CyberSecurity AI Automation Architect in Ipswich, Suffolk

An innovative cybersecurity organisation is building a next-generation, AI-supported detection platform from the ground up to redefine how modern security operations are delivered at scale. This is not a traditional SOC, SIEM, or detection engineering role focused on tuning pre-built rules within legacy platforms. Instead, the successful candidate will architect the logic, data flows, and intelligence layer behind a custom-built detection platform designed to transform raw security telemetry into high-confidence indicators of compromise across thousands of organisations. The successful candidate will play a foundational role in shaping a modern, automation-first SOC capability built around advanced analytics, behavioural detection, and AI-supported triage.

The Cybersecurity Architect will design and build the detection platform itself defining how security data is ingested, normalised, enriched, analysed, scored, and surfaced into meaningful security outcomes. This is a ground-floor architecture role for someone who wants to build a detection capability from first principles rather than inherit and maintain legacy security tooling.

• Design and evolve a custom multi-stage detection pipeline spanning ingestion, normalisation, enrichment, behavioural analysis, and indicator generation.
• Write advanced KQL across large-scale telemetry platforms such as Azure Data Explorer to support detection logic, hunting queries, pipeline transformations, and ML-assisted analytics.
• Architect detection workflows that progress data through analytical tiers from raw collection to high-confidence confirmed indicators.
• Define signal scoring, prioritisation, and surfacing methodologies to ensure exceptional signal quality and minimal noise at scale.
• Work with large-scale Microsoft 365 and cloud security telemetry across Defender, Entra ID, Exchange, SharePoint, endpoint, and identity data.
• Collaborate with data engineering and platform teams to design scalable, event-driven detection architectures and telemetry pipelines.
• Apply threat-led and behavioural detection methodologies to model real attacker behaviour rather than static IOC-based approaches.
• Influence platform design through investigation and operational security expertise to ensure detections produce actionable, defensible outcomes.
• Establish detection engineering standards, architecture patterns, and technical best practices.
• Act as a senior technical authority within the detection engineering and SOC architecture function.

• Experience working on Cybersecurity AI Automation architecture.
• Expert-level KQL with the ability to write advanced detection logic, hunting queries, and analytical transformations across large-scale telemetry environments.
• Deep experience designing and building custom detection pipelines including ingestion, normalisation, enrichment, scoring, and alert/indicator generation.
• Proven track record architecting SOC or detection platforms focused on signal quality, noise reduction, and scalable detection at volume.
• Strong understanding of behavioural detection engineering and threat-led analytics.
• Experience working with high-volume security telemetry and complex cloud/distributed data models.
• Strong familiarity with Microsoft 365 security telemetry including Defender, Entra ID, Exchange, SharePoint, endpoint, and identity signals.
• Ability to assess detection outcomes from an analyst/investigation perspective to ensure outputs are actionable and operationally valuable.

• DFIR / Incident Response / Investigation experience.
• Experience building or contributing to commercial security platforms (MDR, XDR, MSSP, or internal detection products).
• Familiarity with Azure Data Explorer, streaming analytics, event-driven architectures, or large-scale data pipeline design.
• Experience designing detections for multi-tenant or enterprise-scale environments.
• Exposure to machine learning / anomaly detection concepts within security analytics.