16 of 16 Remote/Hybrid Kusto Query Language Jobs

Microsoft Sentinel Engineer, you will design, implement, and optimise Sentinel solutions across enterprise environments. You will connect multiple data sources, write complex KQL queries, build automation playbooks, and work closely with clients to strengthen their security operations and response capabilities. This is a technically advanced role that combines engineering depth … Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and visualise raw security data. Integrate third-party tools (firewalls, IAM, telemetry) into Sentinel. Use MITRE ATT&CK to anticipate and counter ...

Assist with monthly SOC reporting and contribute insights into customer security posture Support client service reviews and communicate cyber risks in clear, business-friendly language Conduct security assessments, including vulnerability testing and risk analysis Ensure timely, high-quality incident resolution in line with SOC standards and SLAs … responding to cyber security incidents Hands-on experience with SIEM, EDR, and email security tooling Experience working in a Microsoft XDR SOC Strong KQL (Kusto Query Language) skills Experience mentoring and supporting analysts at different levels Excellent written and verbal communication skills Strong analytical thinking, judgement ...

threat categories. Analyze logs generated by applications using Azure Log Analytics and Azure Sentinel to identify anomalies and potential threats. Design, build, and maintain KQL queries to extract and correlate security-relevant data from logs. Implement automated alerting and reporting workflows through Azure Logic Apps integrated with Azure Sentinel. Collaborate … configuration, customization, and automation. In-depth knowledge of Azure Log Analytics , log ingestion, and data analysis. Proficiency in Kusto Query Language (KQL) for creating efficient, scalable queries. Experience with Azure Logic Apps to orchestrate automated response and reporting workflows. Solid understanding of application security principles, common threat ...

Required Technical Skills Experience with the DoD customers, ideally supporting US Cyber Command, USMC, DISA or DCDC Proficient in various query languages (SQL, KQL (Kusto)) Proficient in Python and bonus for strong experience using Jupyter notebooks Experience with dashboarding/visualizations (Power-BI, Superset) Familiarity with cloud providers ...

cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as a Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. ...

cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as a Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. ...

technologies such as Defender or Azure security tools Strong analytical thinking and willingness to learn Nice to Have Experience writing queries for investigations (e.g. KQL) Microsoft security certifications (SC-200, SC-900, AZ-500) Exposure to incident response or threat detection activities Location This role requires 2 days per week ...

experience in a live SaaS/software environment Strong troubleshooting and root cause analysis skills Experience with Application Insights, Azure Monitor, Log Analytics and KQL SQL skills for investigation and remediation PowerShell and/or C# scripting Experience supporting .NET/C# applications is highly beneficial Strong communication skills ...

deploy Microsoft Purview (DLP, classification, compliance) Implement the Defender suite (Endpoint, Identity, Cloud Apps, Office 365) Build and tune Sentinel SIEM: analytics rules, playbooks, KQL, automation Design Zero Trust controls via Entra ID: Conditional Access, PIM, RBAC Lead client-facing workshops and contribute to presales and security strategy Create LLDs ...

engineering role Strong familiarity with security monitoring platforms such as SIEM, SOAR, and threat intelligence tooling Experience writing or tuning detection logic, ideally using KQL or similar query languages Practical exposure to threat hunting and analysing security alerts or incidents Experience building integrations or automation across security tooling Experience ...

OpenAI API, AI-based testing). · Solid knowledge of software delivery metrics (DORA, SPACE) and improvement methods. · Advanced proficiency in at least one programming language (Java, Go, Python, etc.) and modern IaC tools (Terraform). · Experience building/operating new platform/DX functions and influencing technical direction. · Exceptional … cloud-based monitoring/logging. · Scripting/automation skills (PowerShell, Python, YAML). · Experience configuring cloud monitoring (Azure Application Insights, Log Analytics/KQL). · AWS experience (EC2, S3, EMR) and cloud data migration. Preferred Qualifications: · Experience in multi-team engineering environments with a core focus on developer enablement. · Familiarity ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role. Responsibilities: Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL) Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management Map detections to MITRE ATT&CK and track coverage gaps … perform SOC triage Treat detections as a product, not one-off alerts Skills: Hands-on experience authoring detections, not just using SIEMs Strong KQL experience writing Sentinel analytics rules Strong SPL experience writing Splunk correlation searches Experience maintaining detections in production environments Clear examples of reducing false positives through logic ...

Technical Architect - Microsoft Fabric Chester - Hybrid working 2 x per week Salary: Up to £90,000 per annum A leading client in Chester seeks a Technical Architect to design and deliver data and AI solutions ...