10 Kql Queries Jobs

At PwC, you will focus on designing and implementing robust, secure IT systems to support business operations. Your role will involve ensuring the smooth functioning of networks, servers, and data centres to optimize performance and minimize downtime. If you are in cloud operations, you will be responsible for managing and optimizing cloud infrastructure and services to enable seamless operations and high availability for clients. Monitoring, troubleshooting, and implementing industry-leading practices for cloud-based systems will be part of your responsibilities. In this fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience will serve as an opportunity for learning and growth. Your role will require you to take ownership and consistently deliver quality work that drives value for clients and contributes to the success of the team. As you progress within the Firm, you will have the chance to build a strong personal brand, opening doors to more opportunities. To excel in this role, you are expected to showcase certain skills, knowledge, and experiences. These include: - Applying a learning mindset and taking ownership of your own development - Appreciating diverse perspectives, needs, and feelings of others - Adopting habits to sustain high performance and develop your potential - Actively listening, asking questions to ensure understanding, and clearly expressing ideas - Seeking, reflecting, acting on, and giving feedback - Gathering information from various sources to analyze facts and discern patterns - Committing to understanding how the business works and building commercial awareness - Learning and applying professional and technical standards while upholding the Firm's code of conduct and independence requirements As an Azure Operation Analyst (Associate/Senior Associate), you will demonstrate thorough abilities and/or a proven record of success as a team leader. Your responsibilities will include: - Managing and supporting the Dev to Production cloud PaaS and platform to ensure quality, performance, and availability of hosted services - Providing guidance and support for cloud technology practitioners - Implementing and maintaining services, working on high-volume mission-critical systems - Providing on-call support for Production cloud Environments - Collaborating with customers to develop, migrate, and debug service issues - Providing updated server/process documentation and creating new documentation when necessary - Focusing on rapid identification and resolution of customer issues - Supporting cloud environment at first and second levels - Troubleshooting and resolving cloud-hosted application or system issues in collaboration with application users - Informing Technical Support Management about escalations or difficult situations - Assisting in Tier 2 and 3 triage, troubleshooting, remediation, and escalation of tickets - Training and supporting junior team members in resolving product support tickets - Identifying ways to optimize the product support function - Coordinating to establish and manage clear escalation guidelines for supported system components - Running database queries to resolve issues - Demonstrating communication skills to coordinate with developers and application team for patching windows - Managing monthly Windows or Linux environment patching **Must Have Qualifications:** - Hands-on experience with Azure Web apps, App Insights, App Service Plan, App Gateway, API Management, Azure Monitor, KQL queries, and troubleshooting skills for all Azure PaaS & IaaS Services - Strong verbal and written communication skills for effective customer communication during critical events - Proficiencies in Networking Principles, System Administration, DevOps, Configuration Management, and Continuous Integration Technologies (Chef, Puppet, Docker, Jenkins) - Understanding of the ITIL framework **Good To Have Qualifications:** - Interest in information security and willingness to learn techniques and technologies such as application security, cryptography, threat modeling, and penetration testing,

You should have 4+ years of experience and be available to join within immediate to 30 days notice. Your responsibilities will include having good hands-on experience with PingFederate & PingAccess, setting up SSO, MFA, and working with protocols like SAML, OAuth, OIDC, WS-Trust & WS-Federation. You will be involved in the installation, upgrade, migration, and lifecycle management of PingFederate & PingAccess. Additionally, you will handle certificate management, load balancers, application gateway, and PKI. Experience with Azure DevOps is required for tasks such as pipeline creation & management, AKS, Key Vault, certificate management, Git repositories, KQL queries, and Python scripting. You should also have the capability to create technical documentation for implementations using tools like Confluence, flow diagrams, and publishing API specifications by creating, modifying, and managing them.,

