scale. Key Responsibilities: Keeping a sharp eye on threats across hybrid and multi-cloud estates (Azure & GCP) Crafting and fine-tuning smart detections using KQL Leading the charge on incident response, from first alert to final report Getting stuck into threat hunting and shaping how detections are built and improved … in security monitoring, threat detection, and fast, effective incident response Hands-on with XDR tools like Defender, Carbon Black, CrowdStrike, or FireEye Confident with KQL, especially in Microsoft Sentinel Strong background in Azure security (GCP’s a bonus) Experience securing Kubernetes, Docker, and containerised workloads Familiar with MITRE ATT&CK More ❯
Nottingham, Nottinghamshire, East Midlands, United Kingdom Hybrid / WFH Options
Littlefish
Cyber Security Analyst When registering to this job board you will be redirected to the online application form. Please ensure that this is completed in full in order that your application can be reviewed. Come and join the Littlefish team More ❯
experience and knowledge of the Microsoft suite of products to automate processes and improve existing automation solutions through evolution. Demonstrate a working knowledge of KQL to query and analyse security logs and data. Apply a strong knowledge of the cyber threats, hazards, risks, controls, and mitigations to protect organisations … nature. Knowledge and experience of the following would be advantageous: The Microsoft cloud security ecosystem including Sentinel, Entra and Defender. Practical experience of using KQL in threat-hunting scenarios Documentation and reporting using various Power Platform tools (Power Bi, Powershell etc.) What we look for in our people Strong alignment More ❯
Reading, Berkshire, United Kingdom Hybrid / WFH Options
FSP Retail Team
experience and knowledge of the Microsoft suite of products to automate processes and improve existing automation solutions through evolution. Demonstrate a working knowledge of KQL to query and analyse security logs and data. Apply a strong knowledge of the cyber threats, hazards, risks, controls, and mitigations to protect organisations … nature. Knowledge and experience of the following would be advantageous: The Microsoft cloud security ecosystem including Sentinel, Entra and Defender. Practical experience of using KQL in threat-hunting scenarios Documentation and reporting using various Power Platform tools (Power Bi, Powershell etc.) What we look for in our people Strong alignment More ❯
analytics, threat intelligence, and tradecraft that benefit the Blue Team. Communicate funding and prioritization suggestions and lead implementation when needed. Develop complex, anomaly-based KQL analytics and playbooks for detection in M365, Linux, and Windows environments. Review open-source research on threats affecting cloud services and VMs, prioritizing and implementing … malware and anomaly detections. Use of statistical methods for anomaly detection. Proficiency with Microsoft Sentinel and/or XDR. Strong skills in writing complex KQL analytics/searches. Awareness of current security threats. Ability to prioritize threats effectively. Understanding factors affecting detection effectiveness. Threat hunting or SOC analyst certifications preferred. More ❯
Gloucester, England, United Kingdom Hybrid / WFH Options
BAE Systems
content autonomously. Build relationships outside the HMG community with external SOCs and cybersecurity researchers to identify beneficial analytics, tradecraft, and threat intelligence. Develop complex KQL analytics and playbooks for detection rules against M365 environments and host-based analytics for Linux and Windows VMs. Review open-source research on threats impacting … detection rules. Use of statistical methods for anomaly detection. Advanced practical experience with Microsoft Sentinel and/or Microsoft XDR. Proficiency in writing complex KQL analytics/searches. Strong awareness of the latest security threats. Ability to prioritize threats and assess detection effectiveness. Threat hunting or SOC analyst certifications are More ❯
Gloucester, England, United Kingdom Hybrid / WFH Options
BAE Systems Applied Intelligence
both communicating suggestions for funding/prioritisation to technical lead, and working as lead implementor when required. · Development of new complex and anomaly-based KQL analytics, and associated playbooks that result in creation of bespoke detection rules/analytics against M365 environments, plus host-based analytics for Linux and Windows … statistical methods to find anomalies in data · Advanced Practical use of Microsoft Sentinel and/or Microsoft XDR · Competent in writing med-highly complex KQL analytics/searches · Strong knowledge of latest threats in security · Ability to prioritise threats · Determine factors that contribute to a detection's effectiveness Threat hunting More ❯
Welwyn Garden City, England, United Kingdom Hybrid / WFH Options
Tesco UK
passion for cyber security. An analytical approach; ability in problem solving and comfortable working on production systems at scale. Query languages such as KQL or SPL. Experience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell etc.) Desirable Skills and Experience: Knowledge of cloud infrastructure, cloud security … and cloud APIs a plus. Knowledge of attacker tools and evasion techniques within offensive engineering. Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell. Experience of developing detections as code. Desirable Certifications: One or more from: CompTIA Security+, GIAC, CEH, SSCP. Where More ❯
Welwyn Garden City, England, United Kingdom Hybrid / WFH Options
Tesco Technology
passion for cyber security • An analytical approach; ability in problem solving and comfortable working on production systems at scale. • Query languages such as KQL or SPL • Experience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell etc.) Desirable Skills and Experience: • Knowledge of cloud infrastructure, cloud security … and cloud APIs a plus • Knowledge of attacker tools and evasion techniques within offensive engineering • Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell • Experience of developing detections as code Desirable Certifications • One or more from: CompTIA Security+, GIAC, CEH, SSCP. Where More ❯
operating systems Understanding of modern attacker TTPs Translate threat intelligence into actionable detection logic. Solid grasp of detection technologies Query languages such as KQL or SPL Experience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell etc.) Desirable Skills and Experience: Knowledge of cloud infrastructure, cloud security … and cloud APIs a plus Knowledge of attacker tools and evasion techniques within offensive engineering Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell Experience of developing detections as code More ❯
