36 Kql Jobs - Page 2

LTIMindtree Hiring for Threat Hunter/Threat Hunter Lead Notice period-immediate to 15 days. Exp-5 to 12 yrs. Location- Hyderabad if interested Share me these details along with CV-Richa.Srivastava@ltimindtree.com Total Experience- Current CTC- Expected CTC- Holding offers if any- Current Location- Preferred Location- Notice period- Skills- Date of Birth- PAN No- Passport size photo- Pan no- Availability for interview- Are you okay with Rotational shift- Job description- 6 years experience in Cyber Security. Has experience in Threat Hunting Experience in managing a team and customer business meetings effectively. Ability to handle the client team Excellent written & verbal communication skill Excellent in Reporting & presentation skills Experience on different tools and language like Excel, Splunk, KQL etc. Performing Threat Hunting activity to look for potential threat in the organization. Experience in vulnerability management team to remediate existing vulnerabilities found during Assessment or scan. Practical knowledge of common threat analysis models such as the Cyber Kill Chain, and MITRE ATT&CK. Experience on Power BI to provide interactive visualizations to create reports and dashboards is a plus. Good at Event logging Experience in Response Good Knowledge of Windows Defender Through knowledge of Event logging and detections

LTIMindtree Hiring for EDR Researcher. Notice period-immediate to 15 days. Exp-3 to 5 yrs. Location- Hyderabad, Pune Note-Willing to work in rotational shift timings. if interested Share me these details along with CV-Richa.Srivastava@ltimindtree.com Total Experience- Current CTC- Expected CTC- Holding offers if any- Current Location- Preferred Location- Notice period- Skills- Date of Birth- PAN No- Passport size photo- Pan no- Availability for interview- Are you okay with Rotational shift- Please find the Job Description for EDR : 1. -Good working knowledge of EDR solutions such as MDATP, FireEye, CrowdStrike Falcon, Carbon Black. 2. -Must be well-versed with Operating System concepts i.e. Windows/Linux/MacOS 3. -Ability to distinguish between False Positives and False Negatives detections with respect to logs available. 4. -Good Exposure to OSINT tools, sandboxing, encoding-decoding techniques for independent investigation. 5. -Must be able to Investigate and Triage EDR related alerts with an ability to share detailed investigation reports to clients within SLA. 6. -Knowledge of Cyber kill chain and MITRE ATT&CK techniques and tactics used by adversary to evade detection. 7. -Awareness of various stages of Incident Response which involves in-depth analysis and RCA submission on security incidents. 8. -Good understanding of Malware Analysis i.e. static and dynamic and its variants. 9. -Exposure to adversary simulation and red teaming tools such as Caldera, PowerShell Empire, Cactus Torch 10. -Understanding of Database language i.e. KQL is a Plus. 11. -Understanding of Network Security concepts and popular encryption standards. 12. -Excellent communication skills for cross-group and interpersonal skills with ability to articulate business need for detection improvements. 13. -Exposure to reverse engineering of malware samples is a plus. 14. -Certification in OSCP, OSCE, GREM, GCIH, GCFA will be highly preferred.

Role & responsibilities Develop and implement custom analytics rules within Microsoft Sentinel to identify security threats and anomalies. Leverage KQL and other tools to create custom detection on Microsoft Defender XDR MDE & MDCA. Create advanced detection rules based on business requirements & SOC Use Cases. Work with SIEM and SOAR solutions at scale. Collaborate with other security teams to identify and prioritize security requirements and develop effective solutions. Update the code (KQL) on analytical rule for finetuning the false positive incidents. Stay up to date with the latest security threats and trends and apply this knowledge to improve our security posture. Perform content enrichment depending on feedback received from security analysts. Have a strong understanding of Cloud Security and Networking Concepts and practices. Helps to create reports that properly present the key risk and performance indicators. Communicating & reporting concise summaries of complex scenarios & information across diverse and senior stakeholder groups. Design, maintain Content Management standard operating procedures (SOP), processes and guidelines. Report preparation for leads and management review with data from dashboards & reports. Preferred candidate profile Strong understanding of JSON, Kusto Query Language (KQL) and PowerShell languages. Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway. Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics. Knowledge of the common attack vectors on various layers. Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix. Experience with Security Operations Center, SIEM management & solutions ownership. Knowledge of various security methodologies and technical security solutions. Conduct an audit of the platform configuration to optimize it. Optimizing the way logs are processed and leveraged by SOC team members. Knowledge on schemas of Microsoft Defender XDR solutions (Microsoft Entra ID and ID protection, Microsoft Defender for Endpoint, Microsoft Defender for Cloud apps, Microsoft Purview Information Protection) and Microsoft 365. Knowledge of schemas with security events logs from Microsoft windows server. Experience of working within a regulatory/controlled environment. Understanding of Cyber Security Risk and mitigation strategies.

Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities Perform proactive threat hunting to identify and mitigate advanced threats Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership Continuously improve SOC processes and playbooks to streamline operations and response efforts Mentor junior SOC analysts and provide guidance on security best practices This role requires participation in a rotational shift Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: Strong analytical and problem-solving abilities Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams Proven ability to remain calm and efficient under a high-pressure environment Proficient in using SIEM tools, such as Microsoft Sentinel Experience with data migration strategies across SIEM platforms Experience on Cloud Security Operations and Incident Response platforms such as Wiz In-depth understanding of cyber threats, vulnerabilities, and attack vectors Proficient in creating KQL queries and custom alerts within Microsoft Sentinel Expertise in developing SIEM use cases and detection rules Skilled in incident response and management procedures Experienced in conducting deep-dive investigations and root cause analysis for incidents Adept at collaborating with stakeholders to resolve complex cybersecurity challenges Ability to automate routine SOC processes to enhance operational efficiency Experienced in mentoring and guiding junior analysts in security operations Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: Excellent interpersonal (self-motivational, organizational, personal project management) skills Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System Ability to analyze cyber threats to develop actionable intelligence Skill in using data visualization tools to convey complex security information Academic Qualifications: Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks Experience with SIEM migration Expertise in incident response, threat detection, and security monitoring Solid understanding of Windows, Linux, and cloud security concepts Relevant certifications (eg, CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred Preferred Security Cloud Certifications: AWS Security Specialty

Job Title Cybersecurity Lead Incident Management Network Security Signature Writing Job Summary The Cybersecurity Lead will manage the Incident Management Network Security Signature Writing team This role involves overseeing incident response and signature development direct stakeholder management team management and project management The ideal candidate will have a strong background in cybersecurity incident response and network security with excellent communication and leadership skills Key Responsibilities Incident Monitoring and Response Monitor security alerts and incidents respond promptly and escalate as needed Threat Analysis and Detection Investigate security incidents develop detection rules and signatures Signature Development Create signatures for vulnerabilities and perform vulnerability hunting Tool Management Deploy configure and manage NDR tools Alert Tuning and Optimization Optimize alerts to reduce false positives Reporting and Documentation Document and report on security incidents Research and Development Stay updated with cybersecurity trends and improve detection capabilities Stakeholder Management Engage with stakeholders and manage escalated issues Team Management Lead and support the team Project Management Oversee projects related to incident response and signature development Preferred Skills Experience with Microsoft Defender or similar endpoint protection solutions Strong understanding of endpoint and network security threat detection and response Proficiency with SIEM platforms and scripting languages Knowledge of network protocols firewall rules and intrusion detection prevention systems Familiarity with advanced persistent threats threat hunting and incident response frameworks Understanding of IPSIDS signatures and Rapid7 recog signatures Good to have malware and threat analysis and CVE hunting This role operates within a 24x7x365 environment requiring flexibility for shifts holidays and on call responsibilities.

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Job Summary: We are looking for a skilled Microsoft Sentinel SIEM Engineer to join our Cybersecurity Operations team. The ideal candidate will be responsible for the deployment, configuration, integration, and operational support of Microsoft Sentinel as a core SIEM platform, ensuring efficient threat detection, incident response, and security monitoring. Key Responsibilities: Design, implement, and manage Microsoft Sentinel for enterprise security monitoring. Develop and maintain analytic rules (KQL-based) and detection use cases aligned with MITRE ATT&CK. Integrate various log sources (on-prem and cloud) including Microsoft 365, Azure, AWS, endpoints, firewalls, etc. Create and manage playbooks using Azure Logic Apps for automated incident response. Monitor data connectors and ensure log ingestion health and optimization. Conduct threat hunting and deep dive analysis using Kusto Query Language (KQL). Optimize performance, cost, and retention policies in Sentinel and Log Analytics workspace. Collaborate with SOC analysts, incident responders, and threat intelligence teams. Participate in use case development, testing, and fine-tuning of alert rules to reduce false positives. Support compliance and audit requirements by producing relevant reports and documentation. Required Skills & Qualifications: 3+ years of experience working with Microsoft Sentinel SIEM. Strong hands-on experience with KQL (Kusto Query Language) . Solid understanding of log ingestion from different sources including Azure, O365, Defender, firewalls, and servers. Experience with Azure Logic Apps for playbook creation and automation. Familiarity with incident response workflows and threat detection methodologies. Knowledge of security frameworks such as MITRE ATT&CK, NIST, or ISO 27001 . Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst) or AZ-500 are preferred. Good to Have: Experience with Defender for Endpoint, Defender for Cloud, Microsoft Purview. Knowledge of other SIEM platforms (e.g., Splunk, QRadar) for hybrid environments. Scripting experience (PowerShell, Python) for automation and integration. Certifications (Preferred but not mandatory): SC-200 : Microsoft Security Operations Analyst AZ-500 : Microsoft Azure Security Technologies CEH , CompTIA Security+ , or equivalent

