Security Engineer - SIEM, KQL

SIEM Management & Optimization:

• Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks
• Develop advanced KQL queries for threat hunting and reporting
• Optimize SIEM performance, cost, and data retention policies
• Troubleshoot log ingestion and parsing issues

Log Source Integration:

• Onboard and configure critical log sources (AD, Firewalls, Servers, cloud infrastructure)
• Manage event collection and forwarding infrastructure
• Implement data filtering and custom log parsing

Threat Detection & Use Case Development:

• Develop and refine detection rules based on threat intelligence and attack patterns
• Continuously improve detection efficacy and reduce false positives

Security Monitoring & Incident Response:

• Monitor systems for anomalies and malicious activity
• Contribute to threat hunting and incident response playbooks
• Provide expert guidance on securing applications and infrastructure

Security Advisory & Innovation:

• Support PoCs for new security tools
• Help define and measure control effectiveness

• Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
• Experience with SOAR playbooks, YARA rules, STIX, and YAML
• Participation in red/purple team exercises.

Please apply within for further details - Alex Reeder Harvey Nash

• 3+ years in a Security Engineer, SOC Analyst, or similar role
• Hands-on experience with Microsoft Sentinel and KQL
• Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
• Proficiency in Scripting (PowerShell, Python)
• Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
• Experience with EDR, DLP, Proxy, and SEG tools, * Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
• Experience with SOAR playbooks, YARA rules, STIX, and YAML
• Participation in red/purple team exercises.