Job Description
Security Engineer - SIEM, KQL- sought by investment bank based in London.
*Inside IR35 - 3 days a week on-site**Key Responsibilities
* SIEM Management & Optimization:
* Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks
* Develop advanced KQL queries for threat hunting and reporting
* Optimize SIEM performance, cost, and data retention policies
* Troubleshoot log ingestion and parsing issues
* Log Source Integration:
* Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)
* Manage event collection and forwarding infrastructure
* Implement data filtering and custom log parsing
* Threat Detection & Use Case Development:
* Develop and refine detection rules based on threat intelligence and attack patterns
* Continuously improve detection efficacy and reduce false positives
* Security Monitoring & Incident Response:
* Monitor systems for anomalies and malicious activity
* Contribute to threat hunting and incident response playbooks
* Provide expert guidance on securing applications and infrastructure
* Security Advisory & Innovation:
* Support PoCs for new security tools
* Help define and measure control effectiveness
* Required Skills & Experience
o Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
o Experience with SOAR playbooks, YARA rules, STIX, and YAML
o Participation in red/purple team exercises.
o Please apply within for further details - Alex ReederHarvey Nash
o 3+ years in a Security Engineer, SOC Analyst, or similar role
o Hands-on experience with Microsoft Sentinel and KQL
o Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
o Proficiency in scripting (PowerShell, Python)
o Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
o Experience with EDR, DLP, Proxy, and SEG tools
Desirable Qualifications
* Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
* Experience with SOAR playbooks, YARA rules, STIX, and YAML
* Participation in red/purple team exercises.
* Please apply within for further details - Alex ReederHarvey Nash
To
From
Record
Yes No
Always use these settings