Security Engineer - SIEM, KQL- sought by investment bank based in London. Inside IR35 - 3 days a week on-site Key Responsibilities SIEM Management and Optimization:Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooksDevelop advanced KQL queries for threat hunting and reportingOptimize SIEM performance, cost, and data retention policiesTroubleshoot log ingestion and parsing issues Log Source Integration:Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)Manage event collection and forwarding infrastructureImplement data filtering and custom log parsingThreat Detection and Use Case Development:Develop and refine detection rules based on threat intelligence and attack patternsContinuously improve detection efficacy and reduce false positivesSecurity Monitoring and Incident Response:Monitor systems for anomalies and malicious activityContribute to threat hunting and incident response playbooksProvide expert guidance on securing applications and infrastructureSecurity Advisory and Innovation:Support PoCs for new security toolsHelp define and measure control effectiveness Required Skills and Experience Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSPExperience with SOAR playbooks, YARA rules, STIX, and YAMLParticipation in red/purple team exercises.Please apply within for further details - Alex ReederHarvey Nash 3+ years in a Security Engineer, SO