At a Glance
- Tasks: Design and tune threat detections using KQL in Microsoft Sentinel.
- Company: Innovative biotech company transforming healthcare with AI and genetic data.
- Benefits: Competitive salary, hybrid/remote work, and opportunities for technical growth.
- Other info: Collaborative environment with high ownership and meaningful projects.
- Why this job: Make a real impact on security challenges in precision healthcare.
- Qualifications: Strong KQL experience and background in Threat Detection Engineering.
The predicted salary is between 60000 - 80000 £ per year.
We’re partnering with an innovative biotech company using large-scale genetic data and AI to help predict disease risk and shape the future of precision healthcare. They’re now looking for a Threat Detection Engineer with strong KQL and Microsoft Sentinel expertise to help build and evolve their threat detection capability. This is not a traditional SOC role. Instead of spending your day triaging alerts, you’ll focus on engineering high-quality detections, building scalable analytics, and improving visibility across complex cloud environments.
What you’ll be doing:
- Designing and tuning threat detections in Microsoft Sentinel using KQL
- Building analytic rules and detection logic based on threat intelligence and hunting outputs
- Improving signal quality and reducing false positives
- Developing Sentinel workbooks and reporting
- Working closely with an outsourced SOC to continuously improve detection coverage
- Expanding monitoring across cloud, SaaS, and internal platforms
What they’re looking for:
- Strong hands-on KQL (Kusto Query Language) experience
- Experience building detections in Microsoft Sentinel
- Background in Threat Detection Engineering / SIEM Engineering
- Understanding of MITRE ATT&CK and threat-led detection methodologies
- Experience working alongside SOC or MSSP environments
- Familiarity with Microsoft Defender technologies
Nice to have:
- Azure / Kubernetes logging exposure
- Detection tuning and false positive reduction experience
- Detection-as-code / CI-CD exposure
- Python, Terraform, or automation scripting knowledge
- Experience within regulated environments
Why join?
- Hybrid / remote flexibility
- High ownership and real technical impact
- Work on meaningful security challenges protecting genomic and healthcare data
- Fast-paced, collaborative engineering environment
- Opportunity to deepen expertise in KQL and Microsoft Sentinel
If you enjoy building detections from the ground up and want to work on genuinely impactful technology, I’d love to speak with you.
Threat Detection Engineer (KQL / Microsoft Sentinel) in London employer: Additional Resources Recruitment
Join an innovative biotech company that is at the forefront of precision healthcare, where you will have the opportunity to make a real impact on security challenges protecting vital genomic data. With a hybrid/remote work model, a collaborative engineering culture, and a focus on employee growth, this role offers not just competitive compensation but also the chance to deepen your expertise in KQL and Microsoft Sentinel while working alongside passionate professionals in a fast-paced environment.
Contact Details:
Additional Resources Recruitment Recruitment Team
StudySmarter Expert Advice🤫
We think this is how you could land Threat Detection Engineer (KQL / Microsoft Sentinel) in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at meetups. We can’t stress enough how important it is to make connections; you never know who might have the inside scoop on job openings.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your KQL and Microsoft Sentinel projects. We love seeing practical examples of what you can do, and it gives you an edge over other candidates.
✨Tip Number 3
Prepare for those interviews! Brush up on your knowledge of MITRE ATT&CK and threat-led detection methodologies. We recommend practising common interview questions related to threat detection engineering to boost your confidence.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we’re always on the lookout for passionate individuals ready to tackle meaningful security challenges.
We think you need these skills to ace Threat Detection Engineer (KQL / Microsoft Sentinel) in London
Some tips for your application 🫡
Show Off Your KQL Skills:Make sure to highlight your hands-on experience with KQL in your application. We want to see how you've used it to design and tune threat detections, so don’t hold back on the details!
Tailor Your Application:Take a moment to customise your CV and cover letter for this role. Mention specific projects or experiences that relate to Microsoft Sentinel and threat detection engineering. We love seeing how you connect your background to what we do!
Be Clear and Concise:When writing your application, keep it straightforward. Use clear language to describe your experience and skills. We appreciate a well-structured application that gets straight to the point!
Apply Through Our Website:Don’t forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. We can’t wait to hear from you!
How to prepare for a job interview at Additional Resources Recruitment
✨Know Your KQL Inside Out
Make sure you brush up on your Kusto Query Language skills before the interview. Be prepared to discuss specific queries you've written and how they improved threat detection. Practising real-world scenarios can help you articulate your thought process.
✨Showcase Your Microsoft Sentinel Experience
Highlight your hands-on experience with Microsoft Sentinel during the interview. Discuss any analytic rules or detection logic you've built, and be ready to explain how you’ve reduced false positives in previous roles. This will demonstrate your practical knowledge and problem-solving skills.
✨Understand Threat Detection Methodologies
Familiarise yourself with the MITRE ATT&CK framework and other threat-led detection methodologies. Be prepared to discuss how you've applied these frameworks in your work, as this shows your depth of understanding and ability to think strategically about threat detection.
✨Prepare Questions About Their Environment
Come armed with questions about their cloud environments and how they integrate various platforms. This not only shows your interest in the role but also gives you insight into their operations. It’s a great way to demonstrate your proactive approach and eagerness to contribute.
