Principal Microsoft Cloud & AI Security Architect

Job Description

We are seeking a visionary Principal Microsoft Cloud & AI Security Architect to join WTW's Global Information and Cyber Security Defence (ICSD) function. This role is pivotal in designing and implementing next‑generation cloud security architectures, securing WTW cloud environments, and driving automation and innovation with WTW's ICSD Function. The candidate will work closely with the CISO, other ICSD leads as well as Cyber Defence to ensure a holistic architectural approach to WTW's technology estate.

• Architect and implement next‑generation Microsoft cloud security across Azure and multi‑cloud environments.
• Drive adoption of Agentic AI for Security to enable autonomous detection, adaptive response, and continuous security posture improvement.
• Enhance Microsoft Sentinel with MCP (Model Context Protocol), Sentinel Data Lake, and Sentinel Graph capabilities for advanced analytics, threat correlation, and automated workflows.
• Optimise and ope rationalise Defender XDR, Defender for Cloud, and Wiz to enhance cloud posture, workload protection, and risk visibility.
• Strengthen identity protection through Entra , Conditional Access, MFA, PIM/JIT, and Defender for Identity.
• Lead the automation of security operations using Sentinel Playbooks, Logic Apps, Power Automate, and advanced SOAR workflows.
• Drive proactive threat detection, email threat defence, and automated containment using MDO and Darktrace Email.
• Partner closely with GSOC, Incident Response, Threat Hunting, TI and Cloud Engineering teams to deliver unified detection, response, and governance.
• Manage, mentor and strengthen a team of Cyber Defence Security Engineers.

1. Microsoft Sentinel & Advanced Analytics

(You will use and lead with these skills daily)

• Deep expertise in Microsoft Sentinel architecture, tuning, SIEM/UEBA, KQL, custom detections and threat hunting.
• Strong hands‑on experience with:
  • Agentic AI for Security
  • Sentinel Data Lake (pipelines, analytics, cost optimisation, AI enablement)
  • Microsoft Sentinel MCP for enriched context‑aware analytics
  • Microsoft Sentinel Graph for automated incident correlation and graph‑driven workflows

2. Cloud Security Architecture (Microsoft + Multi‑Cloud)

• Expertise designing security architectures across Azure, with additional exposure to AWS, GCP, OCI or hybrid environments.
• Strong experience with Defender XDR, Defender for Cloud, CSPM, CWPP, and multi‑cloud security controls.

3. Cloud Posture & Risk Management (Wiz)

• Hands‑on experience with:
  Wiz Cloud, Wiz Defend, Wiz Runtime Sensor, Wiz Code
• Strong ability to ope rationalise CSPM/CWP findings into actionable remediation.

4. Identity Security & Access Management

• Deep understanding of Entra , Conditional Access, MFA, Identity Protection, PIM/JIT.
• Ability to define identity strategies and detect/mitigate identity‑led attacks.

5. Email Security & Threat Containment

• Expertise with Microsoft Defender for Office 365, phishing protection, Safe Links/Attachments, automated email response, and Darktrace Email.

6. Security Automation & Engineering

• Strong experience developing SOAR workflows and automation pipelines using:
  Sentinel Playbooks, Azure Logic Apps, Power Automate, Graph Security API, KQL‑based automation
• Ability to document architectures, runbooks, and processes clearly and accurately.

7. Governance, Standards & Compliance

• Working knowledge of NIST CSF, ISO 27001, CIS Benchmarks, GDPR and SOC
  2.
• Ability to embed governance in cloud and SOC engineering processes.

8. Leadership & Cross‑Functional Collaboration

• Experience guiding and developing engineering teams.

What you’ll bring:

• Deep hands‑on expertise in Microsoft Sentinel, including architecture, SIEM/UEBA, KQL, custom detections, automation, Sentinel Data Lake, MCP, Sentinel Graph, and Agentic AI‑driven security.
• Strong experience with Wiz (Wiz Defend, Runtime Sensor, Wiz Code) and solid understanding of CSPM/CWPP for cloud posture and workload protection.
• Proven ability to integrate and automate security workflows using Sentinel Graph, Microsoft Graph Security API, Playbooks, Logic Apps, Power Automate, and KQL‑based automation.
• Advanced identity security skills…