
Posted 8 days ago
Principal Microsoft Defender XDR & Deception Engineer
WTWPrincipal Microsoft Defender XDR & Deception Engineer
Requirements
Enterprise cyber deception programme design, Microsoft Defender XDR engineering, Microsoft Sentinel expertise, Advanced KQL, Adversary tradecraft knowledge, Scripting in PowerShell or Python, Incident response leadership
Skills
PythonPowerShellKQL
About the role
Responsibilities
- Lead the end-to-end enterprise cyber deception programme, including strategy, architecture, and deployment of honeypots, honeytokens, and decoys.
- Design and operate a layered deception fabric across on-premises, hybrid, and multi-cloud environments (Azure, AWS, GCP, OCI).
- Drive the design, implementation, and optimization of Microsoft Defender XDR across endpoint, identity, email, and cloud-app workloads.
- Integrate deception signals into Microsoft Sentinel and Defender XDR to provide high-fidelity, automated detection and response.
- Lead Microsoft Purview DLP and Insider Risk Management (IRM) initiatives to detect and prevent unauthorized data exfiltration.
- Automate security workflows using Microsoft Sentinel SOAR, Logic Apps, and Microsoft Security Copilot.
- Provide technical leadership and mentorship to a team of Defender XDR and Deception Engineers.
Requirements
- Proven experience designing and operating enterprise-scale cyber deception programmes.
- Extensive hands-on experience engineering Microsoft Defender XDR (MDE, MDI, MDO, MDA) in large enterprise environments.
- Deep expertise in Microsoft Sentinel, including analytics rules, hunting, and SOAR.
- Advanced proficiency in KQL (Kusto Query Language) for detection engineering and threat hunting.
- Strong knowledge of adversary tradecraft and frameworks such as MITRE ATT&CK and MITRE Engage.
- Proven experience leading incident response across identity, endpoint, email, and cloud domains.
- Strong scripting and automation skills in PowerShell or Python.
Preferred Qualifications
- Experience with red-team/purple-team exercises and breach-and-attack simulation (BAS) programmes.
- Microsoft certifications such as SC-200, AZ-500, or SC-100.
- Industry certifications like CISSP, GCIA, GCFA, GCIH, or OSCP.
- Experience leveraging Agentic AI or Microsoft Security Copilot in security operations.
Benefits
- 25 days of annual leave plus an extra WTW day.
- Comprehensive health and wellbeing package including private healthcare and life insurance.
- Defined contribution pension scheme with matched contributions up to 10%.
- Hybrid working options and a fully paid volunteer day.
- Access to various perks including electric vehicle schemes and cycle-to-work programmes.
About the Company
WTW is a leading global advisory firm that helps clients manage risk and optimize outcomes. We provide a wide range of solutions across risk, broking, and human capital, helping organizations navigate complex challenges in an evolving world.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freePrincipal Microsoft Defender XDR & Deception Engineer
WTW · London
