1 to 25 of 54 Kusto Query Language Jobs in the UK

needs of the organization at the time of hiring: Code analysis: Maintaining detection support for multiple programming languages, including: building source code extractors that translate code written in each language into data that CodeQL can understand, keeping up with the latest version of each supported languag writing and maintaining queries in the CodeQL query language that accurately … detect security vulnerabilities and undesirable coding patterns ensuring the quality of LLM-powered Copilot Autofix suggestions for fixing the alerts found building analysis libraries in the CodeQL query language that reason precisely about the semantics of programming languages, supporting the development of queries across all languages experimenting with and robustly evaluating LLM-powered detection engines and integration between … LLMs and traditional static analysis. Foundations: Developing QL, the query language powering CodeQL analysis, and its underlying query compiler and evaluator within the CodeQL CLI. Expanding the expressive power of the CodeQL query language and speeding up the performance of the underlying query engine, empowering other teams to write high-quality analysis, and ensuring More ❯

on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. * Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. * Identifying and escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response … Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. * Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search and filter logs effectively. * Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information. * Able to communicate clearly and efficiently with team More ❯

on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. * Applying expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. * Identifying and escalating critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response … Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. * Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search and filter logs effectively. * Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information. * Able to communicate clearly and efficiently with team More ❯

health and reliability. Provide recommendations and solutions to ensure consistent highl level of service to customers. Automation & Continuous Improvement Develop scripts and queries (Kusto Query Language - KQL, PowerShell, Python) for log analysis. Implement automated remediation workflows where possible. Recommend improvements to architecture based on performance data. Collaboration & Documentation Work closely with engineering, DevOps, and customer support teams … in cloud monitoring, data analysis, or DevOps support. Strong knowledge of Microsoft Azure services (App Service, SQL Database, Blob Storage, Azure Monitor, Application Insights, Log Analytics). Proficiency in KQL (Kusto Query Language) for log analysis. Experience with automation scripting (PowerShell, Python, or Azure Functions). Desirable Familiarity with SIEM tools (Splunk, ELK, Azure Sentinel) Microsoft Certified More ❯

health and reliability. Provide recommendations and solutions to ensure consistent highl level of service to customers. Automation & Continuous Improvement Develop scripts and queries (Kusto Query Language - KQL, PowerShell, Python) for log analysis. Implement automated remediation workflows where possible. Recommend improvements to architecture based on performance data. Collaboration & Documentation Work closely with engineering, DevOps, and customer support teams … in cloud monitoring, data analysis, or DevOps support. Strong knowledge of Microsoft Azure services (App Service, SQL Database, Blob Storage, Azure Monitor, Application Insights, Log Analytics). Proficiency in KQL (Kusto Query Language) for log analysis. Experience with automation scripting (PowerShell, Python, or Azure Functions). Desirable Familiarity with SIEM tools (Splunk, ELK, Azure Sentinel) Microsoft Certified More ❯

and orchestrations that reduce manual effort and improve speed and accuracy in security operations. - Tell Stories with Data: Use tools like Jupyter Notebooks, Kusto Query Language (KQL), and Python to query and visualize large-scale security datasets. Translate telemetry into insights and share narratives that influence decision-making across engineering and leadership teams. - Support Compliance and More ❯

Key competencies include: Microsoft Fabric expertise : Designing and delivering data solutions using Microsoft Fabric, including Pipelines, Notebooks, Dataflows Gen2. Programming and query languages : Proficiency in Python, Apache Spark, KQL (Kusto Query Language). End-to-end data solution delivery : Experience with Data Governance, Migration, Modelling, ETL/ELT, Data Lakes, Warehousing, MDM, and BI. Engineering delivery More ❯

improving security posture Provide technical support within client service reviews along with attending any other meetings at the CSOC Managers discretion Articulation of security risk to customers in a language that can be understood by business representatives Responsible for continual service improvement activities within the CSOC Ensuring the integrity of client IT infrastructures Protecting information systems residing upon them … strict SLAs. Experience with, SIEM, EDR and Email Security toolsets and how to leverage these tools to provide robust Detect & Respond services. Experience working in a Microsoft XDR SOC KQL (Kusto Query Language) experience Experience in mentoring and assisting analysts of varying levels of skill. Must have been a UK resident for a minimum of 5 years More ❯

Qualifications: Strong knowledge of IT infrastructure, networking, and end-user computing Experience with SIEM tools, particularly Microsoft Sentinel Ability to write and tune Kusto Query Language (KQL) queries Hands-on experience with PAM, MFA, and other SecOps tools Excellent communication skills with the ability to explain technical issues to non-technical stakeholders Desirable Skills & Qualifications: Microsoft Security More ❯

infrastructure (CNI) project involving the deployment of Windows Hello for a major UK utility company. What You'll Be Doing: Supporting and tuning Microsoft Sentinel and other SIEM platforms (KQL scripting) Managing escalated incidents from L1 analysts and leading full incident response lifecycle (MIM) Conducting in-depth data analysis , threat hunting, and forensic investigations Maintaining and enhancing SOC documentation, SOPs … NIST, ISO 27001, MITRE ATT&CK We're Looking for Someone With: Expert-level SIEM experience (Azure Sentinel highly preferred) Strong knowledge of Kusto Query Language (KQL) Demonstrated experience in cybersecurity incident response & breach handling Familiarity with threat intelligence, vulnerability management , and cloud security tools Proactive mindset with ability to work independently in high-pressure environments Active More ❯

