Overview
We are seeking a visionary Principal Microsoft Cloud & AI Security Architect to join WTWs Global Information and Cyber Security Defence (ICSD) function. This role is pivotal in designing and implementing next-generation cloud security architectures securing WTW cloud environments and driving automation and innovation with WTWs ICS Function. The candidate will work closely with the CISO, other ICS leads, as well as Cyber Defence to ensure a holistic architectural approach to WTWs technology estate. The ideal candidate will have deep expertise in Microsoft Azure, Palo Alto, AWS and Oracle technology with detailed knowledge of Microsoft security tools and the Software Development Life Cycle.
The Role
* Architect and implement next-generation Microsoft cloud security across Azure and multi-cloud environments.
* Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response and continuous security posture improvement.
* Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake and Sentinel Graph capabilities for advanced analytics, threat correlation and automated workflows.
* Optimise and operationalise Defender XDR, Defender for Cloud, Wiz to enhance cloud posture, workload protection and risk visibility.
* Strengthen identity protection through Entra ID, Conditional Access, MFA, PIM/JIT and Defender for Identity.
* Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate and advanced SOAR workflows.
* Drive proactive threat detection, email threat defence and automated containment using MDO and Darktrace Email.
* Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response and governance.
* Manage, mentor and strengthen a team of Cyber Defence Security Engineers.
Key Skill Areas
1. Microsoft Sentinel & Advanced Analytics
o Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL custom detections and threat hunting.
o Strong hands-on experience with:
+ Agentic AI for Security
+ Sentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement)
+ Microsoft Sentinel MCP for enriched, context-aware analytics
+ Microsoft Sentinel Graph for automated incident correlation and graph-driven workflows
2. Cloud Security Architecture (Microsoft Multi-Cloud)
o Expertise designing security architectures across Azure with exposure to AWS, GCP, OCI or hybrid environments.
o Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP and multi-cloud security controls.
3. Cloud Posture & Risk Management (Wiz)
o Hands-on experience with Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code.
o Strong ability to operationalise CSPM/CWP findings into actionable remediation.
4. Identity Security & Access Management
o Deep understanding of Entra ID security, Conditional Access, MFA, Identity Protection, PIM/JIT.
o Ability to define identity strategies and detect/mitigate identity-led attacks.
5. Email Security & Threat Containment
o Expertise with Microsoft Defender for Office 365 phishing protection, Safe Links/Attachments, automated email response and Darktrace Email.
6. Security Automation & Engineering
o Strong experience developing SOAR workflows and automation pipelines using: Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL-based automation.
o Ability to document architectures, runbooks and processes clearly and accurately.
7. Governance Standards & Compliance
o Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC2.
o Ability to embed governance in cloud and SOC engineering processes.
8. Leadership & Cross-Functional Collaboration
o Experience guiding and developing engineering teams.
Qualifications
What you’ll bring
Must Have Skills:
* Deep hands-on expertise in Microsoft Sentinel, including architecture, SIEM/UEBA, KQL, custom detections, automation, Sentinel Data Lake, MCP, Sentinel Graph and Agentic AI-driven security.
* Strong experience with Wiz (Wiz Defend Runtime Sensor, Wiz Code) and solid understanding of CSPM/CWPP for cloud posture and workload protection.
* Proven ability to integrate and automate security workflows using Sentinel Graph, Microsoft Graph Security API, Playbooks, Logic Apps, Power Automate and KQL-based automation.
* Advanced identity security skills across Entra ID, Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), Just-In-Time (JIT) access and Zero Trust identity models.
* Strong background in email security including Microsoft Defender for Office 365, Darktrace Email, antiphishing controls, Safe Links/Attachments, phishing simulations and email threat intelligence.
* Ability to produce clear, well-structured security architecture documentation, runbooks and incident response procedures.
* Nice-to-Have Skills:
* Experience working in global SOC/Cyber Defence teams.
* Familiarity with Threat Intelligence Platforms, SOAR tool integrations or additional security APIs.
* Understanding of MITRE ATT&CK mapping for detection engineering.
* Preferred Certifications:
* Microsoft Certified: Cybersecurity Architect Expert (SC100)
* Azure Security Engineer Associate (AZ500)
* Security Operations Analyst Associate (SC200)
* Identity and Access Administrator Associate (SC300)
* CISSP or CCSP
What we offer
Enjoy a benefits package designed to help you thrive both professionally and personally. Youll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme featuring matched contributions up to 10% from the company.
We support your growth and balance with hybrid working options, access to an employee assistance programme and a fully paid volunteer day to make a difference in your community. On top of these you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you.
Equal Opportunity Employer
We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers from the application process through to joining WTW please let us know.
Required Experience
Staff IC
Key Skills
Kubernetes, S3, Google Cloud Platform, Cassandra, System Architecture, Redshift, AWS, Cloud Architecture, NoSQL, UML, Kafka, Distributed Systems
Employment Type : Full-Time
Experience: years
Vacancy: 1
#J-18808-Ljbffr