Enable job alerts via email!
Senior Security Engineer - SIEM, KQL
Harvey Nash Group
London
Hybrid
GBP 60,000 - 80,000
Full time
2 days ago
Be an early applicant
Job summary
A prominent recruitment agency is seeking a Security Engineer to enhance their investment bank's security operations based in London. The ideal candidate will have extensive experience with Microsoft Sentinel and KQL, focusing on SIEM management, log source integration, and threat detection. Responsibilities include developing detection rules and security monitoring. This position is inside IR35 with 3 days a week on-site work.
Qualifications
- 3+ years in Security Engineer, SOC Analyst, or similar role.
- Certifications such as AZ-500, SC-200, CompTIA Security+ are preferred.
- Hands-on experience with Microsoft Sentinel and KQL required.
Responsibilities
- Design, implement, and maintain Microsoft Sentinel workspaces.
- Develop advanced KQL queries for threat hunting.
- Monitor systems for anomalies and malicious activity.
Skills
Microsoft Sentinel
KQL
SIEM Management
Threat Detection
Scripting (PowerShell, Python)
Active Directory
Cloud platforms (Azure, AWS, GCP)
Tools
Microsoft Sentinel
EDR Tools
DLP Tools
Job description
Security Engineer - SIEM, KQL- sought by investment bank based in London.
*Inside IR35 - 3 days a week on-site**
Key Responsibilities
- SIEM Management & Optimization:
- Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks
- Develop advanced KQL queries for threat hunting and reporting
- Optimize SIEM performance, cost, and data retention policies
- Troubleshoot log ingestion and parsing issues
- Log Source Integration:
- Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)
- Manage event collection and forwarding infrastructure
- Implement data filtering and custom log parsing
- Threat Detection & Use Case Development:
- Develop and refine detection rules based on threat intelligence and attack patterns
- Continuously improve detection efficacy and reduce false positives
- Security Monitoring & Incident Response:
- Monitor systems for anomalies and malicious activity
- Contribute to threat hunting and incident response playbooks
- Provide expert guidance on securing applications and infrastructure
- Security Advisory & Innovation:
- Support PoCs for new security tools
- Help define and measure control effectiveness
- Required Skills & Experience
- Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
- Experience with SOAR playbooks, YARA rules, STIX, and YAML
- Participation in red/purple team exercises.
- 3+ years in a Security Engineer, SOC Analyst, or similar role
- Hands-on experience with Microsoft Sentinel and KQL
- Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
- Proficiency in scripting (PowerShell, Python)
- Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
- Experience with EDR, DLP, Proxy, and SEG tools
- Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
- Experience with SOAR playbooks, YARA rules, STIX, and YAML
- Participation in red/purple team exercises.
- Please apply within for further details - Alex Reeder Harvey Nash
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
Follow us
