Principal Microsoft Cloud & AI Security Architect

Description
---------------

The Role

• Architect and implement next generation Microsoft cloud security across Azure and multi cloud environments.


• Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response, and continuous security posture improvement.


• Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake, and Sentinel Graph capabilities for advanced analytics, threat correlation, and automated workflows.


• Optimise and operationalise Defender XDR, Defender for Cloud, and Wiz to enhance cloud posture, workload protection, and risk visibility.


• Strengthen identity protection through Entra ID, Conditional Access, MFA, PIM/JIT, and Defender for Identity.


• Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate, and advanced SOAR workflows.


• Drive proactive threat detection, email threat defence, and automated containment using MDO and Darktrace Email.


• Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response, and governance.


• Manage, mentor and strengthen a team of Cyber Defence Security Engineers.

Key Skill Areas (Skill‑Based Requirements)

1\. Microsoft Sentinel \& Advanced Analytics

(You will use and lead with these skills daily)

• Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL, custom detections and threat hunting.


• Strong hands\-on experience with:

+ Agentic AI for Security
+ Sentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement)
+ Microsoft Sentinel MCP for enriched context\-aware analytics
+ Microsoft Sentinel Graph for automated incident correlation and graph\-driven workflows

2\. Cloud Security Architecture (Microsoft \+ Multi\-Cloud)

• Expertise designing security architectures across Azure, with additional exposure to AWS, GCP, OCI or hybrid environments.


• Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP, and multi\-cloud security controls.

3\. Cloud Posture \& Risk Management (Wiz)

• Hands\-on experience with: Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code


• Strong ability to operationalise CSPM/CWP findings into actionable remediation.

4\. Identity Security \& Access Management

• Deep understanding of Entra ID security, Conditional Access, MFA, Identity Protection, PIM/JIT.


• Ability to define identity strategies and detect/mitigate identity‑led attacks.

5\. Email Security \& Threat Containment

• Expertise with Microsoft Defender for Office 365, phishing protection, Safe Links/Attachments, automated email response, and Darktrace Email.

6\. Security Automation \& Engineering

• Strong experience developing SOAR workflows and automation pipelines using: Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL\-based automation


• Ability to document architectures, runbooks, and processes clearly and accurately.

7\. Governance, Standards \& Compliance

• Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC2\.


• Ability to embed governance in cloud and SOC engineering processes.

8\. Leadership \& Cross‑Functional Collaboration

• Experience guiding and developing engineering teams.


• Strong communication, stakeholder management, and ability to influence global cyber defence functions.

Qualifications
------------------

The Requirements

• Deep hands‑on expertise in Microsoft Sentinel, including architecture, SIEM/UEBA, KQL, custom detections, automation, Sentinel Data Lake, MCP, Sentinel Graph, and Agentic AI–driven security.


• Strong experience with Wiz (Wiz Defend, Runtime Sensor, Wiz Code) and solid understanding of CSPM/CWPP for cloud posture and workload protection.


• Proven ability to integrate and automate security workflows using Sentinel Graph, Microsoft Graph Security API, Playbooks, Logic Apps, Power Automate, and KQL‑based automation.


• Advanced identity security skills across Entra ID, Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), Just‑in‑Time (JIT) access, and Zero Trust identity models.


• Strong background in email security, including Microsoft Defender for Office 365, Darktrace Email, anti‑phishing controls, Safe Links/Safe Attachments, phishing simulations, and email threat intelligence.


• Ability to produce clear, well‑structured security architecture documentation, runbooks, and incident response procedures.

Note: Employment\-based non\-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

Company Benefits

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare: Mental health/emotional wellbeing (including Employee Assistance Program), medical (including prescription drug coverage and fertility benefits), dental, vision, Health Savings Account, Commuter Accounts, Health Care and Dependent Care Flexible Spending Accounts, company\-paid life insurance, supplemental life insurance, AD\&D, group accident, group critical illness, group legal, identity theft protection, wellbeing program, adoption assistance, surrogacy assistance, auto/home insurance, pet insurance, and other work/life resources.


• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes state/local paid leave where required), Short\-Term Disability, Long\-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (only included for Washington roles)


• Retirement Benefits: Qualified contributory pension plan (if eligible) and 401(k) plan with annual nonelective company contribution. Non\-qualified retirement plans available to senior level colleagues who satisfy the plans’ eligibility requirements.

Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles County Fair Chance Ordinance for Employers, we will consider for employment qualified applicants with arrest and conviction records.

This position will remain posted for a minimum of three business days from the date posted or until sufficient/appropriate candidate slate has been identified.

EOE, including disability/vets

This listing is from indeed. View original listing ↗