Microsoft Cloud Security Architect Lead

Job Description We are seeking a visionary Lead Microsoft Cloud Security Architect to join WTW's Global Information and Cyber Security Defence (ICSD) function. This role is pivotal in designing and implementing next‑generation cloud security architectures, securing WTW cloud environments, and driving automation and intelligence within Cyber Defense Security Platforms & SOC Engineering. This is a hybrid role based at London office, with a minimum requirement of 1 day in a week or based on business demand. The Role: The ideal candidate will have deep expertise in Microsoft Security and Sentinel, with a strong emphasis on: Agentic AI for Security: Leading the adoption and integration of agentic AI to enable autonomous threat detection, adaptive response, and continuous security posture improvement. Sentinel Data Lake: Leveraging Sentinel Data Lake not only for advanced analytics and threat detection, but also to optimize cost and drive the capabilities of Agentic AI for Security. Microsoft Sentinel Model Context Protocol (MCP): Utilising MCP for advanced context‑aware analytics, automation, and to enhance the effectiveness of AI‑driven security operations. Microsoft Sentinel Graph: Integrating and automating security workflows using Sentinel Graph for unified threat intelligence, incident correlation, and automated response. Key Responsibilities: Agentic AI for Security & Sentinel Advanced Capabilities Lead the adoption and integration of Agentic AI for Security to enable autonomous threat detection, adaptive response, and continuous security posture improvement. Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft Sentinel Model Context Protocol (MCP) for advanced context‑aware analytics and automation. Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large‑scale threat detection, incident response, and threat hunting, while optimising cost and enabling Agentic AI‑driven security operations. Integrate and automate security workflows using Microsoft Sentinel Graph for unified threat intelligence, incident correlation, and automated response. Microsoft Cloud Security Architecture & Strategy Design and implement Microsoft Cloud Security Architectures for Azure, Microsoft, AWS, OCI and hybrid cloud environments. Ensure Defender XDR and Defender for Cloud are optimised for advanced threat detection and response. Develop enterprise‑wide security frameworks and standards to align with industry best practices (NIST, ISO 27001, CIS, GDPR, etc.). Assess and improve cloud security postures using CSPM and CWPP tools. Defender XDR & Wiz Cloud Design and help optimise Microsoft Defender XDR (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365) for holistic security coverage. Advise on the design and rollout of Wiz Defend, Wiz Runtime Sensor, Wiz Code, Defender solutions, Sentinel Data Lake, and SOAR automation to enhance threat detection and response. Identity Security & Conditional Access Design and enforce Identity Security policies, including Azure AD Conditional Access, MFA, and Identity Protection. Advise on Implementation of Privileged Identity Management (PIM) and Just‑in‑Time (JIT) access controls to mitigate identity‑based attacks. Identify compromise threats using Microsoft Defender for Identity and Sentinel UEBA. Email Security Advise on best practices for email security. Automate email security response actions using SOAR and Defender for Office 365. Security Automation Develop security automation workflows using Microsoft Sentinel playbooks, Logic Apps, and Power Automate. Document security architectures, integrations, and automation processes in runbooks, SOPs, and technical guidelines. Establish security governance frameworks to ensure compliance and risk management alignment. Collaboration & Continuous Improvement Work closely with GSOC, Threat Hunting, Insider Threats, Threat Intelligence and ICSD Change teams to align cloud security strategies with business needs. Stay up to date with emerging threats, Microsoft security innovations, and industry trends to drive continuous security enhancements. Provide training and mentorship to SOC teams on Microsoft cloud security best practices. Team Management Manage and mentor a team of Cyber Defence Security Engineers. Act as an escalation point for complex security issues. Qualifications The Requirements: Must‑Have Skills Deep expertise in architecting, deploying, and managing Microsoft Sentinel, with a strong focus on Agentic AI for Security, Sentinel Data Lake Skills (including cost optimisation and AI enablement), Microsoft Sentinel Model Context Protocol (MCP), and Microsoft Sentinel Graph. Strong hands‑on experience with Wiz Defend, Wiz Runtime Sensor, Wiz Code and cloud security posture management (CSPM) and workload protection (CWP). Experience integrating and automating security workflows using Microsoft Sentinel Graph and Microsoft Graph Security API. Proficiency in Microsoft Sentinel SIEM for threat detection, incident response, and threat hunting. Experience designing SOAR workflows for automated security response and incident triage. Expertise in KQL queries, custom detection rules, and UEBA use cases. Strong understanding of Entra ID Security, Conditional Access, Identity Protection, and Privileged Access Management (PIM). Experience with Just‑in‑Time (JIT) access, Zero Trust identity models, and identity compromise detection. Hands‑on experience securing email environments using Microsoft Defender for Office 365 (MDO) and Darktrace Email AI‑driven security. Expertise in anti‑phishing, Safe Links/Safe Attachments, attack simulation, and email threat intelligence. Experience automating security tasks using Microsoft Sentinel playbooks, Logic Apps, Power Automate, and KQL‑based automation. Ability to write clear and detailed documentation for security architecture, processes, and incident response procedures. Beneficial Skills Excellent communication and stakeholder management skill Experience with working with global Cyber Defence/SOC teams Knowledge of MITRE ATT&CK framework and its application in threat detection and response. Understanding of compliance standards (ISO 27001, NIST CSF, GDPR, SOC 2). Familiarity with third‑party integrations (e.g., Threat Intelligence Platforms, SOAR tools, Security APIs). Certifications (Preferred) Microsoft Certified: Cybersecurity Architect Expert (SC‑100) Microsoft Certified: Azure Security Engineer Associate (AZ‑500) Microsoft Certified: Security Operations Analyst Associate (SC‑200) Microsoft Certified: Identity and Access Administrator Associate (SC‑300) Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Benefits – GB Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company. We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle‑to‑work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you. Equal Opportunity Employer At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity. At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a “hybrid” style, with a mix of remote, in‑person and in‑office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one‑size‑fits‑all solution. We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com. #J-18808-Ljbffr