Microsoft Cloud Security Architect Lead

We are seeking a visionary Lead Microsoft Cloud Security Architect to join WTW’s Global Information and Cyber Security Defence (ICSD) function. This role is pivotal in designing and implementing next-generation cloud security architectures, securing WTW cloud environments, and driving automation and intelligence within Cybe r Defence Security Platforms & SOC Engineering. This is a hybrid role at London office with a requirement to be in the office based on the business need.

The Role:

Agentic AI for Security & Sentinel Advanced Capabilities

• Lead the adoption and integration of Agentic AI for Security to enable autonomous threat detection, adaptive response, and continuous security posture improvement.
• Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft Sentinel Model Context Protocol (MCP) for advanced context-aware analytics and automation.
• Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large-scale threat detection, incident response, and threat hunting, while optimizing cost and enabling Agentic AI-driven security operations.
• Integrate and automate security workflows using Microsoft Sentinel Graph for unified threat intelligence, incident correlation, and automated response.

Microsoft Cloud Security Architecture & Strategy

• Design and implement Microsoft Cloud Security Architectures for Azure, AWS, OCI, GCP and hybrid cloud environments.
• Ensure Defender XDR and Defender for Cloud are optimised for advanced threat detection and response.
• Develop enterprise-wide security frameworks and standards to align with industry best practices (NIST, ISO 27001, CIS, GDPR, etc.).
• Assess and improve cloud security postures using CSPM and CWPP tools.

Defender XDR & Wiz Cloud

• Design and help optimise Microsoft Defender XDR (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365) for holistic security coverage.
• Advise on the design and rollout of Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code to enhance threat detection and response.

Identity Security & Conditional Access

• Advise on Identity Security policies, including Azure AD Conditional Access, MFA, and Identity Protection.
• Advise on Implementation of Privileged Identity Management (PIM) and Just-in-Time (JIT) access controls to mitigate identity-based attacks.
• Advise on Microsoft Defender for Identity and Sentinel UEBA.

Collaboration & Continuous Improvement

• Work closely with GSOC, Incident Response, Threat Hunting, Insider Threats, Threat Intelligence and ICS Change teams to align cloud security strategies with business needs.
• Stay up to date with emerging threats, Microsoft security innovations, and industry trends to drive continuous security enhancements.
• Provide training and mentorship to SOC teams on Microsoft cloud security best practices.

Team Management

• Manage and mentor a team of Cyber Defence Security Engineers.

The Requirements:

Must-Have Skills:

• Microsoft Sentinel Expertise: Architecture, deployment, management, including AI for Security, Data Lake optimization, MCP, and Sentinel Graph.
• Cloud Security Tools: Hands-on with Wiz Cloud (Defend, Runtime Sensor, Code), CSPM, and CWP.
• Automation & Integration: Using Sentinel Graph, Microsoft Graph Security API, playbooks, Logic Apps, Power Automate.
• Threat Management: SIEM for detection, response, hunting; SOAR workflow design; KQL queries, custom rules, UEBA.
• Identity & Access Security: Entra ID, Conditional Access, Identity Protection, PIM.
• Email Security: Microsoft Defender for O365, Darktrace AI, anti-phishing, Safe Links/Attachments, attack simulation.
• Documentation: Clear security architecture and incident response processes.

Beneficial Skills:

• Excellent communication and stakeholder management skill
• Experience with working with global Cyber Defence/SOC teams
• Knowledge of MITRE ATT&CK framework and its application in threat detection and response.
• Understanding of compliance standards (ISO 27001, NIST CSF, GDPR, SOC 2).
• Familiarity with third-party integrations (e.g., Threat Intelligence Platforms, SOAR tools, Security APIs).

Certifications (Preferred):

• Microsoft SC-100, AZ-500, SC-200, SC-300.
• CISSP, CCSP.

Benefits - GB:

Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company.

We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you.

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a” hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.