• Act as a trusted technical advisor for security and engineering stakeholders.

• Communicate complex technical concepts clearly to both technical and non-technical audiences.

• Build strong relationships with customers based on clarity, competence, and follow-through.

• Translate customer needs into actionable technical plans and deliverables.

• Work closely with internal teams (engineering, SOC, platform) to improve processes and share insights

• Contribute to knowledge articles, runbooks, design documentation, and repeatable delivery patterns.

• Lead technical discussions with customers and guide them through architecture, design decisions, and best practice implementation.

• Own the delivery of security solutions

• Design and implement detection, automation, and runbooks.

• Conduct technical assessments across identity, endpoint, cloud posture, logging, and security operations

• Build and optimise KQL queries, detections and hunting queries

• Review security configurations across Cloud and SIEM/SOAR platforms.

• Work end-to-end through architecture, deployment, tuning, documentation, and customer enablement

• Identify gaps and recommend improvements across logging, identity, endpoint hardening, cloud posture, and threat detection.

• Understand how endpoints, servers, domain controllers, and cloud workloads operate and how security tools plug into them.

• Work with customers to remediate misconfigurations, optimise deployments, and improve operational resilience

• Use scripting, APIs, or automation tooling to streamline repeatable tasks.

• Support integration work across firewalls, EDR, logging pipelines, and SIEM/SOAR tooling.

• Strong, demonstrable experience across the Microsoft security stack

• Solid understanding of identity and endpoint security fundamentals.

• Comfortable writing and tuning detection logic (e.g. KQL) across detective and threat hunting scenarios

• Excellent communication and customer-facing skills; able to lead calls, drive discussions, and influence outcomes

• Ability to work autonomously, solve problems, and deliver high-quality technical work.

• Experience with automation (PowerShell, Python, API integrations) and a sysadmin background

• Familiarity with security frameworks and incident response concepts.

• Exposure to logging pipelines (AMA, Syslog, Cribl, SIEM tooling).

• Working knowledge of other, non-Microsoft security stacks (CrowdStrike, SentinelOne, Tenable, etc)

• Experience producing architecture documents, diagrams, and design proposals.

• Background working in an MSSP, consultancy, or customer-facing engineering role.

• Microsoft Security: Defender XDR, Sentinel, Entra ID, Intune, Defender for Cloud etc.

• Exposure to other modern security stacks, such as SentinelOne or Crowdstrike is a strong advantage

• Cloud: Azure (required), AWS or GCP exposure a plus

• Platforms: AD/Entra hybrid identity, Windows Server, Linux

• Infrastructure: networking, VPN, firewalls, endpoint management

• Tooling: KQL, PowerShell, API usage, automation tooling