Job Description: As an MDR professional, you will play a key role in SIEM engineering, detection, and integration. Your responsibilities will include developing and optimizing detection rules and use cases in Azure Sentinel and Microsoft Defender for Endpoint. By analyzing security logs, you will identify threats and vulnerabilities, fine-tuning alerts for improved accuracy. Additionally, writing KQL queries to detect malicious activity across cloud and endpoint environments will be a crucial part of your role. In terms of incident investigation and response, you will provide advanced support to SOC L1/L2 teams in triaging complex security incidents. Collaboration with the IR team to contain and remediate security threats will also be a part of your responsibilities. Moreover, participating in proactive threat hunting to enhance detection capabilities will be essential to improving overall security posture. Your duties will also involve the configuration and management of Defender for Endpoint, Azure Sentinel, and related security tools to enhance threat detection. Implementing additional Azure security tools to broaden detection coverage will be part of your daily tasks. Integrating threat intelligence feeds to improve the detection of APTs and targeted attacks will be a critical aspect of your role. Staying updated on emerging threats and integrating new intelligence into detection strategies will be necessary to stay ahead of potential security risks. Collaboration with security teams to enhance detection and response processes will be a regular part of your work. Documenting and reporting on detection efforts, threat analysis, and incident response activities will be crucial for maintaining transparency and accountability. Continuous improvement will be a key focus, as you will mentor and train SOC L1/L2 analysts on advanced detection techniques and use cases for Azure Sentinel and Microsoft Defender for Endpoint. Your knowledge about security trends, attack vectors, and best practices within the SOC will be instrumental in driving continuous enhancement of security operations. If you are passionate about cybersecurity and ready to take on a challenging role in MDR, apply now to be a part of our dynamic team.,

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, we transform ideas into impact by bringing together data, science, technology and human ingenuity to deliver better outcomes for all. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client-first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning, bold ideas, courage and passion to drive life-changing impact to ZS. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you'll do: . Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging . Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities . Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time . Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities . Perform proactive threat hunting to identify and mitigate advanced threats . Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation . Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats . Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership . Continuously improve SOC processes and playbooks to streamline operations and response efforts . Mentor junior SOC analysts and provide guidance on security best practices . This role requires participation in a rotational shift . Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: . Strong analytical and problem-solving abilities . Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams . Proven ability to remain calm and efficient under a high-pressure environment . Proficient in using SIEM tools, such as Microsoft Sentinel . Experience with data migration strategies across SIEM platforms . Experience on Cloud Security Operations and Incident Response platforms such as Wiz . In-depth understanding of cyber threats, vulnerabilities, and attack vectors . Proficient in creating KQL queries and custom alerts within Microsoft Sentinel . Expertise in developing SIEM use cases and detection rules . Skilled in incident response and management procedures . Experienced in conducting deep-dive investigations and root cause analysis for incidents . Adept at collaborating with stakeholders to resolve complex cybersecurity challenges . Ability to automate routine SOC processes to enhance operational efficiency . Experienced in mentoring and guiding junior analysts in security operations . Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: . Excellent interpersonal (self-motivational, organizational, personal project management) skills . Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System . Ability to analyze cyber threats to develop actionable intelligence . Skill in using data visualization tools to convey complex security information Academic Qualifications: . Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) . 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management . Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks . Experience with SIEM migration . Expertise in incident response, threat detection, and security monitoring . Solid understanding of Windows, Linux, and cloud security concepts . Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred . Preferred Security Cloud Certifications: AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we honor the visible and invisible elements of our identities, personal experiences, and belief systems-the ones that comprise us as individuals, shape who we are, and make us unique. We believe your personal interests, identities, and desire to learn are integral to your success here. We are committed to building a team that reflects a broad variety of backgrounds, perspectives, and experiences. about our inclusion and belonging efforts and the networks ZS supports to assist our ZSers in cultivating community spaces and obtaining the resources they need to thrive. If you're eager to grow, contribute, and bring your unique self to our work, we encourage you to apply. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To complete your application: Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At:

