Security Engineer - SIEM, KQL

Security Engineer - SIEM, KQL- sought by investment bank based in London

Inside IR35 - 3 days a week on-site

• SIEM Management & Optimization:
  • Design, implement, and maintain Microsoft Sentinel work spaces, connectors, analytics rules, and playbooks
  • Develop advanced KQL queries for threat hunting and reporting
  • Optimize SIEM performance, cost, and data retention policies
  • Troubleshoot log ingestion and parsing issues
• Log Source Integration:
  • Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)
  • Manage event collection and forwarding infrastructure
  • Implement data filtering and custom log parsing
• Threat Detection & Use Case Development:
  • Develop and refine detection rules based on threat intelligence and attack patterns
  • Continuously improve detection efficacy and reduce false positives
• Security Monitoring & Incident Response:
  • Monitor systems for anomalies and malicious activity
  • Contribute to threat hunting and incident response playbooks
  • Provide expert guidance on securing applications and infrastructure
• Security Advisory & Innovation:
  • Support PoCs for new security tools
  • Help define and measure control effectiveness

• 3+ years in a Security Engineer, SOC Analyst, or similar role
• Hands‑on experience with Microsoft Sentinel and KQL
• Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
• Proficiency in scripting (Power Shell, Python)
• Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
• Experience with EDR, DLP, Proxy, and SEG tools
• Certifications:
  
  AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
• Experience with SOAR playbooks, YARA rules, STIX, and YAML
• Participation in red/purple team exercises

• Additional relevant certifications or exposure to emerging security technologies

For further details, please apply within. Alex Reeder – Harvey Nash