1 to 25 of 80 Kusto Query Language Jobs in the UK excluding London

XDR to conduct in-depth incident response. - Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats. Threat Hunting & Detection Engineering - Perform proactive threat hunting using KQL within Microsoft Sentinel. - Develop and fine-tune custom analytics rules, workbooks, and hunting queries. - Apply the MITRE ATT&CK framework to build coverage and improve threat visibility. Security Engineering & Platform More ❯

work in a team. For experienced candidates: Cyber Security Degree. Proven time management and project management skills. Hands-on experience in SOC operations and advanced SIEM tools. Proficiency in KQL (Kusto Query Language) within SIEM platforms. Demonstrated ability to execute threat-hunting activities and lead incident response. Exceptional communication skills, with the ability to engage stakeholders at More ❯

Experience of working in a 24/7 rota, specifically in an established IT or Security function. Working knowledge of SIEM tools. Scripting capability, particularly using PowerShell, Bash, and KQL (Kusto Query ) for automation, scripting, and querying in Microsoft Sentinel and Defender. Experience with security and monitoring tools such as Zscaler, Microsoft Defender, Microsoft Sentinel, Splunk, Halo, AppCheck More ❯

/have: Responsible for and capable of independently creating Threat Hunt Hypotheses, running Threat Hunts at a regular cadence Responsible for and capable of translating Threat Hunt Hypotheses into KQL Queries, running those KQL queries and then independently triaging the results. Experienced with and have sufficient knowledge of attacker TTP’s Have a deep understanding of Advanced Persistent Threat groups More ❯

/have: Responsible for and capable of independently creating Threat Hunt Hypotheses, running Threat Hunts at a regular cadence Responsible for and capable of translating Threat Hunt Hypotheses into KQL Queries, running those KQL queries and then independently triaging the results. Experienced with and have sufficient knowledge of attacker TTP's Have a deep understanding of Advanced Persistent Threat groups More ❯

SIEM, EDR, firewalls, VPNs, and cloud security (AWS, Azure, GCP) in an MSP or similar environment, along with hands-on experience with Splunk/MS Sentinel/QRadar and KQL? Here at ARM we are recruiting for a full time permanent Cyber Security Engineer for a global IT services and consultancy client of ours. Our client: They're a leading More ❯

About the Role: We’re a leading Managed Service Provider (MSP) delivering cutting-edge IT and security solutions to businesses worldwide. Our mission is to protect digital assets through proactive security measures, advanced threat intelligence, and world-class support. Join More ❯

with security frameworks & standards i.e. NIST, CIS Benchmarks, NCSC guidelines, ISO 27001 and Cyber Essentials Plus (CE+) Practical experience with PowerShell, Python, and Kusto Query Language (KQL) for automation, analysis, and custom alerting Exposure to programming languages such as JavaScript, C, or .NET is a big plus! About Us... We’ve been dubbed ‘the rebels of accountancy More ❯

methodologies. Ability to work autonomously while collaborating across security, engineering, and business teams. Strong use of Splunk Programming Language. Strong scripting/query language skills (e.g., Python, KQL, SQL, PowerShell). Hands-on experience using Jupyter Notebooks for data exploration, automation, and visualization in a security context. Knowledge of cloud products and log events such as Azure, Amazon More ❯

for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell, KQL) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment. Key Skills and Experience Experience contributing to large-scale, sprint-based … Azure specifically across Sentinel Content Hub, Sentinel Analytics, Sentinel Automation, Azure Event Hub, Azure Logic Apps Azure Function Apps. Experience in Sentinel/Analytics Rules/Logic App automations KQL Demonstrated ability in cybersecurity, with at least 5 years in a technical role in security operations and/or security software development. Solid understanding of security operations, automations standard processes More ❯

for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell, KQL) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment. Key Skills and Experience Experience contributing to large-scale, sprint-based … Azure specifically across Sentinel Content Hub, Sentinel Analytics, Sentinel Automation, Azure Event Hub, Azure Logic Apps Azure Function Apps. Experience in Sentinel/Analytics Rules/Logic App automations KQL Demonstrated ability in cybersecurity, with at least 5 years in a technical role in security operations and/or security software development. Solid understanding of security operations, automations standard processes More ❯