cyber risk remediation. Technical Skills & Qualifications Ability to communicate complex issues to non-technical audiences. Understanding of OT infrastructure and networking. Proficiency in Kusto Query Language (KQL) and SIEM systems, especially Microsoft Sentinel. Desirable Experience & Skills Knowledge of network security tools like NAC, Firewalls, IDS/IPS. Leadership experience; cybersecurity or related degree; certifications like Microsoft Security More ❯

preferably in a next generation SOC environment or in an MSSP or MDR provider Experience with SIEM and SOAR platforms, particularly Microsoft Sentinel or Google Chronicle, including rule tuning, KQL, and automation. Knowledge of infrastructure-as-code and security automation (e.g., Bicep, Terraform, Logic Apps, PowerShell). Exposure to compliance-driven environments (e.g. ISO 27001, PCI-DSS, GDPR). Desired More ❯

compliance and audit efforts through effective logging and reporting. Provide subject matter expertise for Sentinel and LogRhythm configuration, maintenance, and optimization. Requirements: Technical Skills: Proven experience with Microsoft Sentinel : KQL queries, analytic rules, data connectors, workbooks, etc. Proficiency with LogRhythm SIEM : AI Engine rules, SmartResponse, log source integration. Certifications such as Microsoft SC-200 , LogRhythm Certified Professional , CEH , GCIA , or More ❯

Architect, Senior Security Consultant, and Systems Architect. Skills Required: Windows Architecture and Administration. Windows and Linux hardening best practices. Understanding of protocol analysis techniques. Experience with Azure Log Analytics, KQL, and Azure Alerts. Python, Shell, and PowerShell scripting. Experience with security tools and technologies (e.g., SIEM, IDS/IPS, NG Firewall capabilities, vulnerability scanners). Knowledge of Active Directory and More ❯

operational optimization. The ideal candidate Minimum of 5 years of experience in IT Security, cloud architecture, IAM or related roles Experience architecting and implementing IAM strategies Solid experience with KQL, PowerShell, and automated policy deployment Experience designing and implementing policies and procedures related to: Cloud tenant security (O365), Conditional Access, PIM, MFA, Auditing, logging, threat detection Bachelor's degree in More ❯

groups, tagging, cost control, and monitoring tools (Azure Monitor, Log Analytics). Proven experience implementing Microsoft Sentinel: connecting data sources, building analytics rules, creating workbooks/dashboards, and writing KQL queries. Understanding of incident response, security event correlation, and automation via Logic Apps. Solid grasp of cybersecurity principles: Zero Trust, Conditional Access, MFA, identity protection, and secure score improvement. Intune More ❯

skills due to the trust imparted as an IRM analyst. Proficiency in using security tools and technologies such as Microsoft Sentinel SIEM, EDR and forensic analysis tools. Familiarity with KQL be beneficial for automating tasks and conducting advanced analysis. Beneficial: Understanding of data protection laws, regulations, and compliance requirements (e.g., GDPR, CCPA, HIPAA). Industry certifications such as Certified Information More ❯

policies, management groups, tagging, cost control, and monitoring tools (Azure Monitor, Log Analytics). Proven experience implementing Microsoft Sentinel: connecting data sources, building analytics rules, creating dashboards, and writing KQL queries. Understanding incident response, security event correlation, and automation via Logic Apps. Solid understanding of cybersecurity principles: Zero Trust, Conditional Access, MFA, identity protection, and secure score improvement. Intune/ More ❯

critical national infrastructure in a large-scale environment Provide support and troubleshooting for Azure services including Compute, Storage, Networking, etc. Utilize Azure Management tools such as Azure Monitor, Agents, KQL, ARM templates, Azure Policies, and Infrastructure as Code (IaC) with Azure DevOps, Bicep, etc. Perform scripting with PowerShell and manage patching in cloud environments Follow ITIL incident management practices, document More ❯

Looking For: 3+ years in cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator—comfortable explaining complex security risks More ❯

Looking For: 3+ years in cyber security, ideally within a Managed Service Provider Deep experience with Microsoft Defender suite (MDE, MDO, MDCA, MDI) and Microsoft Sentinel Strong knowledge of KQL, Logic Apps, and automation/orchestration tools Skilled in endpoint, identity, and cloud security Familiar with Microsoft 365 and Azure security best practices Excellent communicator—comfortable explaining complex security risks More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

We are hunting for an experienced SOC Analyst that's spent time working within the Microsoft security stack, specifically with Sentinel, KQL and Defender. SOC First Responders form the bulwark of our cyber defences and are responsible for the rapid triage of security alerts and for the initial response to legitimate security incidents. In addition to their primary tasks, First More ❯

industry regulations, and best practices. You have - Proven experience deploying and managing Microsoft Defender (across all versions), Sentinel, Intune, and Windows security solutions, as well as strong proficiency in KQL, authentication protocols, and conditional access policies. - Practical knowledge of endpoint security across both server and end-user environments, including Active Directory, Entra ID, Windows and RHEL hardening, and device management. More ❯