1 to 25 of 36 Permanent Kusto Query Language Jobs

needs of the organization at the time of hiring: Code analysis: Maintaining detection support for multiple programming languages, including: building source code extractors that translate code written in each language into data that CodeQL can understand, keeping up with the latest version of each supported languag writing and maintaining queries in the CodeQL query language that accurately … detect security vulnerabilities and undesirable coding patterns ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages experimenting with and robustly evaluating LLM-powered detection engines and integration between … LLMs and traditional static analysis. Foundations: Developing QL, the query language powering CodeQL analysis, and its underlying query compiler and evaluator within the CodeQL CLI. Expanding the expressive power of the CodeQL query language and speeding up the performance of the underlying query engine, empowering other teams to write high-quality analysis, and ensuring More ❯

and orchestrations that reduce manual effort and improve speed and accuracy in security operations. - Tell Stories with Data: Use tools like Jupyter Notebooks, Kusto Query Language (KQL), and Python to query and visualize large-scale security datasets. Translate telemetry into insights and share narratives that influence decision-making across engineering and leadership teams. - Support Compliance and More ❯

improving security posture Provide technical support within client service reviews along with attending any other meetings at the CSOC Managers discretion Articulation of security risk to customers in a language that can be understood by business representatives Responsible for continual service improvement activities within the CSOC Ensuring the integrity of client IT infrastructures Protecting information systems residing upon them … strict SLAs. Experience with, SIEM, EDR and Email Security toolsets and how to leverage these tools to provide robust Detect & Respond services. Experience working in a Microsoft XDR SOC KQL (Kusto Query Language) experience Experience in mentoring and assisting analysts of varying levels of skill. Must have been a UK resident for a minimum of 5 years More ❯

unclassified website/portals Develop and maintain an accurate, consistent, repeatable process for responses to official questions by collecting, consolidating, and preparing written responses to external RFI or internal query from leadership Create and maintain records in compliance with DoD Records Management policies and directives Organize data, establish file structures, and ensure information is captured and stored in locations … Framework, C#, AngularJS, Hyper Text Markup Language (HTML), AJAX, ASP.NET , XML, JavaScript, JQuery, CSS, Microsoft SharePoint Designer, complex SharePoint Workflows, Web Services, REST, Keyword Query Language (KQL), SharePoint Server 2013, and Internet Information Server (IIS). Required: Active Secret clearance is required to start, must be able to obtain a TS/SCI security clearance Required: Current More ❯

technologies, and frameworks (e.g., NCSC guidance, ISO 27001, NIST). It is desirable that you have: Experience working with Django framework Good working knowledge of Query Languages (SQL, KQL (Kusto), etc.) How to apply As part of the application process you will be asked to upload a CV which outlines your experience, skills and fit for the role More ❯

Architect, Senior Security Consultant, and Systems Architect. Skills Required: Windows Architecture and Administration. Windows and Linux hardening best practices. Understanding of protocol analysis techniques. Experience with Azure Log Analytics, KQL, and Azure Alerts. Python, Shell, and PowerShell scripting. Experience with security tools and technologies (e.g., SIEM, IDS/IPS, NG Firewall capabilities, vulnerability scanners). Knowledge of Active Directory and More ❯

Looking For: 3+ years in cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator—comfortable explaining complex security risks More ❯

Looking For: 3+ years in cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator—comfortable explaining complex security risks More ❯

groups, tagging, cost control, and monitoring tools (Azure Monitor, Log Analytics). Proven experience implementing Microsoft Sentinel: connecting data sources, building analytics rules, creating workbooks/dashboards, and writing KQL queries. Understanding of incident response, security event correlation, and automation via Logic Apps. Solid grasp of cybersecurity principles: Zero Trust, Conditional Access, MFA, identity protection, and secure score improvement. Intune More ❯

have: Over 5 years of experience in cybersecurity, including a minimum of 2 years in a Level 3 SOC or equivalent role. Expert-level proficiency with Microsoft Sentinel, including KQL, custom analytic rules, and automation. Hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365. Strong knowledge of the MITRE ATT&CK framework, threat intelligence, and adversary TTPs. More ❯

skills due to the trust imparted as an IRM analyst. Proficiency in using security tools and technologies such as Microsoft Sentinel SIEM, EDR and forensic analysis tools. Familiarity with KQL be beneficial for automating tasks and conducting advanced analysis. Beneficial: Understanding of data protection laws, regulations, and compliance requirements (e.g., GDPR, CCPA, HIPAA). Industry certifications such as Certified Information More ❯

