Principal Microsoft Cloud & AI Security Architect

We are seeking a visionary Principal Microsoft Cloud & AI Security Architect to join WTW’s Global Information and Cyber Security Defence (ICSD) function. This role is pivotal in designing and implementing next-generation cloud security architectures, securing WTW cloud environments, and driving automation and innovation with WTW’s ICS Function. The candidate will work closely with the CISO, other ICS leads as well as Cyber Defence to ensure a holistic architectural approach to WTW’s technology estate. The ideal candidate will have deep expertise in Microsoft Azure, Palo Alto, AWS and Oracle technology with detailed knowledge of Microsoft security tools and the Software Development life Cycle. 

The Role

• Architect and implement next‑generation Microsoft cloud security across Azure and multi‑cloud environments.
• Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response, and continuous security posture improvement.
• Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake, and Sentinel Graph capabilities for advanced analytics, threat correlation, and automated workflows.
• Optimise and operationalise Defender XDR, Defender for Cloud, and Wiz to enhance cloud posture, workload protection, and risk visibility.
• Strengthen identity protection through Entra ID, Conditional Access, MFA, PIM/JIT, and Defender for Identity.
• Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate, and advanced SOAR workflows.
• Drive proactive threat detection, email threat defence, and automated containment using MDO and Darktrace Email.
• Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response, and governance.
• Manage, mentor and strengthen a team of Cyber Defence Security Engineers.

Key Skill Areas 

1. Microsoft Sentinel & Advanced Analytics

(You will use and lead with these skills daily)

• Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL, custom detections and threat hunting.
• Strong hands-on experience with: 
  • Agentic AI for Security
  • Sentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement)
  • Microsoft Sentinel MCP for enriched context-aware analytics
  • Microsoft Sentinel Graph for automated incident correlation and graph-driven workflows

2. Cloud Security Architecture (Microsoft + Multi-Cloud)

• Expertise designing security architectures across Azure, with additional exposure to AWS, GCP, OCI or hybrid environments.
• Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP, and multi-cloud security controls.

3. Cloud Posture & Risk Management (Wiz)

• Hands-on experience with: Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code
• Strong ability to operationalise CSPM/CWP findings into actionable remediation.

4. Identity Security & Access Management

• Deep understanding of Entra ID security, Conditional Access, MFA, Identity Protection, PIM/JIT.
• Ability to define identity strategies and detect/mitigate identity‑led attacks.

5. Email Security & Threat Containment

• Expertise with Microsoft Defender for Office 365, phishing protection, Safe Links/Attachments, automated email response, and Darktrace Email.

6. Security Automation & Engineering

• Strong experience developing SOAR workflows and automation pipelines using: Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL-based automation
• Ability to document architectures, runbooks, and processes clearly and accurately.

7. Governance, Standards & Compliance

• Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC2.
• Ability to embed governance in cloud and SOC engineering processes.

8. Leadership & Cross‑Functional Collaboration

• Experience guiding and developing engineering teams.

Strong communication, stakeholder management, and ability to influence global cyber defence functions.

What you’ll bring: 

Must‑Have Skills:

• Deep hands‑on expertise in Microsoft Sentinel, including architecture, SIEM/UEBA, KQL, custom detections, automation, Sentinel Data Lake, MCP, Sentinel Graph, and Agentic AI–driven security.
• Strong experience with Wiz (Wiz Defend, Runtime Sensor, Wiz Code) and solid understanding of CSPM/CWPP for cloud posture and workload protection.
• Proven ability to integrate and automate security workflows using Sentinel Graph, Microsoft Graph Security API, Playbooks, Logic Apps, Power Automate, and KQL‑based automation.
• Advanced identity security skills across Entra ID, Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), Just‑in‑Time (JIT) access, and Zero Trust identity models.
• Strong background in email security, including Microsoft Defender for Office 365, Darktrace Email, anti‑phishing controls, Safe Links/Safe Attachments, phishing simulations, and email threat intelligence.
• Ability to produce clear, well‑structured security architecture documentation, runbooks, and incident response procedures.

Nice-to-Have Skills:

• Experience working in global SOC/Cyber Defence teams.
• Familiarity with Threat Intelligence Platforms, SOAR tool integrations, or additional security APIs.
• Understanding of MITRE ATT&CK mapping for detection engineering.

Preferred Certifications:

• Microsoft Certified: Cybersecurity Architect Expert (SC‑100)
• Azure Security Engineer Associate (AZ‑500)
• Security Operations Analyst Associate (SC‑200)
• Identity and Access Administrator Associate (SC‑300)
• CISSP or CCSP

What we offer

Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company.

We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you.

Equal Opportunity Employer 

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@wtwco.com