Job Summary We are looking for a highly skilled and self-motivated Senior Software Engineer with strong expertise in C#/.NET, Microservices architecture, and cloud platforms (Azure or AWS). The ideal candidate will also have working knowledge of Kusto Query Language (KQL) and Python. You will play a critical role in designing, developing, and deploying scalable applications and services, while also contributing to monitoring, data analytics, and automation efforts. Key Responsibilities Design, develop, test, and deploy scalable and resilient applications using C#/.NET and Microservices architecture . Work with cloud platforms ( Azure or AWS ) to build and maintain cloud-native applications. Leverage Kusto Query Language (KQL) for monitoring, telemetry, and log analytics using Azure Data Explorer or Application Insights. Use Python for scripting, automation, or building backend components where required. Implement DevOps practices and CI/CD pipelines for faster delivery and deployment. Collaborate with product managers, architects, and cross-functional teams to deliver high-quality software solutions. Participate in code reviews, troubleshooting, and performance optimization. Ensure code quality, scalability, security, and maintainability across all services. Required Skills & Qualifications 38 years of experience in software development using C#/.NET technologies. Strong experience in building and deploying Microservices-based applications . Experience working with Azure (preferred) or AWS cloud environments. Good knowledge of Kusto Query Language (KQL) for log querying and analytics. Proficiency in Python for automation, scripting, or data manipulation tasks. Hands-on experience with CI/CD pipelines , containerization (Docker), and version control (Git). Good understanding of RESTful APIs , system design, and distributed systems. Strong analytical and problem-solving skills.

Job Description We are seeking a skilled Azure Sentinel Logic App and Analytic Rules Engineer to join our cybersecurity team. The ideal candidate will be responsible for designing, implementing, and managing automated workflows using Azure Logic Apps and developing analytic rules within Azure Sentinel to enhance our security posture and incident response capabilities. Responsibilities Design and Develop Logic Apps: Create and manage Azure Logic Apps to automate responses to security incidents detected by Azure Sentinel. This includes configuring triggers, actions, and conditions based on specific security events. Implement Analytic Rules: Develop and optimize analytic rules in Azure Sentinel to detect potential threats and anomalies within the environment. This involves leveraging Kusto Query Language (KQL) to create effective queries that generate actionable alerts. Integrate Security Logs: Streamline the integration of security logs and data sources into Azure Sentinel using Logic Apps, ensuring that all relevant security data is captured and analyzed efficiently. Automate Incident Response: Build automated workflows that respond to alerts generated by Azure Sentinel, including actions such as sending notifications, creating tickets, or executing remediation scripts. Monitor and Optimize: Continuously monitor the performance of Logic Apps and analytic rules, making adjustments as necessary to improve detection rates and reduce false positives. Essential Skills Certifications in Azure, cybersecurity or related fields. Experience with additional security tools and technologies (e.g., firewalls, intrusion detection systems). This role is crucial for enhancing our security operations and ensuring a proactive approach to threat detection and response. If you are passionate about cybersecurity and have the required skills, we encourage you to apply. Proficiency in Kusto Query Language (KQL) for creating and optimizing analytic queries. Experience with Azure Logic Apps, including triggers, actions, and connectors. Familiarity with security frameworks and best practices, including incident response and threat hunting. 3+ years of experience in cybersecurity, with a focus on security operations, incident response, and SIEM platforms. 2+ years of hands-on experience with Azure Sentinel, including the development of analytic rules and Logic Apps. Additional Desired Skills Strong verbal and written English communication Strong interpersonal and presentation skills Ability to work with minimal levels of supervision Willingness to work in a job that involves 24/7 operations Education Requirements & Experience Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree Minimum of 2-6 years of experience in the IT security industry, preferably working in a SOC environment Certifications: GCIH, CCNA, CCSP, CEH

