Security Engineer - SIEM, KQL
other jobs Harvey Nash
Added before 6 hours
- England,London,City of London
- Full Time, Contract
- £350 - £400 per day
Job Description:
Security Engineer - SIEM, KQL- sought by investment bank based in London. *Inside IR35 - 3 days a week on-site**
Key Responsibilities
*SIEM Management & Optimization:
*Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks
*Develop advanced KQL queries for threat hunting and reporting
*Optimize SIEM performance, cost, and data retention policies
*Troubleshoot log ingestion and parsing issues
*Log Source Integration:
*Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)
*Manage event collection and forwarding infrastructure
*Implement data filtering and custom log parsing
*Threat Detection & Use Case Development:
*Develop and refine detection rules based on threat intelligence and attack patterns
*Continuously improve detection efficacy and reduce false positives
*Security Monitoring & Incident Response:
*Monitor systems for anomalies and malicious activity
*Contribute to threat hunting and incident response playbooks
*Provide expert guidance on securing applications and infrastructure
*Security Advisory & Innovation:
*Support PoCs for new security tools
*Help define and measure control effectiveness
*Required Skills & Experience *Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
*Experience with SOAR playbooks, YARA rules, STIX, and YAML
*Participation in red/purple team exercises.
*Please apply within for further details - Alex ReederHarvey Nash
* *3+ years in a Security Engineer, SOC Analyst, or similar role
*Hands-on experience with Microsoft Sentinel and KQL
*Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
*Proficiency in scripting (PowerShell, Python)
*Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
*Experience with EDR, DLP, Proxy, and SEG tools
Desirable Qualifications
*Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
*Experience with SOAR playbooks, YARA rules, STIX, and YAML
*Participation in red/purple team exercises.
*Please apply within for further details - Alex ReederHarvey Nash
To
From
Record
Yes No
Always use these settings
Key Responsibilities
*SIEM Management & Optimization:
*Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks
*Develop advanced KQL queries for threat hunting and reporting
*Optimize SIEM performance, cost, and data retention policies
*Troubleshoot log ingestion and parsing issues
*Log Source Integration:
*Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)
*Manage event collection and forwarding infrastructure
*Implement data filtering and custom log parsing
*Threat Detection & Use Case Development:
*Develop and refine detection rules based on threat intelligence and attack patterns
*Continuously improve detection efficacy and reduce false positives
*Security Monitoring & Incident Response:
*Monitor systems for anomalies and malicious activity
*Contribute to threat hunting and incident response playbooks
*Provide expert guidance on securing applications and infrastructure
*Security Advisory & Innovation:
*Support PoCs for new security tools
*Help define and measure control effectiveness
*Required Skills & Experience *Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
*Experience with SOAR playbooks, YARA rules, STIX, and YAML
*Participation in red/purple team exercises.
*Please apply within for further details - Alex ReederHarvey Nash
* *3+ years in a Security Engineer, SOC Analyst, or similar role
*Hands-on experience with Microsoft Sentinel and KQL
*Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
*Proficiency in scripting (PowerShell, Python)
*Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
*Experience with EDR, DLP, Proxy, and SEG tools
Desirable Qualifications
*Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
*Experience with SOAR playbooks, YARA rules, STIX, and YAML
*Participation in red/purple team exercises.
*Please apply within for further details - Alex ReederHarvey Nash
To
From
Record
Yes No
Always use these settings
Job number 3469389
Increase your exposure to recruiters with ProJobs
Thousands of recruiters are looking for you in the Job Master profile database, increase your exposure 4 times with a ProJob subscription
You can cancel your subscription at any time.