Job Title- Microsoft Defender Specialist

Job type- Hybrid(travel to London office once a week)

Duration- 6 months(Possible Extension)

Salary- £650-750/day

Onsite Parking, Holidays are accrued for PAYE contractors and will 28 days to start off with which increases to 33 days after 12 weeks.

Job Description

We are seeking a highly skilled Microsoft Defender XDR Specialist to join Cyber Defence team, reporting directly to the Global Head of Microsoft Security Platforms and SOC Operations. In this pivotal role, you will lead the deployment, management, and optimisation of Microsoft's advanced security solutions, focusing on Microsoft Defender for Cloud Apps, Defender for Identity, Defender for Office 365, and Defender for Endpoint.

You will play a critical role in designing and implementing scalable Microsoft security architectures, driving automation in threat detection and response, and maintaining comprehensive process documentation to enhance the overall security posture. Integration with Microsoft Sentinel for centralised threat detection and incident response will also be a key focus of this role.

Key Responsibilities:

Microsoft Defender XDR Implementation & Management

• Deploy, configure, optimise and manage the Microsoft Defender XDR suite, with key focus on Defender for Cloud Apps (MDA).
• Follow best practices to optimise and configure already deployed Defender for Identity (MDI), Defender for Office 365 (MDO), and Defender for Endpoint (MDE).
• Implement security controls and threat protection policies to secure endpoints, identities, cloud applications, and collaboration tools.
• Develop and enforce security baselines, policies, and procedures for proactive threat management across the Microsoft XDR product suite.

Security Automation & Orchestration

• Develop and implement automation workflows and playbooks using Microsoft Sentinel and Logic Apps to streamline incident response and remediation.
• Automate security monitoring, alerting, and remediation processes across Defender solutions to reduce manual workloads and response times.
• Identify opportunities to automate repetitive security tasks and optimize threat detection and response processes.

Process Documentation & Knowledge Sharing

• Create and maintain detailed process documentation, standard operating procedures (SOPs), and security runbooks for Defender XDR configurations, incident response, and automation workflows.
• Document integration workflows between Defender XDR solutions and Microsoft Sentinel.
• Provide training and guidance to security teams on using Defender tools and automated processes.

Threat Detection & Incident Response

• Advise on threat detection, investigation, and response activities leveraging Defender XDR and Sentinel.
• Analyse security alerts, contribute to investigation of incidents, and implement mitigation strategies.
• Provide support to Global SOC, Threat Intelligence, Insider Threat and Threat Hunting Teams

Collaboration & Continuous Improvement

• Collaborate with cross-functional teams (GRC, Cyber Offence, Enterprise Tech and more) to align security strategies with business objectives.
• Stay current on emerging threats, Microsoft security technologies, and industry trends to recommend continuous improvements.

Must-Have Skills:

• Microsoft Defender for Cloud Apps (MDCA):

o Expertise in configuring and managing cloud security policies for SaaS applications.

o Experience in shadow IT discovery, governance, and compliance enforcement.

o Ability to design custom policies for anomaly detection and risk mitigation.

o Strong understanding of session controls and conditional access app controls.

• Microsoft Defender for Identity (MDI):

o Proficiency in detecting and responding to identity-based threats (e.g., lateral movement, pass-the-hash, domain dominance).

o Experience integrating MDI with Sentinel for automated identity threat response.

o Microsoft Defender for Office 365 (MDO):

o Expertise in anti-phishing, anti-malware, and Safe Links/Safe Attachments policies.

o Experience with automated investigation and remediation (AIR) and attack simulation training.

• Microsoft Defender for Endpoint (MDE):

o Strong knowledge of endpoint detection and response (EDR), threat and vulnerability management.

o Experience with automated threat response, configuration management, and endpoint hardening.

• Microsoft Security Architecture:

o Proven experience designing secure Microsoft 365 and Azure environments.

o In-depth knowledge of Zero Trust security models, conditional access, and compliance controls.

o Experience integrating Microsoft Defender solutions with Microsoft Sentinel for SIEM/SOAR operations.

• Security Automation:

o Hands-on experience with Logic Apps, KQL queries, and Sentinel playbooks for security automation.

o Ability to design and deploy automated incident response workflows and threat intelligence feeds.

• Process Documentation:

o Strong documentation skills for creating runbooks, SOPs, and security process workflows.

o Ability to translate technical solutions into clear, actionable documentation for security teams.

Beneficial Skills:

Security Operations & Microsoft Sentinel:

• Experience with Microsoft Sentinel for SIEM/SOAR operations, including custom analytics rules, alert tuning, and incident management.
• Familiarity with MITRE ATT&CK framework and threat intelligence integration.

General Security Skills:

• Understanding of compliance standards (ISO 27001, NIST, GDPR, CIS).
• Experience with vulnerability management and risk assessments.

Certifications (Preferred):

• Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)