Role: Technical Architect SC or DV Clearance Hybrid work model OUTSIDE IR35 Job Requirements Spec: - end-to-end technical leadership, architecture, and delivery oversight of Network Detection & Response (NDR) and Extended Detection & Response (XDR) solutions using Darktrace and Microsoft Defender - secure, scalable, and successful implementation of advanced detection technologies that enhance organisational threat visibility, improve incident response capability, and support a modern security operations function. - close collaboration with cybersecurity, infrastructure, networking, SOC analysts, service owners, and senior stakeholders to align technical designs with security strategy, operating models, and business needs. - definition of the target architecture for Darktrace NDR and Microsoft Defender XDR across on-premises, hybrid, and cloud environments. - creation of high-level and low-level solution designs, ensuring alignment with enterprise architecture standards, secure by design principles, and regulatory requirements. - development of data ingestion, telemetry, and integration patterns between Darktrace, Defender, SIEM/SOAR tools, and existing security stacks. - production of architecture decision records, design patterns, and technical documentation for long-term maintainability. - Leading technical delivery workstreams, providing direction and assurance across engineering teams. - Oversee deployment and configuration of Darktrace sensors, appliances, and monitoring coverage across networks, data centres, and cloud estates. - Guide onboarding, configuration, and tuning of Microsoft Defender XDR (Endpoint, Identity, Email, Cloud Apps, Server, and Threat Intelligence modules). - Ensure correct enablement of telemetry, behavioural analytics, detection logic, and baselining across both platforms. - Coordinate testing, validation, and acceptance of detection capabilities, including simulation of realistic attack techniques. - Integrate Darktrace and Defender outputs into SIEM, SOAR, and ticketing systems. - Work with SOC and automation teams to design playbooks, response workflows, and escalation paths. - Ensure centralised logging, enrichment, and context tagging of Darktrace and Defender telemetry to support investigations. - Establish architectural guardrails, configuration baselines, and security standards. - Perform technical reviews, risk assessments, and compliance checks throughout the delivery lifecycle. - Provide expert guidance on product best practice, platform limitations, and future roadmap opportunities. - Act as the primary technical authority for Darktrace and Defender XDR programmes. - Support programme planning, capacity forecasting, licensing strategy, and cost modelling. - Ensure an effective handover to operational teams, including documentation, training, dashboards, and runbooks. - Support the SOC in maturing their use of Darktrace and Defender for real-time detection, triage, and investigation. - Proven experience leading security technology projects at enterprise scale. - Strong understanding of network architecture, identity systems, cloud security, endpoint security, and behavioural analytics. - Experience with SIEM/SOAR integration, telemetry pipelines, and incident response workflows. - Ability to design and articulate secure, resilient, and operationally viable solutions.