Principal Microsoft Cloud & AI Security Architect

Description The Role

• Architect and implement next generation Microsoft cloud security across Azure and multi cloud environments.
• Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response, and continuous security posture improvement.
• Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake, and Sentinel Graph capabilities for advanced analytics, threat correlation, and automated workflows.
• Optimise and ope rationalise Defender XDR, Defender for Cloud, and Wiz to enhance cloud posture, workload protection, and risk visibility.
• Strengthen identity protection through Entra , Conditional Access, MFA, PIM/JIT, and Defender for Identity.
• Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate, and advanced SOAR workflows.
• Drive proactive threat detection, email threat defence, and automated containment using MDO and Darktrace Email.
• Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response, and governance.
• Manage, mentor and strengthen a team of Cyber Defence Security Engineers.

(You will use and lead with these skills daily)

• Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL, custom detections and threat hunting.
• Strong hands‑on experience with:
• Agentic AI for Security
• Sentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement)
• Microsoft Sentinel MCP for enriched context‑aware analytics
• Microsoft Sentinel Graph for automated incident correlation and graph-driven workflows

• Expertise designing security architectures across Azure, with additional exposure to AWS, GCP, OCI or hybrid environments.
• Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP, and multi‑cloud security controls.

• Hands‑on experience with:
  Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code
• Strong ability to ope rationalise CSPM/CWP findings into actionable remediation.

• Deep understanding of Entra , Conditional Access, MFA, Identity Protection, PIM/JIT.
• Ability to define identity strategies and detect/mitigate identity‑led attacks.

• Expertise with Microsoft Defender for Office 365, phishing protection, Safe Links/Attachments, automated email response, and Darktrace Email.

• Strong experience developing SOAR workflows and automation pipelines using:
  Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL‑based automation
• Ability to document architectures, runbooks, and processes clearly and accurately.

• Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC
  2.
• Ability to embed governance in cloud and SOC engineering processes.

• Experience guiding and developing engineering teams.
• Strong communication, stakeholder management, and ability to influence global cyber defence functions.

• Deep hands‑on expertise in Microsoft Sentinel, including architecture, SIEM/UEBA, KQL, custom detections, automation, Sentinel Data Lake, MCP, Sentinel Graph, and Agentic AI‑driven security.
• Strong experience with Wiz (Wiz Defend, Runtime Sensor, Wiz Code) and solid understanding of CSPM/CWPP for cloud posture and workload protection.
• Proven ability to integrate and automate security workflows using Sentinel Graph, Microsoft Graph Security API, Playbooks, Logic Apps, Power Automate, and KQL‑based automation.
• Advanced identity security skills across Entra , Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), Just‑in‑Time (JIT) access, and Zero Trust identity models.
• Strong background in email security, including Microsoft Defender for Office 365, Darktrace Email, anti‑phishing controls, Safe Links/Safe Attachments, phishing simulations, and email threat intelligence.
• Ability to produce clear,…