ICOE Cyber Defence SME

What You'll Do

As a member of the Integrated Center of Excellence Security team, you will work on some of the most exciting, complex and leading‑edge projects. In this client‑facing role you will play an active role in transforming our clients’ Cyber Defense and Security Operations strategy, capabilities and operations through the design and implementation of predominantly Microsoft Security Copilot, Defender and Sentinel based Extended Endpoint Detection and Response (XDR) capabilities.

As an ICOE Security member you will manage your time across pre‑sales, client delivery and also contribute to offering development and thought leadership. Your work will be measured on utilization of up to 70% of your time on client opportunities, with the remaining 30% spent on asset and offering development and training.

You are a Cyber Defense SME who is interested in joining our rapidly growing security practice. To hit the ground running, your skills include:

• Proven experience of Microsoft Sentinel as the integrated security, incident and event management solution and its integration into Security Operations, including security orchestration automation and response (SOAR) capabilities via Sentinel Playbooks.
• Proven experience in the design and implementation of Microsoft Defender for Endpoint solutions to protect, detect and respond to cyber incidents on endpoints across all major operating systems.
• Proven experience protecting in the design and implementation of Microsoft 365 Defender, to protect email, instant messaging and collaboration platforms from malicious attacks such as phishing and more sophisticated attacks such as spear phishing, business email compromise and identity theft.
• Proven experience with design and implementation of Microsoft Defender for Identity for user and entity behavioral analytics and how these services can be used to identify and defend against identity compromise.
• Proven experience performing use case development and rules that can be applied to consolidate events across disparate systems and used to identify an attack chain across systems.
• Proven experience performing threat hunting across endpoints, identities, networking, cloud and collaboration platforms.
• A good understanding of threat modelling, risk and how to mitigate the risks concerning applications, both from internal and external threat actors.
• A good understanding of incident response processes and techniques for cyber recovery.
• A good understanding of security operations centers, their functions and roles.
• A good understanding of the Microsoft platforms across Windows, Microsoft 365 and Azure.
• Experienced in managed security services, incident response and security advisory.
• A good understanding of techniques and approaches used by threat actors to compromise companies.
• A good understanding of the MITRE ATT&CK framework and how it can be applied to help customers improve their cyber defense.
• With an eye to the future, you are aware of emerging technologies in the Cyber Defense space and core knowledge around Security Copilot and how AI can help Security Operations with their day‑to‑day activities.

Compensation at Avanade varies depending on a wide array of factors, including office location, role, skill set and level of experience. Avanade provides a reasonable range of compensation for roles hired as described below.

Benefits include medical, dental, vision, life, and long–term disability coverage; a 401(k) plan, bonus opportunities, paid holidays and paid time off.

We anticipate this job posting will be posted on 3/13/2026 and remain open for at least 30 days. All candidates will receive equal consideration and each application will be evaluated on merit, in compliance with all applicable laws.