Client Security Architect

Client Security Architect (Microsoft Defender & Sentinel)

Location:

United Kingdom (Remote)

We are looking for a delivery-focused, client-facing Security Architect with expert-level knowledge of Microsoft Defender and Microsoft Sentinel.

Reporting to the Senior Manager of Architecture, you will lead technical design and implementation, develop advanced detections and use cases, and provide ongoing architecture guidance for enterprise clients across the UK and EMEA.

This role ensures secure configuration, governance, and effective adoption of Microsoft security technologies. It is primarily delivery-focused, with occasional pre-sales support.

• Act as technical lead architect for assigned clients, owning design, deployment, feature enhancements, and overall technical direction.
• Perform hands‑on deployment, configuration, administration, and management of Microsoft Sentinel and the Microsoft Defender suite.
• Develop SOC/XDR use cases, detections, playbooks, and dashboards (operational and executive).
• Conduct advanced event analysis leveraging SIEM/XDR; provide tuning recommendations and best practices to internal teams and clients.
• Maintain and troubleshoot solutions across complex on‑premises and cloud environments; assist customers in improving security posture.
• Collaborate with Customer Success Managers, Deployment Engineering, and Architecture teams for seamless service delivery.
• Provide occasional support for demos, RFP responses, and proof‑of‑concept evaluations.
• Work effectively across UK and EMEA time zones; maintain deep technical expertise through continuous learning.

• Defender for Endpoint: onboarding at scale, ASR rules, EDR configurations, TVM, device control, web filtering, Live Response, advanced hunting.
• Defender for Office 365: anti‑phishing, Safe Links/Safe Attachments, mailbox intelligence, attack simulation, reporting/tuning.
• Defender for Identity: sensor deployment, detections, SIEM/XDR integration, identity threat investigations.
• Defender for Cloud Apps: policy design (session controls, app governance, OAuth risk), data protection, cloud discovery.
• Defender for Cloud: CSPM/CWPP for Azure and hybrid workloads;
  Azure Security Benchmark alignment.
• Integrate Defender signals with Sentinel (data connectors, analytics rules, incidents, playbooks); drive end‑to‑end incident response workflows.
• Advise on Microsoft security licensing, feature enablement (E5/Defender plan mappings), and cost optimization.

• 7+ years technical experience in cybersecurity.
• Extensive hands‑on experience deploying and operating Microsoft Sentinel and the Microsoft Defender suite (Endpoint, Identity, Office 365, Cloud Apps, Defender for Cloud).
• Practical experience with Microsoft Entra  (Azure AD), Microsoft 365, Azure Log Analytics, Logic Apps, and related services.
• Familiarity with broader security technologies: EDR (Crowd Strike, Carbon Black), SOAR, Splunk, NGAV, firewalls.
• Strong knowledge of Windows/macOS, virtualization, networking protocols, certificates, SQL Server, and hybrid environments.
• Experience in complex IT environments (on‑premises and cloud).
• Excellent customer‑facing skills; strong written and verbal communication.
• Ability to provide tuning recommendations and handle high‑pressure situations professionally.
• Ability to work independently and collaboratively across diverse teams.

• Advanced event analysis with SIEM/XDR.
• Advanced experience with Microsoft Defender tools.
• Advanced scripting: KQL for Sentinel/Defender hunting;
  Power Shell or Python a plus.
• Understanding of Microsoft security licensing and cost optimization.
• Knowledge of Microsoft Copilot for Security and integration with Sentinel/Defender workflows is a plus.

• Microsoft: AZ-500, SC-200, SC-300, MS-500.
• Industry: CISSP, CISM, CEH, or SANS.

At Blue Voyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, work as a force multiplier to secure your full…