24 of 24 Permanent Kusto Query Language Jobs

Microsoft Sentinel Engineer, you will design, implement, and optimise Sentinel solutions across enterprise environments. You will connect multiple data sources, write complex KQL queries, build automation playbooks, and work closely with clients to strengthen their security operations and response capabilities. This is a technically advanced role that combines engineering depth … Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and visualise raw security data. Integrate third-party tools (firewalls, IAM, telemetry) into Sentinel. Use MITRE ATT&CK to anticipate and counter ...

Assist with monthly SOC reporting and contribute insights into customer security posture Support client service reviews and communicate cyber risks in clear, business-friendly language Conduct security assessments, including vulnerability testing and risk analysis Ensure timely, high-quality incident resolution in line with SOC standards and SLAs … responding to cyber security incidents Hands-on experience with SIEM, EDR, and email security tooling Experience working in a Microsoft XDR SOC Strong KQL (Kusto Query Language) skills Experience mentoring and supporting analysts at different levels Excellent written and verbal communication skills Strong analytical thinking, judgement ...

supporting C#/.NET Core/MVC web applications with SQL Server backends and Azure Blob Storage. Advanced Azure diagnostics (Application Insights, Log Analytics, Kusto Query Language). Proficient in SQL for investigation and remediation. Scripting and automation skills in PowerShell and/or C#. Understanding … Blob Storage, scaling strategies. Experience in capacity planning, SLOs, and error budget management Azure Monitor, Application Insights, Log Analytics, Azure Data Explorer (KQL), Azure Functions, Logic Apps, PowerShell, C#, SQL Server Management Studio, Azure Storage Explorer, Power BI (for reporting). The Senior Azure Support Engineer responsibilities and tasks: Monitor ...

Azure Policy, network security, encryption, compliance frameworks. Scripting & Automation: PowerShell, Azure CLI, optional Python/Bash. Monitoring & Observability: Azure Monitor, Log Analytics, Application Insights, KQL, alerting, incident response. Insurance/Regulatory Knowledge: FCA/PRA regulations, GDPR/UK DPA, insurance systems, audit and compliance frameworks. Desired Qualifications: Microsoft Certified ...

cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as a Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. ...

including Azure AD, and Azure ecosystem. Working knowledge of medallion architecture and how it fits within a data platform. Working knowledge of Log Analytics, KQL and how it fits within monitoring solutions. Essential Knowledge, Skills & Experience Experience/Knowledge Integrations development involving Azure Integrations, SQL Server/Azure SQL, APIs ...

cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as a Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. ...

technologies such as Defender or Azure security tools Strong analytical thinking and willingness to learn Nice to Have Experience writing queries for investigations (e.g. KQL) Microsoft security certifications (SC-200, SC-900, AZ-500) Exposure to incident response or threat detection activities Location This role requires 2 days per week ...

with Terraform as the primary tool and Bicep as an Azure-native IaC language. Ideally, you will have the ability to write and use KQL for dashboards, alerts, investigations, and insights in Log Analytics, Azure Monitor, and Application Insights. Experience administering and optimizing Windows Server workloads on Azure Virtual Machines ...

experience in a live SaaS/software environment Strong troubleshooting and root cause analysis skills Experience with Application Insights, Azure Monitor, Log Analytics and KQL SQL skills for investigation and remediation PowerShell and/or C# scripting Experience supporting .NET/C# applications is highly beneficial Strong communication skills ...

deploy Microsoft Purview (DLP, classification, compliance) Implement the Defender suite (Endpoint, Identity, Cloud Apps, Office 365) Build and tune Sentinel SIEM: analytics rules, playbooks, KQL, automation Design Zero Trust controls via Entra ID: Conditional Access, PIM, RBAC Lead client-facing workshops and contribute to presales and security strategy Create LLDs ...

within Complex, Multi-Tenant Environments. The Engineering Edge: Good Background in Detection Engineering, Custom Rule Creation & Log Orchestration. You should be highly proficient in KQL & have good Scripting Capabilities (Python or PowerShell). Onboarding & Architecture: Proven Ability to Lead Technical Implementation for New Clients, ensuring their environments are correctly Scoped ...

Lakehouse architectures. Advanced data modelling skills (3NF, Kimball). Experience building cloud-native and on‐premises data pipelines. Strong SQL, NoSQL/CosmosDB and KQL capability. Background in consulting and client-facing delivery. Ability to challenge, influence and articulate architectural decisions clearly. Experience owning architecture from discovery through to delivery. ...

runtime protection Detection, Monitoring & Incident Response Perform incident response activities including triage, containment, eradication, and recovery Develop and optimise security detections (e.g. Sentinel, KQL, YARA) Manage logging, ingestion pipelines, and monitoring infrastructure Conduct threat hunting and analysis to identify emerging risks Lead or support incident investigations, including post-incident reviews … solutions and MDM/EMM tools Experience securing containerised environments (e.g. Kubernetes) and CI/CD pipelines Scripting and automation experience (e.g. PowerShell, Python, KQL, Bicep) Strong networking and infrastructure security knowledge (protocols, firewalls, IDS/IPS, WAFs, hardening) Familiarity with incident response frameworks (e.g. NIST, SANS) Experience with cloud ...

engineering role Strong familiarity with security monitoring platforms such as SIEM, SOAR, and threat intelligence tooling Experience writing or tuning detection logic, ideally using KQL or similar query languages Practical exposure to threat hunting and analysing security alerts or incidents Experience building integrations or automation across security tooling Experience ...

OpenAI API, AI-based testing). · Solid knowledge of software delivery metrics (DORA, SPACE) and improvement methods. · Advanced proficiency in at least one programming language (Java, Go, Python, etc.) and modern IaC tools (Terraform). · Experience building/operating new platform/DX functions and influencing technical direction. · Exceptional … cloud-based monitoring/logging. · Scripting/automation skills (PowerShell, Python, YAML). · Experience configuring cloud monitoring (Azure Application Insights, Log Analytics/KQL). · AWS experience (EC2, S3, EMR) and cloud data migration. Preferred Qualifications: · Experience in multi-team engineering environments with a core focus on developer enablement. · Familiarity ...

flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard Endpoint and desktop security: EDR deployment … flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard Endpoint and desktop security: EDR deployment ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

Technical Architect - Microsoft Fabric Chester - Hybrid working 2 x per week Salary: Up to £90,000 per annum A leading client in Chester seeks a Technical Architect to design and deliver data and AI solutions ...

Splunk Enterprise Security Strong background in detection engineering and SIEM operations Experience designing and managing large scale data ingestion pipelines Advanced knowledge of SPL, KQL or EQL for detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques … your application to our client in conjunction with this vacancy only. KEY SKILLS Elastic Security, Splunk Enterprise Security, SIEM, Detection Engineering, Elastic Stack, SPL, KQL, EQL, MITRE ATT and CK, Security Monitoring, Log Ingestion, Terraform, Ansible, SOC Engineering, NSD. ...

Splunk Enterprise Security Strong background in detection engineering and SIEM operations Experience designing and managing large scale data ingestion pipelines Advanced knowledge of SPL, KQL or EQL for detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques … your application to our client in conjunction with this vacancy only. KEY SKILLS Elastic Security, Splunk Enterprise Security, SIEM, Detection Engineering, Elastic Stack, SPL, KQL, EQL, MITRE ATT and CK, Security Monitoring, Log Ingestion, Terraform, Ansible, SOC Engineering, NSD. ...