At PwC, the infrastructure team focuses on designing and implementing robust, secure IT systems that support business operations. Your role involves enabling the smooth functioning of networks, servers, and data centers to optimize performance and minimize downtime. In the cloud operations department, you will manage and optimize cloud infrastructure and services to ensure seamless operations and high availability for clients. Your responsibilities include monitoring, troubleshooting, and implementing industry-leading practices for cloud-based systems. As a reliable and contributing member of the team, you are expected to adapt to our fast-paced environment, take ownership, and consistently deliver quality work that adds value for our clients and contributes to the team's success. You will need to demonstrate a learning mindset, take ownership of your own development, appreciate diverse perspectives, and actively listen to others. It is essential to sustain high performance habits, express ideas clearly, seek feedback, and analyze information from various sources. Understanding how the business works and upholding professional and technical standards are crucial aspects of this role. The role of Azure Operation Analyst (Associate/Senior Associate) involves managing and supporting the Dev to Production cloud PaaS and platform, ensuring the quality, performance, and availability of hosted services. You will provide guidance and support to cloud technology practitioners, work on high-volume mission-critical systems, and offer on-call support for production cloud environments. Additionally, you will collaborate closely with customers to develop, migrate, and troubleshoot services, as well as maintain updated server/process documentation. Key qualifications for this role include hands-on experience with Azure Web apps, App Insights, App Service Plan, App Gateway, API Management, Azure Monitor, KQL queries, and troubleshooting skills for all Azure PaaS & IaaS Services. Proven communication skills are crucial for driving customer communication during critical events. Proficiency in technology domains such as Networking Principles, System Administration, DevOps, Configuration Management, Continuous Integration Technologies, and understanding of the ITIL framework are essential. Interest in information security and a willingness to learn about techniques and technologies related to application security, cryptography, threat modeling, and penetration testing are considered good-to-have qualifications.,

You should have strong knowledge and expertise in MS Sentinel SIEM engineering and administrative activities. Operational profiles are not eligible for this position. Your experience in the SIEM engineering role should be more than 4 years, and you must possess problem-solving and people management skills. Your responsibilities will include building custom analytical rules, tuning them, creating automation through Azure logic apps, managing the entire product feature, and configuring end-to-end solutions. Proficiency in forming KQL queries and functions for complex detection and monitoring requirements is essential. You should have in-depth knowledge of the MITRE attack framework and be skilled in developing analytical rules and custom dashboards/workbooks across the framework. Additionally, expertise in log management, retentions, maintenance of logs, access management, and development of custom dashboards based on varied requirements is required. You must have a proven track record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, and local agents. Integrating data sources that are not supported by Sentinel tool OOB, custom parser development, and resolving technical issues in Sentinel are crucial requirements. Ability to prepare and maintain policy and procedure documentations related to SIEM technology, as well as proficiency in handling content from the content hub and log analytics workspace, are essential. Participation in customer or client reviews, global certifications regarding security controls in SIEM, and understanding compliance and regulatory requirements are desirable. Candidates who have completed Sentinel Ninja Level 400 Training and Certification will be preferred. Knowledge of Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services, and Azure Arc is beneficial. Collaboration with stakeholders to address technical issues and support complex business, security, and operational requirements is expected. Furthermore, you should be able to work with vendor technical support groups to resolve issues effectively. Hands-on experience in Microsoft Defender XDR stack will be an added advantage. About Virtusa: Virtusa values teamwork, quality of life, and professional and personal development. You will be joining a global team of 30,000 individuals who care about your growth and offer exciting projects, opportunities, and exposure to state-of-the-art technologies throughout your career with us. At Virtusa, collaboration and a team-oriented environment are highly regarded. We provide a dynamic space for great minds to nurture new ideas and strive for excellence.,

