Senior Microsoft Security Engineer

We are seeking a Senior Microsoft Security Engineer with advanced expertise in the Microsoft security stack. You will play a key role in developing, deploying, and managing SIEM & SOAR solutions, and will be instrumental in safeguarding our clients’ digital environments. This position is based at our London office in Canary Wharf and follows a hybrid working pattern of two to three days per week on-site. The role involves some travel and reports directly to the Chief Technology Officer.

• Configure and maintain Microsoft Sentinel (SIEM/SOAR), including data onboarding, custom log parsing, and automation using Logic Apps.
• Develop dashboards and reporting pipelines for incident trends and rule performance.
• Manage the Microsoft Defender XDR suite (Endpoint, Identity, Office 365, Cloud Apps, Cloud), including policy configuration, alert tuning, and integration.
• Implement Microsoft Purview for data governance, DLP, insider risk, and compliance monitoring.
• Architect and implement scalable, secure solutions for clients, directly engaging with stakeholders to understand requirements.
• Mentor team members and foster a culture of collaboration and continuous improvement.
• Participate in a shared on-call support model and occasional travel as required.

SecurityHQ is a global cybersecurity company. Our specialist teams design, engineer and manage solutions that do three things: Promote clarity and trust in a complex world. Build momentum around improving security posture. And increase the value of cybersecurity investment within organizations. Free from limitations, and inclusive of all requirements, we focus on defending today, while mitigating the risks of tomorrow. And into the future. Our solutions are tailored to our customers and their unique context. Around the clock, 365 days per year, our customers are never alone. SecurityHQ – We’re focused on engineering cybersecurity, by design.

• 5+ years experience with Azure, Microsoft Sentinel, and Defender XDR products.
• 4+ years in customer-facing consulting roles.
• 2+ years technical background in Security, SIEMs, Networking, or Datacentre Technology.
• Strong knowledge of distributed computing, microservices, and security architecture.
• Proficiency with SIEM/SOAR (Microsoft Sentinel, KQL, Logic Apps), XDR, Purview DLP, automation (PowerShell, Azure CLI, Graph API), and infrastructure as code (ARM, Bicep, Terraform).
• Familiarity with cloud/identity security (Azure AD/Entra ID, Conditional Access), threat frameworks (MITRE ATT&CK, NIST, CIS), and documentation best practices.
• Excellent communication skills in English, both written and verbal.
• Bachelor’s degree or equivalent from an accredited institution.
• At least one of: Az500, SC100, SC401 Level Certification (AWS certifications a plus).
• Experience with Datadog or QRadar is advantageous.

Job Reference Number: UK004