsets and how to leverage these tools to provide robust Detect & Respond services. Experience working in a Microsoft XDR SOC KQL (Kusto Query Language) experience Experience in mentoring and assisting analysts of varying levels of skill. Must have been a UK resident for a minimum of 5 years More ❯

groups, tagging, cost control, and monitoring tools (Azure Monitor, Log Analytics). Proven experience implementing Microsoft Sentinel: connecting data sources, building analytics rules, creating workbooks/dashboards, and writing KQL queries. Understanding of incident response, security event correlation, and automation via Logic Apps. Solid grasp of cybersecurity principles: Zero Trust, Conditional Access, MFA, identity protection, and secure score improvement. Intune More ❯

policies, management groups, tagging, cost control, and monitoring tools (Azure Monitor, Log Analytics). Proven experience implementing Microsoft Sentinel: connecting data sources, building analytics rules, creating dashboards, and writing KQL queries. Understanding incident response, security event correlation, and automation via Logic Apps. Solid understanding of cybersecurity principles: Zero Trust, Conditional Access, MFA, identity protection, and secure score improvement. Intune/ More ❯

critical national infrastructure in a large-scale environment Provide support and troubleshooting for Azure services including Compute, Storage, Networking, etc. Utilize Azure Management tools such as Azure Monitor, Agents, KQL, ARM templates, Azure Policies, and Infrastructure as Code (IaC) with Azure DevOps, Bicep, etc. Perform scripting with PowerShell and manage patching in cloud environments Follow ITIL incident management practices, document More ❯

Looking For: 3+ years in cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator—comfortable explaining complex security risks More ❯

Looking For: 3+ years in cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator—comfortable explaining complex security risks More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

industry regulations, and best practices. You have - Proven experience deploying and managing Microsoft Defender (across all versions), Sentinel, Intune, and Windows security solutions, as well as strong proficiency in KQL, authentication protocols, and conditional access policies. - Practical knowledge of endpoint security across both server and end-user environments, including Active Directory, Entra ID, Windows and RHEL hardening, and device management. More ❯

have: Over 5 years of experience in cybersecurity, including a minimum of 2 years in a Level 3 SOC or equivalent role. Expert-level proficiency with Microsoft Sentinel, including KQL, custom analytic rules, and automation. Hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365. Strong knowledge of the MITRE ATT&CK framework, threat intelligence, and adversary TTPs. More ❯

Sentinel Knowledge of other security tools e.g. Qualys, Akamai, Valimail Working knowledge of cloud providers such as AWS Ability to understand and develop coding languages such as Terraform, Python & KQL (or similar) Recognised cyber security certifications or qualifications (desirable). Experience with NIST (or similar) security framework(s). What we offer: We believe that all the people who work More ❯

infrastructure (including RBAC, PIM, NSGs and identity protections). Lead security incident detection, investigation, and response activities alongside the SOC. Lead the implementation and tuning of Microsoft Sentinel: build KQL queries, implement custom rules, conduct threat hunting, workbooks, design and automate playbooks using Logic Apps. Experience collaborating with development, operations and infrastructure teams in a security context. Experience securing cloud … security, including principles such as zero trust and networksecurity tooling such as Netskope. In-depth knowledge of Microsoft Defender suite (for Endpoint, Identity, Cloud, etc.). Solid understanding of KQL, Azure RBAC, Privileged Identity Management (PIM). Specific knowledge of AWS security stack would be beneficial including GuardDuty, CloudWatch and SecurityHub Familiarity with industry frameworks: MITRE ATT&CK, NIST, CIS More ❯

Continuously monitoring network traffic, security alerts, and system logs for signs of suspicious activity or security breaches. Requirements Proven experience with Microsoft Sentinel, Defender for Endpoint, Defender for Identity KQL experience In depth understanding of PCAP analysis using Wireshark or equivalent. Network engineering/network admin OT operations/security (optional, but a bonus) What's on Offer? Competitive salary More ❯

MSP Strong technical knowledge of Microsoft 365, including migrations, hybrid identity, DLP, retention policies Hands-on Azure IaaS experience: networking, NSGs, VPNs, load balancers, governance Proven Microsoft Sentinel experience: KQL, dashboards, incident response Solid grasp of Intune, AutoPilot, security and compliance policies Strong networking and firewall understanding (e.g. Cisco, Fortinet, Ubiquiti) Confident presenting to stakeholders and creating detailed technical documentation More ❯

Management o Azure SQL and MI o Functions o Networking o Data Factory o Databricks Proven experience with Azure DevOps (ADO) Solid understanding of o Terraform o HELM o KQL Advantageous: Healthcare or Government related industry experience Understanding of JIRA and Confluence Understanding or experience with TCAF Qualifications: Experience is valued over accreditation, however, as we're a Microsoft partner More ❯

