Client Security Architect

We are looking a delivery-focused, client-facing Security Architect with expert-level knowledge of Microsoft Defender and Microsoft Sentinel.

Reporting to the Senior Manager of Architecture, you will lead technical design and implementation, develop advanced detections and use cases, and provide ongoing architecture guidance for enterprise clients across UK and EMEA.

This role ensures secure configuration, governance, and effective adoption of Microsoft security technologies. Primarily delivery-focused, with occasional pre-sales support., * Act as technical lead architect for assigned clients, owning design, deployment, feature enhancements, and overall technical direction.

• Perform hands-on deployment, configuration, administration, and management of Microsoft Sentinel and the Microsoft Defender suite.
• Develop SOC/XDR use cases, detections, playbooks, and dashboards (operational and executive).
• Conduct advanced event analysis leveraging SIEM/XDR; provide tuning recommendations and best practices to internal teams and clients.
• Maintain and troubleshoot solutions across complex on-premises and cloud environments; assist customers in improving security posture.
• Collaborate with Customer Success Managers, Deployment Engineering, and Architecture teams for seamless service delivery.
• Provide occasional support for demos, RFP responses, and proof-of-concept evaluations.
• Work effectively across UK and EMEA time zones; maintain deep technical expertise through continuous learning.

Deep Microsoft Defender Expertise

Lead architecture and optimization across the Defender portfolio:

• Defender for Endpoint: onboarding at scale, ASR rules, EDR configurations, TVM, device control, web filtering, Live Response, advanced hunting.
• Defender for Office 365: anti-phishing, Safe Links/Safe Attachments, mailbox intelligence, attack simulation, reporting/tuning.
• Defender for Identity: sensor deployment, detections, SIEM/XDR integration, identity threat investigations.
• Defender for Cloud Apps: policy design (session controls, app governance, OAuth risk), data protection, cloud discovery.
• Defender for Cloud: CSPM/CWPP for Azure and hybrid workloads; Azure Security Benchmark alignment.
• Integrate Defender signals with Sentinel (data connectors, analytics rules, incidents, playbooks); drive end-to-end incident response workflows.
• Advise on Microsoft security licensing, feature enablement (E5/Defender plan mappings), and cost optimization.

• 7+ years technical experience in cybersecurity.
• Extensive hands-on experience deploying and operating Microsoft Sentinel and Microsoft Defender suite (Endpoint, Identity, Office 365, Cloud Apps, Defender for Cloud).
• Practical experience with Microsoft Entra ID (Azure AD), Microsoft 365, Azure Log Analytics, Logic Apps, and related services.
• Familiarity with broader security technologies: EDR (CrowdStrike, Carbon Black), SOAR, Splunk, NGAV, firewalls.
• Strong knowledge of Windows/macOS, virtualization, networking protocols, certificates, SQL Server, and hybrid environments.
• Experience in complex IT environments (on-premises and cloud).
• Excellent customer-facing skills; strong written and verbal communication.
• Ability to provide tuning recommendations and handle high-pressure situations professionally.
• Ability to work independently and collaboratively across diverse teams.

Advanced Competencies:

• Advanced event analysis with SIEM/XDR.
• Advanced experience with Microsoft Defender tools.
• Advanced scripting: KQL for Sentinel/Defender hunting; PowerShell or Python a plus.
• Understanding of Microsoft security licensing and cost optimization.
• Knowledge of Microsoft Copilot for Security and integration with Sentinel/Defender workflows is a plus.

Certifications (Preferred):

• Microsoft: AZ-500, SC-200, SC-300, MS-500.
• Industry: CISSP, CISM, CEH, or SANS.

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability! Led by CEO, Jim Rosenthal, BlueVoyant's highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America. BlueVoyant uses AI-assisted tools within our applicant tracking system to help identify candidates whose experience and skills best match the requirements of a role. This technology provides hiring teams with additional insights to support fair and efficient hiring decisions. Please note that all applications are reviewed by a member of our hiring team, and final hiring decisions are made by humans, not AI. By submitting your application, you acknowledge that AI tools may assist in the evaluation of your resume as part of the recruitment process. For more information on how we process your personal data, please review our Candidate Privacy Notice available at https://www.bluevoyant.com/candidate-privacy-notice. All employees must be authorized to work in the United Kingdom. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.