have: Over 5 years of experience in cybersecurity, including a minimum of 2 years in a Level 3 SOC or equivalent role. Expert-level proficiency with Microsoft Sentinel, including KQL, custom analytic rules, and automation. Hands-on experience with Microsoft Defender for Endpoint, Identity, and Office 365. Strong knowledge of the MITRE ATT&CK framework, threat intelligence, and adversary TTPs. More ❯
NIST, ISO 27001, Zero Trust. Extensive experience with Windows and Linux hardening. Skilled in protocol analysis, network architecture, and infrastructure design. Technical Toolkit: Strong command of Azure Log Analytics, KQL, and Azure-based security tools. Scripting: Python, PowerShell, Shell. Experience with IDS/IPS, firewalls, SIEMs, and vulnerability management tools. Strong grasp of Active Directory, Azure AD, and identity access More ❯
NIST, ISO 27001, Zero Trust. Extensive experience with Windows and Linux hardening. Skilled in protocol analysis, network architecture, and infrastructure design. Technical Toolkit: Strong command of Azure Log Analytics, KQL, and Azure-based security tools. Scripting: Python, PowerShell, Shell. Experience with IDS/IPS, firewalls, SIEMs, and vulnerability management tools. Strong grasp of Active Directory, Azure AD, and identity access More ❯
SOC environments – Azure/AWS preferably. Practical experience both implementing and deploying DAC and IAC. Comprehensive knowledge and experience utilising/fine-tuning the Microsoft Security stack – Defender, Sentinel, KQL, etc. Ability to articulate specific projects that you have built, developed or led on, specific to SecOps Engineering and Automation. If you’re an experienced SecOps Engineer, looking to shape More ❯
Security Engineer - SIEM, KQL- sought by investment bank based in London. Inside IR35 - 3 days a week on-site Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log … rules, STIX, and YAML Participation in red/purple team exercises. 3+ years in a Security Engineer, SOC Analyst, or similar role Hands-on experience with Microsoft Sentinel and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain More ❯
Security Engineer - SIEM, KQL- sought by investment bank based in London. *Inside IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log … rules, STIX, and YAML Participation in red/purple team exercises. 3+ years in a Security Engineer, SOC Analyst, or similar role Hands-on experience with Microsoft Sentinel and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain More ❯
contribute to key decisions. Additionally, you will provide solutions to problems for your immediate team and across multiple teams. Key Requirements: Detailed Hands On SIEM support including policy updates (KQL/Sentinel) Hands On cyber escalations from L1 support Deep dive into data analysis and tools Incident Responder during a MIM Ensuring all SOC processes and docs are current SC More ❯
City of London, London, United Kingdom Hybrid / WFH Options
Ntrinsic Consulting
contribute to key decisions. Additionally, you will provide solutions to problems for your immediate team and across multiple teams. Key Requirements: Detailed Hands On SIEM support including policy updates (KQL/Sentinel) Hands On cyber escalations from L1 support Deep dive into data analysis and tools Incident Responder during a MIM Ensuring all SOC processes and docs are current SC More ❯
Sentinel Knowledge of other security tools e.g. Qualys, Akamai, Valimail Working knowledge of cloud providers such as AWS Ability to understand and develop coding languages such as Terraform, Python & KQL (or similar) Recognised cyber security certifications or qualifications (desirable). Experience with NIST (or similar) security framework(s). What we offer: We believe that all the people who work More ❯
infrastructure (including RBAC, PIM, NSGs and identity protections). Lead security incident detection, investigation, and response activities alongside the SOC. Lead the implementation and tuning of Microsoft Sentinel: build KQL queries, implement custom rules, conduct threat hunting, workbooks, design and automate playbooks using Logic Apps. Experience collaborating with development, operations and infrastructure teams in a security context. Experience securing cloud … security, including principles such as zero trust and networksecurity tooling such as Netskope. In-depth knowledge of Microsoft Defender suite (for Endpoint, Identity, Cloud, etc.). Solid understanding of KQL, Azure RBAC, Privileged Identity Management (PIM). Specific knowledge of AWS security stack would be beneficial including GuardDuty, CloudWatch and SecurityHub Familiarity with industry frameworks: MITRE ATT&CK, NIST, CIS More ❯
Entra ID, Intune) Strong knowledge of Zero Trust principles, conditional access and data loss prevention Experience working in regulated enterprise environments Hands-on experience with Sentinel, Log Analytics and KQL is a plus Relevant certifications (SC-200, MS-500, AZ-500, etc.) highly desirable Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse More ❯
Continuously monitoring network traffic, security alerts, and system logs for signs of suspicious activity or security breaches. Requirements Proven experience with Microsoft Sentinel, Defender for Endpoint, Defender for Identity KQL experience In depth understanding of PCAP analysis using Wireshark or equivalent. Network engineering/network admin OT operations/security (optional, but a bonus) What's on Offer? Competitive salary More ❯
Milton Keynes, Buckinghamshire, United Kingdom Hybrid / WFH Options
Graphnet Health
Management o Azure SQL and MI o Functions o Networking o Data Factory o Databricks Proven experience with Azure DevOps (ADO) Solid understanding of o Terraform o HELM o KQL Advantageous: Healthcare or Government related industry experience Understanding of JIRA and Confluence Understanding or experience with TCAF Qualifications: Experience is valued over accreditation, however, as we're a Microsoft partner More ❯
