Cyber Security Architect

Lead Cloud & Cyber Security Engineer

Permanent

Hybrid

Up to £85,000 + Bens

An exciting opportunity has arisen with our well-established, high profile client based in Central Cardiff. This key leadership and technical role is responsible for the strategic and hands‑on management of the organization's Microsoft 365 and Azure security environments
.

The successful candidate will combine deep technical expertise with leadership skills to ensure the robust protection of corporate data, systems, and identities, driving a Zero Trust security model and secure‑by‑design cloud architecture
.

• Cyber Security Leadership: Define the security strategy and roadmap, lead the cyber security function, and take charge of incident management and response to all security events and breaches. Also responsible for vendor security assessments.
• Identity & Access Management (IAM): Expertly manage Microsoft Entra (Azure AD), implementing Conditional Access and Zero Trust principles, and managing PIM/JIT access,
  MFA
  , and passwordless authentication.
• Microsoft 365 Security: Configure and monitor the entire Microsoft 365 Defender Suite
  , implement DLP/AIP
  , manage Microsoft Purview for governance and compliance, and secure SharePoint, One Drive, and Teams.
• Azure Security Engineering: Design and implement security controls including RBAC
  , Managed Identities
  , Network Security Groups,
  Azure Firewall
  , Key Vaults
  , and compliance frameworks using Azure Policy/Blueprints
  .
• Threat Detection & Incident Response: Utilize Microsoft Sentinel (SIEM) for log analysis, alert triage, and threat hunting. Coordinate incident response playbooks and be familiar with forensics and threat intelligence.
• Infrastructure & Application Security: Oversee secure configuration for Azure resources (VMs, App Services, Containers), integrate Dev Sec Ops security using tools like Defender for Dev Ops/Git Hub Advanced Security
  , and manage secure configuration via Infrastructure as Code (Bicep/Terraform) and Intune for mobile device security.
• Risk & Control Management: Maintain the cyber security risk register and associated controls, ensuring the ISMS (Information Security Management System) remains current.
• Team Management & Mentoring: Develop the security team's skills, promote a secure‑by‑design culture
  , and oversee the cyber security awareness program.

the successful candidate must possess deep, hands‑on expertise in the following Microsoft cloud security technologies:

• Microsoft Entra  (Azure AD): Architecture, governance, Conditional Access Policies, Zero Trust principles.
• Privileged Identity Management (PIM) and Just‑In‑Time (JIT) access.
• Multi‑Factor Authentication (MFA) and passwordless methods (FIDO2).
• Microsoft 365 Defender Suite: Configuration and monitoring (Endpoint, Identity, Office 365, Cloud Apps).
• Microsoft Purview: Data Loss Prevention (DLP), Information Protection (AIP), Sensitivity Labels, and Insider Risk Management.
• Microsoft Sentinel (SIEM): Log ingestion, analytics, alert triage, playbooks, and threat hunting.

• Azure Role-Based Access Control (RBAC) and Managed Identities
  .
• Azure Networking Security: NSGs, Azure Firewall, Private Endpoints.
• Secrets Management: Azure Key Vaults and Disk Encryption.
• Compliance: Azure Policy, Blueprints, and resource compliance frameworks.

• Dev Sec Ops : Integration with tools like Defender for Dev Ops/Git Hub Advanced Security.
• Infrastructure as Code: Secure configuration using Bicep, Terraform, or ARM.
• Endpoint/Mobile Security: Endpoint hardening, patch management, and Mobile Device Management (
  Intune
  ).

#LI-TM1