5 Kql Queries Jobs

You should have strong knowledge and expertise in MS Sentinel SIEM engineering and administrative activities. Operational profiles are not eligible for this position. Your experience in the SIEM engineering role should be more than 4 years, and you must possess problem-solving and people management skills. Your responsibilities will include building custom analytical rules, tuning them, creating automation through Azure logic apps, managing the entire product feature, and configuring end-to-end solutions. Proficiency in forming KQL queries and functions for complex detection and monitoring requirements is essential. You should have in-depth knowledge of the MITRE attack framework and be skilled in developing analytical rules and custom dashboards/workbooks across the framework. Additionally, expertise in log management, retentions, maintenance of logs, access management, and development of custom dashboards based on varied requirements is required. You must have a proven track record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, and local agents. Integrating data sources that are not supported by Sentinel tool OOB, custom parser development, and resolving technical issues in Sentinel are crucial requirements. Ability to prepare and maintain policy and procedure documentations related to SIEM technology, as well as proficiency in handling content from the content hub and log analytics workspace, are essential. Participation in customer or client reviews, global certifications regarding security controls in SIEM, and understanding compliance and regulatory requirements are desirable. Candidates who have completed Sentinel Ninja Level 400 Training and Certification will be preferred. Knowledge of Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services, and Azure Arc is beneficial. Collaboration with stakeholders to address technical issues and support complex business, security, and operational requirements is expected. Furthermore, you should be able to work with vendor technical support groups to resolve issues effectively. Hands-on experience in Microsoft Defender XDR stack will be an added advantage. About Virtusa: Virtusa values teamwork, quality of life, and professional and personal development. You will be joining a global team of 30,000 individuals who care about your growth and offer exciting projects, opportunities, and exposure to state-of-the-art technologies throughout your career with us. At Virtusa, collaboration and a team-oriented environment are highly regarded. We provide a dynamic space for great minds to nurture new ideas and strive for excellence.,

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. Our most valuable asset is our people. At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systemsthe ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you'll do: - Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging - Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities - Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time - Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities - Perform proactive threat hunting to identify and mitigate advanced threats - Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation - Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats - Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership - Continuously improve SOC processes and playbooks to streamline operations and response efforts - Mentor junior SOC analysts and provide guidance on security best practices - This role requires participation in a rotational shift - Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: - Strong analytical and problem-solving abilities - Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams - Proven ability to remain calm and efficient under a high-pressure environment - Proficient in using SIEM tools, such as Microsoft Sentinel - Experience with data migration strategies across SIEM platforms - Experience on Cloud Security Operations and Incident Response platforms such as Wiz - In-depth understanding of cyber threats, vulnerabilities, and attack vectors - Proficient in creating KQL queries and custom alerts within Microsoft Sentinel - Expertise in developing SIEM use cases and detection rules - Skilled in incident response and management procedures - Experienced in conducting deep-dive investigations and root cause analysis for incidents - Adept at collaborating with stakeholders to resolve complex cybersecurity challenges - Ability to automate routine SOC processes to enhance operational efficiency - Experienced in mentoring and guiding junior analysts in security operations - Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: - Excellent interpersonal (self-motivational, organizational, personal project management) skills - Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System - Ability to analyze cyber threats to develop actionable intelligence - Skill in using data visualization tools to convey complex security information Academic Qualifications: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) - 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management - Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks - Experience with SIEM migration - Expertise in incident response, threat detection, and security monitoring - Solid understanding of Windows, Linux, and cloud security concepts - Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred - Preferred Security Cloud Certifications: AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment. An online application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At: www.zs.com,

Key Responsibilities: Design, develop, and maintain interactive dashboards and reports in Power BI . Utilize Microsoft Fabric (including OneLake, Lakehouse, Dataflows Gen2, and Pipelines) to build scalable data solutions. Integrate data from multiple sources using Fabric Data Factory Pipelines , Synapse Real-Time Analytics, and Power Query. Implement and optimize data models , measures (DAX) , and ETL processes . Collaborate with data engineers, analysts, and stakeholders to understand data needs and deliver actionable insights. Ensure data governance, security, and compliance using Microsoft Purview and Fabrics built-in governance tools. Perform performance tuning, dataset optimization, and report deployment across workspaces. Document technical solutions and provide user training/support when necessary. Good to Have: Microsoft Certified: Fabric Analytics Engineer or Power BI Data Analyst Associate. Knowledge of Azure Data Services (Data Factory, Synapse, Azure SQL). Experience with Row-Level Security (RLS) and large dataset optimization in Power BI. Familiarity with GitHub or Azure DevOps for version control. Exposure to real-time streaming data and KQL queries (Kusto). Job Requirement Strong experience with Power BI, including DAX,Power Query and Fabric Proficiency in SQL and data modeling techniques. Experience with Azure services (e.g., Synapse, Data Factory). Ability to optimize Power BI reports for performance. Excellent communication and problem-solving skills.

Should have strong knowledge in MS Sentinel SIEM engineering and administrative activities. People who are in operational profiles cannot apply for this position. Should have performed SIEM engineering role more than 4+ years. Problem solving & People management skill is required. Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration. Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements. Should have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework. Should have expertise in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements. Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents. Should have expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel are must have requirements. Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required. Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents. Should have proven record of participation in customer or client reviews or global certifications regarding security controls in SIEM. Compliance and regulatory requirements understandings are good to have. Preference will be given for candidates completed Sentinel Ninja Level 400 Training and Certification. Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc. Should have ability to work with stakeholders to solve technical issues and also to support and deliver complex business, security and operational requirements. Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure. Having knowledge and hands-on experience in Microsoft Defender XDR stack will be an added advantage.

SC100: MS Cybersecurity Certified 10 yrs in Cybersecurity, 4+ Architecture Compliance - NIST,ISO 27001,RBI,GDPR Zero Trust Architecture KQL Queries Logic Apps Cloud Security Identity Governance Threat Detection SC-200/AZ-500/SC-300 TOGAF, CISSP, CISM