The Role
• Architect and implement next generation Microsoft cloud security across Azure and multi cloud environments.
• Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response, and continuous security posture improvement.
• Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake, and Sentinel Graph capabilities for advanced analytics, threat correlation, and automated workflows.
• Optimise and operationalise Defender XDR, Defender for Cloud, and Wiz to enhance cloud posture, workload protection, and risk visibility.
• Strengthen identity protection through Entra ID, Conditional Access, MFA, PIM/JIT, and Defender for Identity.
• Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate, and advanced SOAR workflows.
• Drive proactive threat detection, email threat defence, and automated containment using MDO and Darktrace Email.
• Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response, and governance.
• Manage, mentor and strengthen a team of Cyber Defence Security Engineers.
Key Skill Areas (Skill‑Based Requirements)
1. Microsoft Sentinel & Advanced Analytics
(You will use and lead with these skills daily)
1. Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL, custom detections and threat hunting.
2. Strong hands-on experience with: Agentic AI for SecuritySentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement)Microsoft Sentinel MCP for enriched context-aware analyticsMicrosoft Sentinel Graph for automated incident correlation and graph-driven workflows
2. Cloud Security Architecture (Microsoft + Multi-Cloud)
3. Expertise designing security architectures across Azure, with additional exposure to AWS, GCP, OCI or hybrid environments.
4. Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP, and multi-cloud security controls.
3. Cloud Posture & Risk Management (Wiz)
5. Hands-on experience with: Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code
6. Strong ability to operationalise CSPM/CWP findings into actionable remediation.
4. Identity Security & Access Management
7. Deep understanding of Entra ID security, Conditional Access, MFA, Identity Protection, PIM/JIT.
8. Ability to define identity strategies and detect/mitigate identity‑led attacks.
5. Email Security & Threat Containment
9. Expertise with Microsoft Defender for Office 365, phishing protection, Safe Links/Attachments, automated email response, and Darktrace Email.
6. Security Automation & Engineering
10. Strong experience developing SOAR workflows and automation pipelines using: Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL-based automation
11. Ability to document architectures, runbooks, and processes clearly and accurately.
7. Governance, Standards & Compliance
12. Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC2.
13. Ability to embed governance in cloud and SOC engineering processes.
8. Leadership & Cross‑Functional Collaboration
14. Experience guiding and developing engineering teams.
15. Strong communication, stakeholder management, and ability to influence global cyber defence functions.