Cyber Security Architecture and Engineering Manager

We are seeking a hands on, skilled and detail-oriented Security Leader to spear head our Architect and Engineering department with expertise in Microsoft technologies to join a rapidly expanding global team of security experts that provides services to protect our business. This role will report into the Head of Information Security and will work closely across all IT Teams and business units.

In this role, you will be responsible for leading, designing, implementing, managing, and optimizing security solutions to protect our IT infrastructure, technology assets, cloud environments, and applications. The ideal candidate will have hands-on experience with Microsoft security tools and technologies, such as Azure, Microsoft 365, Microsoft Purview and Microsoft Defender, and will play a critical role in safeguarding our digital assets.

Leadership and Team Management

• Lead and mentor a team of Security Engineers and Architects focused on, designing and implementing secure controls across Microsoft technologies, such as Microsoft 365, Microsoft Defender, Azure Security Centre, and Microsoft Sentinel.
• Establish team goals, manage performance, and provide regular feedback to ensure the success of security operations.
• Foster a culture of continuous improvement and professional development within the team.

Cloud Security Strategy

• Responsible for the cloud security strategy for our Azure-based solutions, leveraging Azure Security Centre, Azure Active Directory, and other Azure-native security tools to secure infrastructure and applications.
• Design security controls in Azure to protect resources, networks, data, and identities.
• Oversee the integration of security practices in cloud migration strategies and help guide the secure adoption of cloud technologies.

Security Solution Implementation

• Implement, configure, and manage security solutions in Microsoft environments, including Azure, Microsoft 365, Microsoft Defender, Microsoft Purview and other Microsoft security tools.
• Ensure the secure deployment and configuration of Microsoft cloud resources, applications, and services, adhering to security best practices and company policies.
• Set up and maintain security controls such as firewalls including WAFs, VPNs, and endpoint protection across all environments.

Identity and Access Management (IAM)

• Responsible for Architecting and implementing advanced identity and access management (IAM) solutions using Microsoft technologies such as Azure Active Directory/EntraID, Azure AD B2B/B2C, and Microsoft Identity Platform.
• Design and enforce least privilege access principles, multi-factor authentication (MFA), conditional access policies, and role-based access control (RBAC) across all Microsoft service.

Vulnerability Management and Risk Assessment

• Responsible for security assessments and risk analysis for new Microsoft technologies, AI, cloud services and digital products.
• Regularly assess and monitor Microsoft systems and services for vulnerabilities and security gaps, using tools like Microsoft Defender for Endpoint and Azure Security Centre.

Security Automation and Optimisation

• Responsible for an Automation Strategy for security processes and tasks using PowerShell, Azure CLI, and other tools to improve efficiency and response times.
• Optimise security configurations across Microsoft environments to ensure best practices and consistent application of security controls.
• Continuously review and improve existing security processes, tools, and policies.

Compliance and Reporting

• Ensure Microsoft-based systems meet regulatory requirements (e.g., GDPR), internal security standards (ISO 27001/2, SOC) and policies.
• Assist in security audits and assessments, providing the necessary documentation and evidence to support compliance initiatives.
• Generate regular security reports, dashboards, project status and metrics using Microsoft security tools.

Collaboration and Effective Communication

• Work closely with IT, system administrators, and other security teams to coordinate incident response efforts, identify vulnerabilities, and implement mitigation strategies across the Microsoft technology stack.
• Communicate and conduct regularly presentations at a senior leadership level.
• Ensure that the IT Security documentation is maintained and updated regularly as required
• Provide guidance and support to internal teams regarding Microsoft security best practices, threat mitigation and security by design
• Participate in security projects, including cloud migration efforts, that involve Microsoft technologies, ensuring security is a top priority
• Provide input to the monthly IT Security report.

Essential

• 5+ years of experience in a security engineering/architecture or cybersecurity leadership role, with a strong focus on Microsoft environments such as Microsoft 365, Azure, Microsoft Purview, and related Microsoft security products.
• Proven track record in leading security engineering/architecture teams, managing risk, design and build security principles for products (e.g. Microsoft 365, Microsoft Azure, CoPilot, Microsoft Defender, Microsoft Sentinel).
• Experience of working in a diverse Global Company;
• Understanding of key network and infrastructure security solutions such as firewalls, SD-WAN, WAF, DDoS protection IPS, Web Proxy, etc.
• Excellent knowledge of security solutions and technologies including Network Firewalls, proxy technologies, EDR, SIEM (Sentinel);
• Understanding of SASE solutions and cloud-based service delivery of traditional security controls (e.g. content filtering, firewall)
• Knowledge of Intrusion detection/prevention systems (IDS/IPS/WAF) and vulnerability assessment tools );
• Excellent knowledge of different threat scenarios, incident response and remediation techniques;
• Hands on experience of applying security by design across a Microsoft eco system.
• Knowledge of security technologies (encryption, data protection, permissions, privilege access etc.);
• Knowledge of applying CIS benchmark policies in Azure & O365;
• Experience with Security frameworks, ISO 27001, Cyber Essentials, NIST, PCI;
• Good working knowledge of Active Directory services, including reporting and auditing of Active Directory objects;
• Skilled in using scripting tools (PowerShell, MS CLI & VBS).
• Understand Incident Response, Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors;
• Desirable qualifications, Microsoft Certified: Azure Security Engineer or Architect Associate, Microsoft Certified: Security, Compliance, and Identity Fundamentals, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, Certified Cloud Security Professional (CCSP) or other similar security certifications or demonstratable experience.
• Good communication (English Writing, Reading and Speaking) skills and ability to articulate subjects clearly.
• Proven analytical and problem-solving skills;
• Strong documentation skills;
• Organised, methodical and self-motivated;
• Keeping abreast of industry trends and security technologies.
• Takes the initiative to proactively resolve issues within own remit and recognises when escalation is required;
• Uses own knowledge and experience to make sounds judgements or assist others with sound judgements;
• Considers the regional and global implications of what we do in our own areas of responsibility;
• Identifies and builds relationships across team and region;
• Understands need to work within project scope, including price;
• Shows understanding of others in order to influence as appropriate.