investment bank based in London - Contract - Hybrid Inside IR35 - umbrella Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD … security tools Help define and measure control effectiveness Required Skills & Experience 3+ years in a Security Engineer, SOC Analyst, or similar role Hands-on experience with Microsoft Sentinel and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain More ❯
investment bank based in London - Contract - Hybrid *Inside IR35 - umbrella* Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD … security tools Help define and measure control effectiveness Required Skills & Experience 3+ years in a Security Engineer, SOC Analyst, or similar role Hands-on experience with Microsoft Sentinel and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain More ❯
About the Role: We’re a leading Managed Service Provider (MSP) delivering cutting-edge IT and security solutions to businesses worldwide. Our mission is to protect digital assets through proactive security measures, advanced threat intelligence, and world-class support. Join More ❯
by dedicated professionals. We're seeking a skilled Cyber Security Engineer to join our clients eam. The ideal candidate will have expertise in Azure Sentinel SIEM, Microsoft Defender, and KQL scripting. This role demands a proactive individual who can monitor and protect our organization's digital assets while staying updated on the latest security threats and trends. If you are … Responsibilities: Implement and manage Azure Sentinel SIEM for threat detection, incident response, and security monitoring. Configure and maintain Microsoft Defender for endpoint protection and threat detection. Develop and maintain KQL scripts for querying and analysing data within Azure Sentinel. Collaborate with cross-functional teams to identify security vulnerabilities and develop appropriate solutions. Conduct regular security assessments and penetration testing to … in Computer Science, Information Technology, or related field. Proven experience working as a Cyber Security Engineer or similar role. In-depth knowledge of Azure Sentinel SIEM, Microsoft Defender, and KQL scripting. One of the following certifications: AZ-500 (Microsoft Azure Security Technologies) or SC-200 (Microsoft Security Operations Analyst). Strong analytical and problem-solving skills. Excellent communication and interpersonal More ❯
operations, or geospatial data have played a role. Bonus Points For: Exposure to event streaming platforms (e.g. Kafka, SQS, EventHub) Familiarity with SQL/NoSQL, CosmosDB, or Kusto (KQL) Knowledge of IoT protocols (GNSS, GSM, Bluetooth, UWB) Mobile development experience (iOS/Android) Experience with real-time monitoring or geospatial applications In Technology Group Ltd is acting as an More ❯
operations, or geospatial data have played a role. Bonus Points For: Exposure to event streaming platforms (e.g. Kafka, SQS, EventHub) Familiarity with SQL/NoSQL, CosmosDB, or Kusto (KQL) Knowledge of IoT protocols (GNSS, GSM, Bluetooth, UWB) Mobile development experience (iOS/Android) Experience with real-time monitoring or geospatial applications In Technology Group Ltd is acting as an More ❯
Technical Basic scripting skills in Python and/or other languages; familiarity with Windows, OS X, Linux. Experience with Splunk, Sentinel, and knowledge of SIEM query languages (SPL, KQL). Splunk configuration, CIM mapping, and API experience. Understanding of threat intelligence, network protocols, and security tools. Certifications in Azure Security and Splunk are desirable. Non-technical Strong stakeholder engagement More ❯
Staffordshire, United Kingdom Hybrid / WFH Options
Gleeson Recruitment Group
Harden infrastructure across Microsoft 365 and Endpoint environments Collaborate with System Admins, SOC Analysts, and Network Engineers Support compliance with upcoming Cyber Essentials certification Automate tasks with scripting (PowerShell, KQL, Python a plus) Help non-technical users understand and adopt secure practices What We're Looking For 5+ years in IT Security Engineering or a related technical field Proven hands … starting mindset, someone who "gets on with it" Desirable Certifications: AZ-500, CISSP, CCSP, CISM Experience with compliance initiatives like Cyber Essentials Any coding/scripting ability (PowerShell/KQL/Python) Working Pattern Fully remote with occasional head office visits Flexible approach to working patterns in a family friendly culture Benefits Strong training and development support Friendly, collaborative IT More ❯
cyber-focused MSP or MSSP Strong hands-on capability with platforms such as Microsoft Sentinel, Defender for Endpoint, or similar Proficiency in scripting and query languages such as KQL or PowerShell Knowledge of detection logic, investigation workflows, and cloud-based infrastructure Confident communicator with strong documentation and reporting skills Apply today for more information. More ❯
Manchester, Lancashire, United Kingdom Hybrid / WFH Options
Lloyds Banking Group
Git (version control) Security & Compliance Cloud posture management (Azure Defender for Cloud, GCP SCCE) Data Loss Prevention/Data Security Posture Management (DSPM) Scripting & Automation Python (our preferred scripting language) Configuration as Code … principles API integration (e.g., Microsoft Graph API) IN ADDITION, THE BELOW WOULD BE NICE TO HAVE (DEPENDING ON THE TEAM) Lab 1: Cloud Enterprise and Computer Security Data & Analytics (KQL/SQL or BigQuery for GCP) Power Platform and PowerShell Lab 2: Security Operations SIEM management Advanced logging DLP technical policy development Ability to build and train machine learning models More ❯
