Microsoft Cloud Security Architect Lead

We are seeking a visionary Lead Microsoft Cloud Security Architect to join WTW's Global Information and Cyber Security Defence (ICSD) function. This role is pivotal in designing and implementing next-generation cloud security architectures, securing WTW cloud environments, and driving automation and intelligence within Cyber Defence Security Platforms & SOC Engineering. This is a hybrid role at London office with a requirement to be in the office based on the business need.

The Role:

The ideal candidate will have deep expertise in Microsoft Security and Sentinel, with a strong emphasis on:

• Agentic AI for Security: Leading the adoption and integration of agentic AI to enable autonomous threat detection, adaptive response, and continuous security posture improvement.
• Sentinel Data Lake: Leveraging Sentinel Data Lake for advanced analytics, threat detection and drive the capabilities of Agentic AI for Security.
• Microsoft Sentinel Model Context Protocol (MCP): Utilising MCP for advanced context-aware analytics, automation, and to enhance the effectiveness of AI-driven security operations.
• Microsoft Sentinel Graph: Integrating and automating security workflows using Sentinel Graph for unified threat intelligence, incident correlation, and automated response.

Key Responsibilities:

• Agentic AI for Security & Sentinel Advanced Capabilities
  • Lead the adoption and integration of Agentic AI for Security to enable autonomous threat detection, adaptive response, and continuous security posture improvement.
  • Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft Sentinel Model Context Protocol (MCP) for advanced context-aware analytics and automation.
  • Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large-scale threat detection, incident response, and threat hunting, while optimizing cost and enabling Agentic AI-driven security operations.
  • Integrate and automate security workflows using Microsoft Sentinel Graph for unified threat intelligence, incident correlation, and automated response.
• Microsoft Cloud Security Architecture & Strategy
  • Design and implement Microsoft Cloud Security Architectures for Azure, AWS, OCI, GCP and hybrid cloud environments.
  • Ensure Defender XDR and Defender for Cloud are optimised for advanced threat detection and response.
  • Develop enterprise-wide security frameworks and standards to align with industry best practices (NIST, ISO 27001, CIS, GDPR, etc.).
  • Assess and improve cloud security postures using CSPM and CWPP tools.
• Defender XDR & Wiz Cloud
  • Design and help optimise Microsoft Defender XDR (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365) for holistic security coverage.
  • Advise on the design and rollout of Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code to enhance threat detection and response.
• Identity Security & Conditional Access
  • Advise on Identity Security policies, including Azure AD Conditional Access, MFA, and Identity Protection.
  • Advise on Implementation of Privileged Identity Management (PIM) and Just-in-Time (JIT) access controls to mitigate identity-based attacks.
  • Advise on Microsoft Defender for Identity and Sentinel UEBA.
• Email Security
  • Advise on best practices for email security.
  • Automate email security response actions 
• Security Automation
  • Develop security automation workflows using Microsoft Sentinel playbooks, Logic Apps, and Power Automate.
  • Document security architectures, integrations, and automation processes in runbooks, SOPs, and technical guidelines.
  • Establish security governance frameworks to ensure compliance and risk management alignment.
• Collaboration & Continuous Improvement
  • Work closely with GSOC, Incident Response, Threat Hunting, Insider Threats, Threat Intelligence and ICS Change teams to align cloud security strategies with business needs.
  • Stay up to date with emerging threats, Microsoft security innovations, and industry trends to drive continuous security enhancements.
  • Provide training and mentorship to SOC teams on Microsoft cloud security best practices.
• Team Management
  • Manage and mentor a team of Cyber Defence Security Engineers. 
  • Act as an escalation point for complex security issues

The Requirements:

Must-Have Skills:

• Deep expertise in architecting, deploying, and managing Microsoft Sentinel, with a strong focus on Agentic AI for Security, Sentinel Data Lake Skills (including cost optimization and AI enablement), Microsoft Sentinel Model Context Protocol (MCP), and Microsoft Sentinel Graph.
• Strong hands-on experience with Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code and cloud security posture management (CSPM) and workload protection (CWP).
• Experience integrating and automating security workflows using Microsoft Sentinel Graph and Microsoft Graph Security API.
• Proficiency in Microsoft Sentinel SIEM for threat detection, incident response, and threat hunting.
• Experience designing SOAR workflows for automated security response and incident triage.
• Expertise in KQL queries, custom detection rules, and UEBA use cases.
• Strong understanding of Entra ID Security, Conditional Access, Identity Protection, and Privileged Access Management (PIM).
• Hands-on experience securing email environments using Microsoft Defender for Office 365 (MDO) and Darktrace Email AI-driven security.
• Expertise in anti-phishing, Safe Links/Safe Attachments, attack simulation, and email threat intelligence.
• Experience automating security tasks using Microsoft Sentinel playbooks, Logic Apps, Power Automate, and KQL-based automation.
• Ability to write clear and detailed documentation for security architecture, processes, and incident response procedures.

Beneficial Skills:

• Excellent communication and stakeholder management skill
• Experience with working with global Cyber Defence/SOC teams
• Knowledge of MITRE ATT&CK framework and its application in threat detection and response.
• Understanding of compliance standards (ISO 27001, NIST CSF, GDPR, SOC 2).
• Familiarity with third-party integrations (e.g., Threat Intelligence Platforms, SOAR tools, Security APIs).

Certifications (Preferred):

• Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)

Benefits - GB: 

Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company.

We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you.

Equal Opportunity Employer

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a" hybrid" style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and "hybrid" is not a one-size-fits-all solution.

We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email