1 to 25 of 75 Permanent Kusto Query Language Jobs in the UK excluding London

incident response .Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats. Threat Hunting & Detection Engineering: Perform proactive threat hunting using KQL within Microsoft Sentinel. Develop and fine-tune custom analytics rules, workbooks, and hunting queries. - Apply the MITRE ATT&CK framework to build coverage and improve … science, Cybersecurity, Engineering, or a related field. Hands-on experience in cybersecurity operations. Experience with Microsoft Sentinel and Microsoft Defender suite. Strong skills in KQL (Kusto Query Language) and Security architecture and data integration, Azure and Microsoft 365 security services Experience in onboarding and managing log sources ...

supporting C#/.NET Core/MVC web applications with SQL Server backends and Azure Blob Storage. Advanced Azure diagnostics (Application Insights, Log Analytics, Kusto Query Language). Proficient in SQL for investigation and remediation. Scripting and automation skills in PowerShell and/or C#. Understanding … Blob Storage, scaling strategies. Experience in capacity planning, SLOs, and error budget management Azure Monitor, Application Insights, Log Analytics, Azure Data Explorer (KQL), Azure Functions, Logic Apps, PowerShell, C#, SQL Server Management Studio, Azure Storage Explorer, Power BI (for reporting). The Senior Azure Support Engineer responsibilities and tasks: Monitor ...

Sentinel, Splunk, Defender, CrowdStrike or Elastic • Proven ability to build and tune detection rules, dashboards and automation playbooks • Knowledge of scripting or automation using KQL, PowerShell, Python or similar • Familiarity with log management, APIs and data normalisation • Understanding of cloud security across Azure, AWS and M365 • Strong grasp of network ...

Automation & Integration : Using Sentinel Graph, Microsoft Graph Security API, playbooks, Logic Apps, Power Automate. Threat Management : SIEM for detection, response, hunting; SOAR workflow design; KQL queries, custom rules, UEBA. Identity & Access Security : Entra ID, Conditional Access, Identity Protection, PIM. Email Security : Microsoft Defender for O365, Darktrace AI, anti-phishing, Safe ...

roles (MSSP experience advantageous). Advanced expertise with: CrowdStrike Falcon EDR (RTR, Forensics, Custom IOA, Identity Protection) LogScale/Next-Gen SIEM (AQL/KQL queries, dashboards, pipelines) SIEM technologies and EDR/MDR workflows in 24×7 security operations Strong automation and scripting skills (Python, PowerShell, Bash). Proficiency ...

with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks (ISO 27001, NIST, CIS). Strong ...

with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks (ISO 27001, NIST, CIS). Strong ...

with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks (ISO 27001, NIST, CIS). Strong ...

starting with PDS.? Desirable Experience? . Understanding of threat landscapes, attack vectors, and adversary tactics (MITRE ATT&CK framework). Proficiency in SQL/KQL and Resource Graph for data scripting, transformation and automation. Familiarity with Azure and Fabric, using dataflows and data lakes to build scalable datasets. Understanding ...

Azure servers (P2), with a focus on advanced threat detection and automated response. Skilled in Microsoft Sentinel SIEM/SOAR setup, tuning, and KQL query development for detection engineering and incident investigation. PowerShell/Python scripting for automating Microsoft security tooling, plus experience securing DNS, DKIM/DMARC ...

Azure servers (P2), with a focus on advanced threat detection and automated response. Skilled in Microsoft Sentinel SIEM/SOAR setup, tuning, and KQL query development for detection engineering and incident investigation. PowerShell/Python scripting for automating Microsoft security tooling, plus experience securing DNS, DKIM/DMARC ...

cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator ...

cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator ...

deploy Microsoft Purview (DLP, classification, compliance) Implement the Defender suite (Endpoint, Identity, Cloud Apps, Office 365) Build and tune Sentinel SIEM: analytics rules, playbooks, KQL, automation Design Zero Trust controls via Entra ID: Conditional Access, PIM, RBAC Lead client-facing workshops and contribute to presales and security strategy Create LLDs ...

ability to design, test and optimise detection content, including MITRE ATT&CK-aligned rules and risk-based alerting (RBA). Advanced knowledge of SPL, KQL and EQL, focused on detection quality and noise reduction. Experience with automation and Infrastructure-as-Code in SIEM environments. Deep understanding of SIEM platform operations ...

performance, tenant‐wide scoping, differential targeting by region/legal entity. Automate via PowerShell/Graph, and instrument telemetry/alerting (e.g., Sentinel/KQL, compliance portals). Define controls, evidence artefacts, and reporting for internal audit and regulatory assurance. Create runbooks for policy changes, exceptions, break‐glass procedures ...

performance, tenant‐wide scoping, differential targeting by region/legal entity. * Automate via PowerShell/Graph, and instrument telemetry/alerting (e.g., Sentinel/KQL, compliance portals). * Define controls, evidence artefacts, and reporting for internal audit and regulatory assurance. * Create runbooks for policy changes, exceptions, break‐glass procedures ...

doing As SOC Analyst, you will: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. Develop and maintain … hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement/review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. ...

bonus, not a requirement. What you'll be doing: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. … hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement/review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. ...

bonus, not a requirement. What you'll be doing: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. … hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement/review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. ...

bonus, not a requirement. What you’ll be doing: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. … hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement/review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. ...

bonus, not a requirement. What you'll be doing: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. … hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement/review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. ...

junior analysts Handle complex threats, lead incident response, and shape security policy Oversee and lead investigations across various cloud security suites Develop and maintain KQL-based detection rules, hunting queries, and alert tuning strategies. Coordinate incident response playbooks across hybrid environments, including AWS EC2, Lambda, and containerized workloads. Contribute … response roles, with strong hands-on experience in Microsoft security suite, AWS Security Services, and other EDR/XDR/CNAPP platforms Proficient in KQL, PowerShell, and Python for automation and enrichment. Experience with AWS IAM, GuardDuty, Security Hub, CloudTrail, and Config. Strong understanding of UK compliance frameworks (NCSC ...

including data connector onboarding, ingestion optimisation, analytic rule lifecycle management, workspace architecture, and cost-aware service design for multi-tenant MSSP use cases Advanced KQL (Engineering & Detection Enablement) Expert-level KQL skills to support detection engineering, correlation logic, operational tuning, and platform performance across Sentinel and Defender data sources SOAR ...

Will Ideally Bring: Strong experience with Azure Cloud technologies, Microsoft Sentinel and Defender solution. Experience in query languages and/or script development (KQL, SPL, SQL, Powershell, etc.) Knowledge and familiarity of enterprise IT systems in relation to cyber security. Hands-on engineering experience with SIEM and/ ...