Job Summary: We are seeking a security detection and analysis specialist with experience in Microsoft Sentinel and KQL to design and implement detections that strengthen our customers’ security posture. Key Highlights: 1. Freedom to design your professional career with global support. 2. Continuous training and access to educational platforms. 3. Possibility of working remotely from another country for 45 days. Madrid Azure Sentinel Engineer (KQL Developer) (REF: 00T1W5\) Job Description Choosing Capgemini means choosing a company where you’ll have the freedom to shape your professional career as you wish, backed and inspired by a collaborative community of colleagues worldwide. Here, you can reinvent what’s possible. Join us and help the world’s leading organizations discover the value of technology and build a more sustainable and inclusive world. About the Role: We are looking for a security detection and analysis specialist with extensive experience developing, optimizing, and operating detection content on Microsoft platforms—especially using Kusto Query Language (KQL). You will be a key member of the team, collaborating closely with other security experts to design, build, and implement new detections and abuse cases that strengthen our customers’ security posture. We seek someone who enjoys teamwork, shares knowledge, supports colleagues, and contributes to collective success. Experience with CI/CD and Azure DevOps will be highly valued for its impact on operational efficiency and reliability. Role Requirements Education and Experience * University degree/HBO or equivalent experience in IT security. Essential Technical Skills * Proven mastery of Kusto Query Language (KQL). * Practical experience with Microsoft Sentinel and Microsoft Defender for Endpoint. * Ability to conduct in-depth investigations in Sentinel using KQL. * Experience in advanced threat hunting via correlation and pattern analysis in KQL. * Advanced knowledge of KQL: * Optimization techniques * Join/union strategies * Time-series analysis Tools and Platforms * Familiarity with Microsoft 365 security tools. * Knowledge of Microsoft Sentinel. * Knowledge of Azure DevOps. * Knowledge of CI/CD. * Knowledge of Microsoft Defender for Endpoint (desirable). Certifications and Additional Skills * Certifications in Microsoft technologies, especially Azure and security domains. * Experience with scripting languages: PowerShell or Python. * Ability to create parsers or scripts that normalize and enrich log data for SIEM ingestion. * Advanced English, both spoken and written. What You’ll Love About Working Here? We offer a comprehensive portfolio of Development and Work-Life Balance initiatives, including but not limited to: * Onboarding support through our Buddy Program. * 24 vacation days + 2 personal days + December 24 and 31 + option to purchase up to 7 additional vacation days per year. * Continuous training—you’ll have access to MyLearning, Capgemini University, our Digital Campuses, and Professional Communities. You’ll also gain access to platforms such as Coursera, Udemy, Pluralsight, Harvard Manager Mentor, and Education First for language learning (English, French, German, etc.), among others! * FlexAbroad: possibility of working remotely from another country for 45 days. Why Capgemini? Capgemini is a global leader in transforming and managing clients’ businesses by harnessing the full power of technology. Our purpose is to achieve an inclusive and sustainable future through technology and the energy of those who develop it. We are a responsible and diverse company, an international leader in IT and engineering services, with over 360,000 professionals across more than 50 countries. With a strong 55-year heritage and deep industry expertise, clients trust Capgemini to address their full business needs—from strategy and design to operations—powered by the fast-paced and innovative worlds of cloud, data, AI, connectivity, software, digital platforms, and engineering. In 2022, the Group reported global revenues of €22 billion. Rewrite your future. Join the team! Ref. code 427586\-es\_ES Posted on 27 Mar 2026 Experience level Experienced Professionals Contract type Permanent Location Madrid Business unit Cloud Infrastructure Services Brand Capgemini Professional communities Cybersecurity