policies, management groups, tagging, cost control, and monitoring tools (Azure Monitor, Log Analytics). Proven experience implementing Microsoft Sentinel: connecting data sources, building analytics rules, creating dashboards, and writing KQL queries. Understanding incident response, security event correlation, and automation via Logic Apps. Solid understanding of cybersecurity principles: Zero Trust, Conditional Access, MFA, identity protection, and secure score improvement. Intune/ More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

ll Be Doing Architect and deploy Microsoft Purview (DLP, classification, compliance) Implement the Defender suite (Endpoint, Identity, Cloud Apps, Office 365) Build and tune Sentinel SIEM: analytics rules, playbooks, KQL, automation Design Zero Trust controls via Entra ID: Conditional Access, PIM, RBAC Lead client-facing workshops and contribute to presales and security strategy Create LLDs/HLDs, support compliance (e.g. More ❯

ll Be Doing Architect and deploy Microsoft Purview (DLP, classification, compliance) Implement the Defender suite (Endpoint, Identity, Cloud Apps, Office 365) Build and tune Sentinel SIEM: analytics rules, playbooks, KQL, automation Design Zero Trust controls via Entra ID: Conditional Access, PIM, RBAC Lead client-facing workshops and contribute to presales and security strategy Create LLDs/HLDs, support compliance (e.g. More ❯

SOC environments – Azure/AWS preferably. Practical experience both implementing and deploying DAC and IAC. Comprehensive knowledge and experience utilising/fine-tuning the Microsoft Security stack – Defender, Sentinel, KQL, etc. Ability to articulate specific projects that you have built, developed or led on, specific to SecOps Engineering and Automation. If you’re an experienced SecOps Engineer, looking to shape More ❯

Security Engineer - SIEM, KQL- sought by investment bank based in London. Inside IR35 - 3 days a week on-site Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log … rules, STIX, and YAML Participation in red/purple team exercises. 3+ years in a Security Engineer, SOC Analyst, or similar role Hands-on experience with Microsoft Sentinel and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain More ❯

join a collaborative, forward-thinking team. You'll: Lead cloud, network, and endpoint security initiatives Investigate and remediate incidents Shape policies, audits, and compliance practices Automate processes using PowerShell, KQL, Python, or similar What you bring: 5+ years in IT Security Engineering Strong Microsoft 365 & Azure security experience Endpoint security expertise (Defender/XDR) Network security knowledge (Firewalls, VPNs, IDS More ❯

join a collaborative, forward-thinking team. You'll: Lead cloud, network, and endpoint security initiatives Investigate and remediate incidents Shape policies, audits, and compliance practices Automate processes using PowerShell, KQL, Python, or similar What you bring: 5+ years in IT Security Engineering Strong Microsoft 365 & Azure security experience Endpoint security expertise (Defender/XDR) Network security knowledge (firewalls, VPNs, IDS More ❯

contribute to key decisions. Additionally, you will provide solutions to problems for your immediate team and across multiple teams. Key Requirements: Detailed Hands On SIEM support including policy updates (KQL/Sentinel) Hands On cyber escalations from L1 support Deep dive into data analysis and tools Incident Responder during a MIM Ensuring all SOC processes and docs are current SC More ❯

contribute to key decisions. Additionally, you will provide solutions to problems for your immediate team and across multiple teams. Key Requirements: Detailed Hands On SIEM support including policy updates (KQL/Sentinel) Hands On cyber escalations from L1 support Deep dive into data analysis and tools Incident Responder during a MIM Ensuring all SOC processes and docs are current SC More ❯

Continuously monitoring network traffic, security alerts, and system logs for signs of suspicious activity or security breaches. Requirements Proven experience with Microsoft Sentinel, Defender for Endpoint, Defender for Identity KQL experience In depth understanding of PCAP analysis using Wireshark or equivalent. Network engineering/network admin OT operations/security (optional, but a bonus) What's on Offer? Competitive salary More ❯

Sentinel Knowledge of other security tools e.g. Qualys, Akamai, Valimail Working knowledge of cloud providers such as AWS Ability to understand and develop coding languages such as Terraform, Python & KQL (or similar) Recognised cyber security certifications or qualifications (desirable). Experience with NIST (or similar) security framework(s). What we offer: We believe that all the people who work More ❯