Microsoft Cloud Security Architect Lead
WTW
- London, England, United Kingdom
- London, England, United Kingdom
About
This role is pivotal in designing and implementing next-generation cloud security architectures, securing WTW cloud environments, and driving automation and intelligence within Cyber Defence Security Platforms & SOC Engineering. This is a hybrid role at our London office with an in‑office requirement based on business needs.
The Role The ideal candidate will have deep expertise in Microsoft Security and Sentinel, with a strong emphasis on agentic AI for security and related Microsoft Sentinel capabilities.
Key Responsibilities
Lead the adoption and integration of agentic AI for security to enable autonomous threat detection, adaptive response, and continuous security posture improvement.
Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft Sentinel Model Context Protocol (MCP) for advanced context‑aware analytics and automation.
Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large‑scale threat detection, incident response, and threat hunting, while optimising cost and enabling AI‑driven security operations.
Integrate and automate security workflows using Microsoft Sentinel Graph for unified threat intelligence, incident correlation, and automated response.
Design and implement Microsoft Cloud Security Architectures for Azure, AWS, OCI, GCP and hybrid cloud environments.
Ensure Defender XDR and Defender for Cloud are optimised for advanced threat detection and response.
Develop enterprise‑wide security frameworks and standards to align with industry best practices (NIST, ISO 27001, CIS, GDPR, etc.).
Assess and improve cloud security postures using CSPM and CWPP tools.
Advise on identity security policies, including Azure AD Conditional Access, MFA, and Identity Protection.
Advise on implementation of Privileged Identity Management and JIT access controls.
Develop security automation workflows using Microsoft Sentinel playbooks, Logic Apps, and Power Automate.
Document security architectures, integrations, and automation processes in runbooks, SOPs, and technical guidelines.
Collaboration & continuous improvement: work closely with GSOC, Incident Response, Threat Hunting, Insider Threats, Threat Intelligence, and ICSD Change teams.
Provide training and mentorship to SOC teams on Microsoft cloud security best practices.
Manage and mentor a team of Cyber Defence Security Engineers.
Act as an escalation point for complex security issues.
Qualifications
Deep expertise in architecting, deploying, and managing Microsoft Sentinel, with focus on agentic AI, Sentinel Data Lake, MCP, and Sentinel Graph.
Strong hands‑on experience with Wiz Cloud, Wiz Defend, and cloud security posture management.
Experience integrating and automating security workflows using Microsoft Sentinel Graph and Microsoft Graph Security API.
Proficiency in Microsoft Sentinel SIEM for threat detection, incident response, and threat hunting.
Experience designing SOAR workflows for automated security response and incident triage.
Expertise in KQL queries, custom detection rules, and UEBA use cases.
Strong understanding of Entra ID Security, Conditional Access, Identity Protection, and PIM.
Hands‑on experience securing email environments using Microsoft Defender for Office 365 and Darktrace Email AI‑driven security.
Expertise in anti‑phishing, Safe Links/Safe Attachments, attacker simulation, and email threat intelligence.
Experience automating security tasks using Microsoft Sentinel playbooks, Logic Apps, Power Automate, and KQL‑based automation.
Ability to produce clear documentation for security architecture, processes, and incident response procedures.
Beneficial Skills
Excellent communication and stakeholder management skills.
Experience working with global Cyber Defence/SOC teams.
Knowledge of MITRE ATT&CK framework.
Understanding of compliance standards (ISO 27001, NIST CSF, GDPR, SOC 2).
Familiarity with third‑party integrations (Threat Intelligence Platforms, SOAR tools, Security APIs).
Certifications (Preferred)
Microsoft Certified: Cybersecurity Architect Expert (SC‑100)
Microsoft Certified: Azure Security Engineer Associate (AZ‑500)
Microsoft Certified: Security Operations Analyst Associate (SC‑200)
Microsoft Certified: Identity and Access Administrator Associate (SC‑300)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Benefits – GB Enjoy a benefits package designed to help you thrive, both professionally and personally. You’ll receive 25 days of annual leave plus an extra WTW day. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments. Secure your future with a defined contribution pension scheme, featuring matched contributions up to 10% from the company. We support your growth and balance with hybrid working options, an employee assistance programme, and a fully paid volunteer day. Additional perks include an electric‑vehicle car scheme, share scheme, cycle‑to‑work programme, dental and optical cover, critical illness protection, and more.
Equal Opportunity Employer At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.
#J-18808-Ljbffr
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.