Microsoft Sentinel & Defender Technical Consultant in London

At Avanade, cybersecurity consultants are innovators, risk-takers, and challengers of the status quo. If you’re an experienced Cyber Defence Consultant, who can help our clients solve complex Cyber Defence business challenges, this might be the perfect opportunity for you.

In a client-facing consulting role, you will work on exciting projects that transform our client’s Cyber Defence solutions through the design and implementation of predominantly Microsoft Cyber Defence technologies, with a focus on the Microsoft 365 security capabilities. As a member of our security practice, you will work for both Avanade and Accenture clients, ranging from medium to large global enterprise clients.

Join a curious and diverse team that’s passionate about next-gen tech and establish yourself as a Leader in the Security space. Together, let’s transform cybersecurity.

• Work for both Avanade and Accenture clients, ranging from medium to large global enterprise clients.
• Contribute to the global Avanade security offerings and produce blogs and articles for your region and Avanade.com.
• Undertake innovation, training, and development to ensure you are always at the cutting‑edge Microsoft Security technology and vendor solutions.
• Establish yourself as a leader in the Cyber Defence space.
• Deliver large and global Cyber Defence solutions and gain knowledge and experience of Microsoft’s broader Security, Compliance, and Identity (SCI) ecosystem.
• Design and implement Zero Trust architectures using Microsoft security solutions, focusing on Cyber Defence.
• Lead the deployment and configuration of:

• Designing and implementing Copilot‑ready Cyber Defence foundations, ensuring only appropriate data is accessible to AI assistants.
• Conducting Copilot data access readiness assessments, analysing content permissions, overexposure, data leakage paths, and sensitivity label coverage.
• Designing and implementing SIEM capabilities in Microsoft Sentinel, including onboarding data sources and building detections aligned to client SOC requirements.
• Building and tuning analytics/detection content and operational SOC assets (rules, workbooks, incident workflows) with an emphasis on quality signal and actionable triage.
• Supporting clients running Splunk and Sentinel side‑by‑side for a defined migration/training period; enabling ingestion/alert forwarding patterns where required by the transition approach.
• Leading or contributing to SIEM migration activities (mapping Splunk detections to Sentinel analytics) using Microsoft’s SIEM migration experience where applicable.
• Integrating and correlating signals across endpoint, identity, email/collaboration, and cloud apps as part of XDR‑led investigations and response.
• Developing, testing, and optimizing advanced threat hunting and detection queries using KQL, including creating repeatable detection logic aligned to attack techniques and SOC use‑cases.
• Translating detection requirements into durable content that can be operationalized (playbooks/runbooks, response actions, tuning approach).

• Operationalising Microsoft Security Copilot with Microsoft Sentinel to accelerate investigations, summarise incidents, and generate hunting queries (including natural‑language to KQL for Sentinel).
• Enabling and curating Copilot sources/plugins for SOC workflows, and standardising prompt patterns (“promptbooks”) to improve consistency and outcomes.
• Contributing to unified SOC workflows where Sentinel and Defender XDR are brought together in a single operations experience, reducing tool switching and improving context for response.