Azure Security Engineer

3 month initial contract outside IR35

Focus: Vulnerability Remediation, Defender Suite, Purview Compliance

We are hiring an Azure Security Engineer to strengthen our Microsoft security posture with a hands‑on focus on improving Defender for Cloud findings, remediating vulnerabilities across Azure and endpoint estates, and uplifting compliance and data protection controls.

This is a role for someone who enjoys fixing things, not just recommending. You’ll be embedded with engineering and infrastructure teams, working through remediation tasks, tightening configuration, and improving real‑world risk reduction week by week.

• Monitor and remediate vulnerabilities surfaced by Defender for Cloud
• Manage and optimise Defender for Endpoint, attack surface reduction and device hardening
• Operate and tune External Attack Surface Management (EASM) findings and asset exposure
• Improve Secure Score and continuously reduce risk through technical remediation
• Collaborate with SOC to triage, respond, and close findings

• Implement and manage Purview (DLP, sensitivity labels, insider risk, records)
• Assist with compliance uplift against ISO 27001, SOC2, GDPR, NIS2
• Maintain audit trails, evidence, runbooks, and security documentation

• Hands‑on remediation — patching, configuration fixes, policy deployments
• Work with product teams to close findings rather than just elevate
• Improve posture for identity, endpoints, networking, and cloud workloads
• Implement conditional access, PIM, key vault, and encryption standards

• Tune Sentinel analytics, automation rules, alert noise reduction
• Support incident investigation, triage, threat hunting as needed
• Generate security metrics, reporting, and measurable improvement trends
  Collaboration & Delivery
  • Work with DevOps, Infra, Desktop, and Cloud teams on real‑world fixes
  • Translate risk into understandable action for stakeholders
  • Create repeatable processes to shorten future remediation cycles
  Experience & Skills Needed
  Must‑Have
  • Strong hands‑on experience with Defender for Cloud, Defender for Endpoint, EASM
  • Working knowledge of Purview, DLP, sensitivity labels, insider risk
  • Demonstrable history of closing vulnerabilities and improving posture
  • Azure identity & access security (Entra ID, Conditional Access, PIM)
  • PowerShell/MS Graph for automation or scripted remediation
  Nice to Have
  • Sentinel exposure (analytic rules, workbooks, automation)
  • Understanding of Zero Trust principles and Microsoft Compliance Manager
  • Experience working in regulated or audited environments
  Certifications Required
  • AZ‑500 – Azure Security Engineer Associate
  • SC‑100 (or commitment to completion within 12 months)
  • Plus one of → MS‑500 or SC‑400 or SC‑900
  Desirable
  • CCSP
  • Additional Defender/M365 security modules
  What This Role Offers
  • Real ownership in improving cyber posture
  • Hands‑on security engineering where the work is measurable
  • Hybrid UK working
  • Modern cloud‑security‑driven environment

  3 month initial contract outside IR35