Job Summary: We are seeking a skilled and motivated Desktop Data and Automation Analyst to join our team. Reporting to the O365 Desktop Engineering Manager, you will be responsible for leveraging your expertise in KQL queries, PowerShell scripting, automation, and data analysis to drive insights and automation solutions within the desktop space. Your primary focus will be on optimizing desktop operations, enhancing security, and leveraging data-driven approaches to improve efficiency and user experience. Responsibilities: Utilize KQL queries to analyze desktop-related log data, including O365 and Intune logs, to identify patterns, trends, and anomalies, providing actionable insights for improved desktop management. Develop and maintain PowerShell scripts to automate desktop-related tasks and workflows, including provisioning, configuration, and troubleshooting, with a focus on enhancing efficiency and user productivity. Collaborate closely with the O365 Desktop Engineering Manager and cross-functional teams to identify automation opportunities and develop solutions to streamline desktop management processes. Leverage data analysis techniques to monitor and evaluate desktop performance, security compliance, and user behavior, providing recommendations for optimizations and proactive actions. Design and create reports, dashboards, and visualizations using Power BI or similar tools to effectively communicate desktop-related metrics, trends, and insights to stakeholders. Collaborate with the O365 and Intune teams to ensure desktop solutions align with overall infrastructure requirements, security standards, and compliance regulations. Stay up-to-date with industry trends, best practices, and emerging technologies in the desktop management space, identifying opportunities for improvement and innovation. Participate in desktop-related projects, providingexpertise and guidance on data analysis, automation, and optimization strategies. Work closely with desktop support teams to troubleshoot complex issues, identify root causes, and develop automated solutions to enhance the support and maintenance processes. Document processes, procedures, and best practices related to desktop data analysis and automation, ensuring knowledge transfer and efficient collaboration within the team. Qualifications: Bachelor's degree in computer science, information technology, or a related field. 8-10 years of relevant job experience Relevant certifications in data analysis, PowerShell scripting, or desktop management (such as Microsoft 365 Certified: Modern Desktop Administrator Associate) are a plus. Strong experience in utilizing KQL queries to analyze log data, particularly in the desktop management space, using tools like Azure Monitor or similar log analytics platforms. Proficiency in PowerShell scripting for desktop automation, including familiarity with Graph API and desktop management-related modules. Solid understanding of desktop management concepts and technologies, including O365, Intune, group policies, software deployment, and patch management. Experience with MDM and MAM concepts. Experience creating reports, dashboards, and visualizations using Power BI or similar business intelligence tools to effectively communicate data insights. Knowledge of desktop security principles, including compliance standards and best practices. Knowledge of Azure identity and security services Strong analytical and problem-solving skills, with the ability to analyze complex desktop-related data and derive meaningful insights. Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders. Proactive mindset with a strong sense of ownership and the ability to work independently to drive initiatives forward. Attention to detail and a commitment to delivering high-quality results within agreed timelines.

#Hiring for below position #Immediate joiner or 15 days Job Title: Senior .Net Developer Experience: 5 - 9 years Job Location: Pan India (Hybrid) Key Requirements: Proficiency in writing production code with an industry standard programming language using Agile methodologies. Proficiency practicing Infrastructure as Code and Configuration as Code techniques Proficiency managing multiple code bases in Git Proficiency creating Continuous Integration builds and deployment automation, for example CI/CD Pipelines Proficiency building Cloud Native applications in a major public cloud Proficiency implementing observability, application monitoring, and log aggregation solutions Proficiency working with cross functional teams to provide DevOps inspired solutions Delivery Insights Team Specific Skills Experience in building customer facing data insights and reporting that span across the enterprise. Proficiency with Grafana Cloud stack. Comfortable configuring various Grafana cloud components, including data sources, permissions, and expanded feature set. Proficiency with Kusto Query Language (KQL). Building and using complex queries to include various merge, join, and sort operations. Will accept equivalent SQL syntax knowledge for certain applicants. Experience in Azure Function Apps. Building, supporting, and operating a modern .net code base across the entire development life cycle. Experience in Azure SQL or Postgres database systems Experience in various components of Azure Devops Webhook configuration and creation Rest API knowledge and ability to interpret reporting needs directly to data availability Comfort with how teams use Azure DevOps to complete the SDLC process, including work item management, repositories, pipelines, and access control. If you are interested, please share your updated CV on this email ID aashifjabarulla@tsit.co.in OR kousalya.v@tsit.co.in +91 9047052352