Microsoft Security Architect

Stack:

Microsoft Security: Defender XDR, Sentinel, Entra ID, Intune, Defender for Cloud etc.
Exposure to other modern security stacks, such as SentinelOne or Crowdstrike is a strong advantage
Cloud: Azure (required), AWS or GCP exposure a plus
Platforms: AD/Entra hybrid identity, Windows Server, Linux
Infrastructure: networking, VPN, Firewalls, endpoint management
Tooling: KQL, PowerShell, API usage, automation tooling

What we're looking for

Must have:

Strong, demonstrable experience across the Microsoft security stack
Solid understanding of identity and endpoint security fundamentals.
Comfortable writing and tuning detection logic (eg KQL) across detective and threat hunting scenarios.
Excellent communication and customer-facing skills; able to lead calls, drive discussions, and influence outcomes.
Ability to work autonomously, solve problems, and deliver high-quality technical work.

Nice to have:

Experience with automation (PowerShell, Python, API integrations) and a sysadmin background
Familiarity with security frameworks and incident response concepts.
Exposure to logging pipelines (AMA, Syslog, Cribl, SIEM tooling).
Working knowledge of other, non-Microsoft security stacks (CrowdStrike, SentinelOne, Tenable, etc).
Experience producing architecture documents, diagrams, and design proposals.
Background working in an MSSP, consultancy, or customer-facing engineering role.