Head of Azure Platform Security
We have a current opportunity for a Head of Azure Platform Security on a permanent basis. The position will be based in London. For further information about this position please apply.
ETrading client operates infrastructure that is genuinely critical - trading systems processing billions in daily notional value, client-facing platforms serving institutional counterparties, and cloud environments holding sensitive market and counterparty data. This role is for a cloud security architect who has never stopped being an engineer: someone who can model a threat, design the control, write the detection rule, and deploy the fix - all in the same day. You will not write policies and hand them to other people to implement. You will build and operate our security controls directly, hands on, end to end.
Requirements
- Hands-on Azure cloud security architecture and implementation - Defender for Cloud, Policy-as-Code, RBAC, PIM, private endpoints, and secure landing zone design; AWS security experience also considered
- Network security engineering: firewall policy design and lifecycle management, micro-segmentation, NSG/UDR/NVA architecture, hub-spoke topology, and perimeter defence for hybrid environments
- WAF design, deployment, and operational tuning - Cloudflare, Azure Application Gateway, or equivalent; custom rule authoring and false-positive management at production scale
- Network flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns
- SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard
- Endpoint and desktop security: EDR deployment and tuning (Defender for Endpoint, CrowdStrike), Intune/Jamf device management, privileged access workstations, JIT/JEA models
- API and application security: threat modelling (STRIDE/PASTA), OAuth 2.0/OIDC implementation review, secrets management (Key Vault, HashiCorp Vault), and secure SDLC integration
- PKI, certificate lifecycle automation, identity federation, and SSO across hybrid cloud and on-premises environments
- Security automation and IaC: Python, PowerShell, Terraform, Bicep, or Sentinel analytics rules - you codify controls, you do not document them
- MITRE ATT&CK coverage mapping; threat hunting, adversary emulation, and proactive gap analysis against realistic TTPs
- Cloud infrastructure - Azure preferred, AWS considered; IAM, managed services, automated and auditable deployment pipelines, secrets management
Nice to Have
o Financial services, trading, or capital markets - operational security in a regulated, high-availability, zero-downtime-tolerance environment
o Zero-trust architecture: BeyondCorp, Zscaler, or equivalent; conditional access policy design and implementation
o DDoS mitigation, BGP security, and network resilience engineering for latency-sensitive financial infrastructure
o ISO 27001, SOC 2, DORA, or equivalent - hands-on implementation, not just audit participation
o Red team, adversarial simulation, or penetration testing programme design - experience on both sides of the exercise
What We're Looking For
You are a builder first and a security engineer second - meaning you solve security problems by engineering better systems, not by writing longer policies. You find the gap before an attacker does because you have thought about how you would exploit the environment yourself
To find out more about Huxley, please visit (url removed)
Huxley, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 8 Bishopsgate, London, EC2N 4BQ, United Kingdom | Partnership Number | OC(phone number removed) England and Wales