Principal Microsoft Cloud & AI Security Architect

About The Position

Requirements

• Deep hands‑on expertise in Microsoft Sentinel, including architecture, SIEM/UEBA, KQL, custom detections, automation, Sentinel Data Lake, MCP, Sentinel Graph, and Agentic AI–driven security.
• Strong experience with Wiz (Wiz Defend, Runtime Sensor, Wiz Code) and solid understanding of CSPM/CWPP for cloud posture and workload protection.
• Proven ability to integrate and automate security workflows using Sentinel Graph, Microsoft Graph Security API, Playbooks, Logic Apps, Power Automate, and KQL‑based automation.
• Advanced identity security skills across Entra ID, Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), Just‑in‑Time (JIT) access, and Zero Trust identity models.
• Strong background in email security, including Microsoft Defender for Office 365, Darktrace Email, anti‑phishing controls, Safe Links/Safe Attachments, phishing simulations, and email threat intelligence.
• Ability to produce clear, well‑structured security architecture documentation, runbooks, and incident response procedures.

Nice To Haves

• Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL, custom detections and threat hunting.
• Strong hands-on experience with: Agentic AI for Security Sentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement) Microsoft Sentinel MCP for enriched context-aware analytics Microsoft Sentinel Graph for automated incident correlation and graph-driven workflows
• Expertise designing security architectures across Azure, with additional exposure to AWS, GCP, OCI or hybrid environments.
• Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP, and multi-cloud security controls.
• Hands-on experience with: Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code
• Strong ability to operationalise CSPM/CWP findings into actionable remediation.
• Deep understanding of Entra ID security, Conditional Access, MFA, Identity Protection, PIM/JIT.
• Ability to define identity strategies and detect/mitigate identity‑led attacks.
• Expertise with Microsoft Defender for Office 365, phishing protection, Safe Links/Attachments, automated email response, and Darktrace Email.
• Strong experience developing SOAR workflows and automation pipelines using: Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL-based automation
• Ability to document architectures, runbooks, and processes clearly and accurately.
• Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC2.
• Ability to embed governance in cloud and SOC engineering processes.
• Experience guiding and developing engineering teams.
• Strong communication, stakeholder management, and ability to influence global cyber defence functions.

Responsibilities

• Architect and implement next generation Microsoft cloud security across Azure and multi cloud environments.
• Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response, and continuous security posture improvement.
• Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake, and Sentinel Graph capabilities for advanced analytics, threat correlation, and automated workflows.
• Optimise and operationalise Defender XDR, Defender for Cloud, and Wiz to enhance cloud posture, workload protection, and risk visibility.
• Strengthen identity protection through Entra ID, Conditional Access, MFA, PIM/JIT, and Defender for Identity.
• Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate, and advanced SOAR workflows.
• Drive proactive threat detection, email threat defence, and automated containment using MDO and Darktrace Email.
• Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response, and governance.
• Manage, mentor and strengthen a team of Cyber Defence Security Engineers.

Benefits

• Mental health/emotional wellbeing (including Employee Assistance Program)
• medical (including prescription drug coverage and fertility benefits)
• dental
• vision
• Health Savings Account
• Commuter Accounts
• Health Care and Dependent Care Flexible Spending Accounts
• company-paid life insurance
• supplemental life insurance
• AD&D
• group accident
• group critical illness
• group legal
• identity theft protection
• wellbeing program
• adoption assistance
• surrogacy assistance
• auto/home insurance
• pet insurance
• other work/life resources
• Paid Holidays
• Annual Paid Time Off (includes state/local paid leave where required)
• Short-Term Disability
• Long-Term Disability
• Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave)
• Paid Time Off (only included for Washington roles)
• Qualified contributory pension plan (if eligible)
• 401(k) plan with annual nonelective company contribution.
• Non-qualified retirement plans available to senior level colleagues who satisfy the plans’ eligibility requirements.