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. Our most valuable asset is our people. At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systemsthe ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Security Operations Analyst We are seeking an experienced professional to join our Pune, India office as a Senior Security Operations Analyst with a strong background in Security Information and Event Management (SIEM) platforms, specifically in Microsoft Sentinel and Wiz. The ideal candidate will be responsible for leading advanced threat detection, response, and monitoring activities. This role will be critical in enhancing our cybersecurity posture and ensuring the ZS environment remains secure against emerging threats. What you'll do: - Manage the day-to-day operations of Microsoft Sentinel, including rule creation, log ingestion, data analytics, and alert triaging - Develop and tune detection rules, use cases, and analytics within Sentinel to improve threat visibility and detection capabilities - Leverage Wiz Defend to detect and respond to runtime threats across cloud workloads and Kubernetes environments in real-time - Continuously monitor and investigate alerts generated by Wiz Defend to enhance threat detection, triage, and incident response capabilities - Perform proactive threat hunting to identify and mitigate advanced threats - Conduct in-depth incident investigations and coordinate response efforts to ensure swift remediation - Collaborate with internal stakeholders and the Threat Intelligence team to identify and mitigate potential security threats - Generate reports and dashboards to communicate SOC performance metrics and security posture to leadership - Continuously improve SOC processes and playbooks to streamline operations and response efforts - Mentor junior SOC analysts and provide guidance on security best practices - This role requires participation in a rotational shift - Flexibility and availability to respond to urgent incidents outside of assigned shifts, as needed What you'll bring: - Strong analytical and problem-solving abilities - Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams - Proven ability to remain calm and efficient under a high-pressure environment - Proficient in using SIEM tools, such as Microsoft Sentinel - Experience with data migration strategies across SIEM platforms - Experience on Cloud Security Operations and Incident Response platforms such as Wiz - In-depth understanding of cyber threats, vulnerabilities, and attack vectors - Proficient in creating KQL queries and custom alerts within Microsoft Sentinel - Expertise in developing SIEM use cases and detection rules - Skilled in incident response and management procedures - Experienced in conducting deep-dive investigations and root cause analysis for incidents - Adept at collaborating with stakeholders to resolve complex cybersecurity challenges - Ability to automate routine SOC processes to enhance operational efficiency - Experienced in mentoring and guiding junior analysts in security operations - Knowledge of major cloud platforms (AWS, Azure, GCP), including their security models, IAM roles, virtual private cloud (VPC) configurations, and cloud-native security tools Good to have skills and abilities: - Excellent interpersonal (self-motivational, organizational, personal project management) skills - Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System - Ability to analyze cyber threats to develop actionable intelligence - Skill in using data visualization tools to convey complex security information Academic Qualifications: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience) - 4+ years of experience in a Security Operations Center (SOC) environment, with a focus on SIEM management - Strong hands-on experience with Microsoft Sentinel, including data connectors, KQL queries, analytics rules, and workbooks - Experience with SIEM migration - Expertise in incident response, threat detection, and security monitoring - Solid understanding of Windows, Linux, and cloud security concepts - Relevant certifications (e.g., CompTIA Security+, Microsoft Certified: Security Operations Analyst, GCIA, GCIH, OSDA, GCFA) are preferred - Preferred Security Cloud Certifications: AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment. An online application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At: www.zs.com,

Key Responsibilities: Design, develop, and maintain interactive dashboards and reports in Power BI . Utilize Microsoft Fabric (including OneLake, Lakehouse, Dataflows Gen2, and Pipelines) to build scalable data solutions. Integrate data from multiple sources using Fabric Data Factory Pipelines , Synapse Real-Time Analytics, and Power Query. Implement and optimize data models , measures (DAX) , and ETL processes . Collaborate with data engineers, analysts, and stakeholders to understand data needs and deliver actionable insights. Ensure data governance, security, and compliance using Microsoft Purview and Fabrics built-in governance tools. Perform performance tuning, dataset optimization, and report deployment across workspaces. Document technical solutions and provide user training/support when necessary. Good to Have: Microsoft Certified: Fabric Analytics Engineer or Power BI Data Analyst Associate. Knowledge of Azure Data Services (Data Factory, Synapse, Azure SQL). Experience with Row-Level Security (RLS) and large dataset optimization in Power BI. Familiarity with GitHub or Azure DevOps for version control. Exposure to real-time streaming data and KQL queries (Kusto). Job Requirement Strong experience with Power BI, including DAX,Power Query and Fabric Proficiency in SQL and data modeling techniques. Experience with Azure services (e.g., Synapse, Data Factory). Ability to optimize Power BI reports for performance. Excellent communication and problem-solving skills.

Should have strong knowledge in MS Sentinel SIEM engineering and administrative activities. People who are in operational profiles cannot apply for this position. Should have performed SIEM engineering role more than 4+ years. Problem solving & People management skill is required. Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration. Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements. Should have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework. Should have expertise in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements. Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents. Should have expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel are must have requirements. Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required. Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents. Should have proven record of participation in customer or client reviews or global certifications regarding security controls in SIEM. Compliance and regulatory requirements understandings are good to have. Preference will be given for candidates completed Sentinel Ninja Level 400 Training and Certification. Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc. Should have ability to work with stakeholders to solve technical issues and also to support and deliver complex business, security and operational requirements. Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure. Having knowledge and hands-on experience in Microsoft Defender XDR stack will be an added advantage.

SC100: MS Cybersecurity Certified 10 yrs in Cybersecurity, 4+ Architecture Compliance - NIST,ISO 27001,RBI,GDPR Zero Trust Architecture KQL Queries Logic Apps Cloud Security Identity Governance Threat Detection SC-200/AZ-500/SC-300 TOGAF, CISSP, CISM