
Posted an hour ago
Principal Microsoft Defender XDR, IRM & Deception Engineer
WTWPrincipal Microsoft Defender XDR, IRM & Deception Engineer
Requirements
Enterprise cyber deception program design, Microsoft Defender XDR engineering, Microsoft Sentinel expertise, Advanced KQL, Scripting in PowerShell or Python, Adversary tradecraft knowledge, Incident response leadership
Skills
PythonPowerShellKQL
About the role
Responsibilities
- Lead the end-to-end enterprise cyber deception programme, including strategy, architecture, and deployment of honeypots, honeytokens, and decoy assets.
- Design and optimize Microsoft Defender XDR across endpoint, identity, email, and cloud-app workloads.
- Integrate deception signals into Microsoft Sentinel and Defender XDR to create high-fidelity, automated detection and response workflows.
- Implement Microsoft Purview DLP and Insider Risk Management (IRM) to detect and prevent unauthorized data exfiltration.
- Extend deception and detection capabilities across multi-cloud environments including AWS, GCP, and OCI.
- Drive security automation using Microsoft Sentinel SOAR, Logic Apps, and Microsoft Security Copilot.
- Provide technical leadership and mentorship to a team of Defender XDR and Deception Engineers.
Requirements
- Proven experience designing and operating enterprise-scale cyber deception programmes (honeypots, honeytokens, decoys).
- Extensive hands-on engineering experience with the Microsoft Defender XDR stack (MDE, MDI, MDO, MDA).
- Deep expertise in Microsoft Sentinel, including analytics rules, hunting, and SOAR.
- Advanced proficiency in KQL (Kusto Query Language) for detection engineering and threat hunting.
- Strong scripting and automation skills in PowerShell or Python.
- Deep understanding of adversary tradecraft, MITRE ATT&CK, and the cyber kill chain.
- Proven experience leading incident response across identity, endpoint, and cloud domains.
Preferred Qualifications
- Experience with red-team/purple-team exercises and breach-and-attack simulation (BAS).
- Microsoft certifications such as SC-200, AZ-500, or SC-100.
- Industry certifications like CISSP, GCFA, GCIH, or OSCP.
- Experience leveraging Agentic AI or Microsoft Security Copilot in security operations.
Benefits
- 25 days of annual leave plus an extra WTW day.
- Comprehensive health and wellbeing package including private healthcare and life insurance.
- Defined contribution pension scheme with company matched contributions up to 10%.
- Hybrid working options and a fully paid volunteer day.
- Access to various perks including electric vehicle schemes and cycle-to-work programmes.
About the Company
WTW is a leading global advisory firm that helps clients manage risk and optimize outcomes. We provide innovative solutions across risk, broking, and human capital to help organizations navigate an increasingly complex world.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freePrincipal Microsoft Defender XDR, IRM & Deception Engineer
WTW · London
