Microsoft Cloud Security Architect

We are seeking an experienced Microsoft Cloud Security Architect to join WTW’s Global Information and Cyber Security Defence (ICSD) function. This role will be instrumental in designing and implementing cloud security architectures, securing WTW cloud environments, and driving automation across cyber defence operations.
The ideal candidate will have extensive expertise in Microsoft Defender XDR, Defender for Cloud, Microsoft Sentinel, Conditional Access, and Identity Protection. Additional experience with SOAR, UEBA, SIEM, Email Security, Cloud Workload Protection, CSPM is highly desirable. This role requires a strategic thinker who can integrate cloud security solutions, automate detection and response processes, and enhance Cyber Defence operations to protect enterprise environments against evolving threats. This is a hybrid role with remote working style however, the candidate is expected to be in office once in a week or as in when required basis. 

The Role:

Microsoft Cloud Security Architecture & Strategy

• Design and implement Microsoft Cloud Security Architectures for Azure, Microsoft 365, and hybrid cloud environments.
• Lead the adoption of Zero Trust security models across Identity, Devices, Networks, and Applications.
• Ensure Defender XDR and Defender for Cloud are optimised for advanced threat detection and response.
• Develop enterprise-wide security frameworks and standards to align with industry best practices (NIST, ISO 27001, CIS, GDPR, etc.).
• Assess and improve cloud security postures using tools CSPM and CWPP tools

Defender XDR & Microsoft Defender for Cloud Implementation

• Configure and manage Microsoft Defender XDR (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365) for holistic security coverage.
• Deploy and fine-tune Microsoft Defender for Cloud to detect cloud vulnerabilities, misconfigurations, and compliance risks.
• Integrate Defender solutions with Sentinel and SOAR automation to enhance SOC operations.

Microsoft Sentinel, SIEM, UEBA & SOAR

• Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration.
• Develop custom analytics rules, alerting mechanisms, and advanced KQL queries for proactive threat detection.
• Implement SOAR workflows and automated response playbooks to streamline incident response.
• Enhance User and Entity Behaviour Analytics (UEBA) in Sentinel for insider threat detection and anomaly monitoring.

Identity Security & Conditional Access

• Design and enforce Identity Security policies, including Azure AD Conditional Access, MFA, and Identity Protection.
• Implement Privileged Identity Management (PIM) and Just-in-Time (JIT) access controls to mitigate identity-based attacks.
• Monitor and respond to identity compromise threats using Microsoft Defender for Identity and Sentinel UEBA.

Email Security 

• Strengthen email security using Microsoft Defender for Office 365 (MDO) and Darktrace Email.
• Implement advanced phishing detection, threat intelligence feeds, and anomaly-based behavioural analysis for email protection.
• Automate email security response actions using SOAR and Defender for Office 365 AIR (Automated Investigation and Response).

Security Automation & Process Documentation

• Develop security automation workflows using Microsoft Sentinel playbooks, Logic Apps, and Power Automate.
• Document security architectures, integrations, and automation processes in runbooks, SOPs, and technical guidelines.
• Establish security governance frameworks to ensure compliance and risk management alignment.

Collaboration & Continuous Improvement

• Work closely with GSOC, Threat Hunting, Insider Threats, Threat Intelligence and ICS Change teams to align cloud security strategies with business needs.
• Stay up to date with emerging threats, Microsoft security innovations, and industry trends to drive continuous security enhancements.
• Provide training and mentorship to SOC teams on Microsoft cloud security best practices.

The Requirements:

Must-Have Skills:

• Deep expertise in architecting, deploying and managing Microsoft Defender XDR (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365).
• Strong hands-on experience with Microsoft Defender for Cloud for cloud security posture management (CSPM) and workload protection (CWP).
• Knowledge of WIZ Cloud, Microsoft Defender for Cloud, Azure Policy, and Security Baselines
• Proficiency in Microsoft Sentinel SIEM for threat detection, incident response, and threat hunting.
• Experience designing SOAR workflows for automated security response and incident triage.
• Expertise in KQL queries, custom detection rules, and UEBA use cases.
• Strong understanding of Entra ID Security, Conditional Access, Identity Protection, and Privileged Access Management (PIM).
• Experience with Just-in-Time (JIT) access, Zero Trust identity models, and identity compromise detection.
• Hands-on experience securing email environments using Microsoft Defender for Office 365 (MDO) and Darktrace Email AI-driven security.
• Expertise in anti-phishing, Safe Links/Safe Attachments, attack simulation, and email threat intelligence.
• Experience automating security tasks using Microsoft Sentinel playbooks, Logic Apps, Power Automate, and KQL-based automation.
• Ability to write clear and detailed documentation for security architecture, processes, and incident response procedures.

Beneficial Skills:

• Experience with working with global Cyber Defence/SOC teams 
• Knowledge of MITRE ATT&CK framework and its application in threat detection and response.
• Understanding of compliance standards (ISO 27001, NIST CSF, GDPR, SOC 2).
• Familiarity with third-party integrations (e.g., Threat Intelligence Platforms, SOAR tools, Security APIs).

Certifications (Preferred):

• Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.