About the Role: We’re a leading Managed Service Provider (MSP) delivering cutting-edge IT and security solutions to businesses worldwide. Our mission is to protect digital assets through proactive security measures, advanced threat intelligence, and world-class support. Join More ❯

by dedicated professionals. We're seeking a skilled Cyber Security Engineer to join our clients eam. The ideal candidate will have expertise in Azure Sentinel SIEM, Microsoft Defender, and KQL scripting. This role demands a proactive individual who can monitor and protect our organization's digital assets while staying updated on the latest security threats and trends. If you are … Responsibilities: Implement and manage Azure Sentinel SIEM for threat detection, incident response, and security monitoring. Configure and maintain Microsoft Defender for endpoint protection and threat detection. Develop and maintain KQL scripts for querying and analysing data within Azure Sentinel. Collaborate with cross-functional teams to identify security vulnerabilities and develop appropriate solutions. Conduct regular security assessments and penetration testing to … in Computer Science, Information Technology, or related field. Proven experience working as a Cyber Security Engineer or similar role. In-depth knowledge of Azure Sentinel SIEM, Microsoft Defender, and KQL scripting. One of the following certifications: AZ-500 (Microsoft Azure Security Technologies) or SC-200 (Microsoft Security Operations Analyst). Strong analytical and problem-solving skills. Excellent communication and interpersonal More ❯

operations, or geospatial data have played a role. Bonus Points For: Exposure to event streaming platforms (e.g. Kafka, SQS, EventHub) Familiarity with SQL/NoSQL, CosmosDB, or Kusto (KQL) Knowledge of IoT protocols (GNSS, GSM, Bluetooth, UWB) Mobile development experience (iOS/Android) Experience with real-time monitoring or geospatial applications In Technology Group Ltd is acting as an More ❯

Harden infrastructure across Microsoft 365 and Endpoint environments Collaborate with System Admins, SOC Analysts, and Network Engineers Support compliance with upcoming Cyber Essentials certification Automate tasks with scripting (PowerShell, KQL, Python a plus) Help non-technical users understand and adopt secure practices What We're Looking For 5+ years in IT Security Engineering or a related technical field Proven hands … starting mindset, someone who "gets on with it" Desirable Certifications: AZ-500, CISSP, CCSP, CISM Experience with compliance initiatives like Cyber Essentials Any coding/scripting ability (PowerShell/KQL/Python) Working Pattern Fully remote with occasional head office visits Flexible approach to working patterns in a family friendly culture Benefits Strong training and development support Friendly, collaborative IT More ❯

Git (version control) Security & Compliance Cloud posture management (Azure Defender for Cloud, GCP SCCE) Data Loss Prevention/Data Security Posture Management (DSPM) Scripting & Automation Python (our preferred scripting language) Configuration as Code … principles API integration (e.g., Microsoft Graph API) IN ADDITION, THE BELOW WOULD BE NICE TO HAVE (DEPENDING ON THE TEAM) Lab 1: Cloud Enterprise and Computer Security Data & Analytics (KQL/SQL or BigQuery for GCP) Power Platform and PowerShell Lab 2: Security Operations SIEM management Advanced logging DLP technical policy development Ability to build and train machine learning models More ❯

posture management (Azure Defender for Cloud, GCP SCCE) Microsoft Defender XDR/Microsoft Purview Data Loss Prevention/Data Security Posture Management (DSPM) Scripting & Automation Python (our preferred scripting language) Configuration as Code … principles API integration (e.g., Microsoft Graph API) IN ADDITION, THE BELOW WOULD BE NICE TO HAVE (DEPENDING ON THE TEAM) Lab 1: Cloud Enterprise and Computer Security Data & Analytics (KQL/SQL or BigQuery for GCP) Kubernetes (K8s) Power Platform and PowerShell Lab 2: Security Operations SIEM management Advanced logging Cyber Defence Centre tooling DLP technical policy development Ability to More ❯

and cybersecurity researchers to identify analytics, threat intelligence, and tradecraft that benefit the Blue Team. Communicate funding and prioritization suggestions and lead implementation when needed. Develop complex, anomaly-based KQL analytics and playbooks for detection in M365, Linux, and Windows environments. Review open-source research on threats affecting cloud services and VMs, prioritizing and implementing relevant findings. Research vulnerabilities, produce … control systems. Experience in developing malware and anomaly detections. Use of statistical methods for anomaly detection. Proficiency with Microsoft Sentinel and/or XDR. Strong skills in writing complex KQL analytics/searches. Awareness of current security threats. Ability to prioritize threats effectively. Understanding factors affecting detection effectiveness. Threat hunting or SOC analyst certifications preferred. Life at BAE Systems Digital More ❯

with Microsoft Azure and SAP Hands on use of monitoring and observability tools such as Application Insights and New Relic Experience with various query languages such as SQL, KQL, Lucene, NRQL to analyse logs and metrics for modelling and troubleshooting would be beneficial Knowledge of testing in differing SDLC models and Shift Left principles Strong communication and leadership skills More ❯