Analysis skills to contribute to new detection techniques and research industry capabilities. Communicate with government or commercial security operations centers for root-cause analysis. Create low to medium complexity KQL analytics and hunt queries, conduct IOC and anomaly-based threat hunts. Identify and tag incorrect alert logic or high false positive detection rules for review. Transform Threat Intelligence into actionable More ❯

consideration by the Intrusion Analysis Lead for prioritisation. · Ad-hoc communications with government or commercial security operations centres as part of root-cause analysis · Creation of low-medium complexity KQL analytics and hunt queries, conducting IOC and anomaly-based threat hunts, including root cause identification of findings · Identification and tagging of incorrect alert logic/high false positive detection rules More ❯

and analysis on security events identified by Tier 1 Analysts, assessing threat severity and advising on initial response actions. Utilize SIEM solutions with Kusto Query Language (KQL) for log analysis, event correlation, and documentation of security incidents. Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence … commands, file systems, and authentication mechanisms. Experience with SIEM solutions (e.g., ArcSight, Azure Sentinel) and analysis tools such as XDR platforms. Proficient in Kusto Query Language (KQL) for log searching and filtering. Knowledge of OSINT techniques for threat identification and information gathering. Effective communication skills for internal and external stakeholders, with the ability to explain technical issues More ❯

reports on system health and reliability. Provide recommendations and solutions to ensure consistent highl level of service to customers. Develop scripts and queries (Kusto Query Language - KQL, PowerShell, Python) for log analysis. Implement automated remediation workflows where possible. Recommend improvements to architecture based on performance data. Work closely with engineering, DevOps, and customer support teams to resolve … in cloud monitoring, data analysis, or DevOps support. Strong knowledge of Microsoft Azure services (App Service, SQL Database, Blob Storage, Azure Monitor, Application Insights, Log Analytics). Proficiency in KQL (Kusto Query Language) for log analysis. Experience with automation scripting (PowerShell, Python, or Azure Functions). Familiarity with SIEM tools (Splunk, ELK, Azure Sentinel) Microsoft Certified: Azure More ❯

methodologies. Ability to work autonomously while collaborating across security, engineering, and business teams. Strong use of Splunk Programming Language. Strong scripting/query language skills (e.g., Python, KQL, SQL, PowerShell). Desirable Requirements Hands-on experience using Jupyter Notebooks for data exploration, automation, and visualization in a security context. Knowledge of cloud products and log events such as More ❯

standards Requirements Experience with complex Microsoft Sentinel deployment at SMC and enterprise levels Understanding of security telemetry across identity, endpoint, cloud, and network layers Skills in SIEM content development: KQL, analytics rules, data connectors Scripting and engineering skills: Python, PowerShell, APIs, Function Apps Background in threat detection, incident response, or DFIR (a plus) Ability to work in fast-paced, customer More ❯

Requirements Experience with complex Microsoft Sentinel deployment at SMC and enterprise levels Understanding of security telemetry across identity, endpoint, cloud, and network layers Skills in SIEM content development, including KQL, analytics rules, and data connectors Scripting and engineering skills: Python, PowerShell, APIs, Function Apps Background in cyber threat detection, incident response, or DFIR (a plus) Ability to work in fast More ❯

with building and integrating complex Microsoft Sentinel at SMC and enterprise levels Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills: Python, PowerShell, APIs, Function Apps Background in cyber threat detection, incident response, or DFIR (a plus) Ability to work in More ❯

building and integrating complex Microsoft Sentinel solutions at SMC and enterprise levels Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills: Python, PowerShell, APIs, Function Apps Background in cyber threat detection, incident response, or DFIR is a plus Ability to work More ❯

building and integrating complex Microsoft Sentinel solutions at SMC and enterprise levels Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills – Python, PowerShell, APIs, Function Apps A background in cyber threat detection, incident response, or DFIR is a plus Comfortable working More ❯

Experience building and integrating complex Microsoft Sentinel at SMC and enterprise levels Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills – Python, PowerShell, APIs, Function Apps A background in cyber threat detection, incident response, or DFIR is a plus Comfortable working More ❯

needed? Experience building and integrating complex Microsoft Sentinel at SMC and enterprise Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills – Python, PowerShell, APIs, Function Apps A background in cyber threat detection, incident response or DFIR is a real plus Comfortable More ❯

needed? Experience building and integrating complex Microsoft Sentinel at SMC and enterprise Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills – Python, PowerShell, APIs, Function Apps A background in cyber threat detection, incident response or DFIR is a real plus Comfortable More ❯

needed? Experience building and integrating complex Microsoft Sentinel at SMC and enterprise Understanding of security telemetry across identity, endpoint, cloud, and network layers Experience in SIEM content development, including KQL, analytics rules, and custom data connectors Scripting and engineering skills – Python, PowerShell, APIs, Function Apps A background in cyber threat detection, incident response or DFIR is a real plus Comfortable More ❯