Cyber Security Platform Engineer – Microsoft - London

Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place).

Salary: £59,000 - £72,000

Benefits: Bupa, Matched pension contributions.

The Role

The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. This is a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus.

It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on.

The Security Platform Engineering function is central to that portfolio – responsible for ensuring that the security tools the organisation invests in are deeply understood, expertly configured, continuously improved, and consistently delivering their intended security and business value. Microsoft is the most strategically significant security platform, and the uplift and optimisation of the Microsoft security estate is one of the most consequential engineering challenges in the GCS transformation programme.

Role Summary

Reporting to the Security Platform Engineering Manager, the Cyber Security Platform Engineer – Microsoft is the Group dedicated technical authority for the Microsoft security platform. The role carries implied ownership of the full Microsoft security stack: the M365 Defender suite, the security-relevant capabilities of Microsoft Entra ID (conditional access, Privileged Identity Management, access packages, and least privilege), Intune, and the foundational configuration of the Microsoft 365 and Azure environments on which all of these depend.

This is a role that extends beyond BAU platform management: a significant part of the initial mandate is to critically assess the current state of the Microsoft estate – spanning E3, Active Directory, Entra ID, Intune, and existing Defender deployments – identify the gaps against vendor-recommended best practice and the Group cyber standard, and build a prioritised strategy and plan to close them.

This role is the primary technical owner of that relationship on the GCS side – working directly with the Microsoft team to prioritise, plan, and drive the E5 deployment across the estate, and ensuring that the professional services and engineering resources available are directed at the highest-value activities. The role must navigate the realities of the federated organisation with skill: delivery will depend on partnership with divisional IT teams, and getting there will require excellent stakeholder management, a clear change communication approach, and an absolute commitment to end-user experience. Zero tolerance for avoidable downtime is not a preference – it is a non-negotiable operating constraint.

The role works in close partnership with the Cyber Architecture Manager, the Group CTO function, the IT Frameworks Director, Assurance leads, Divisional Security Leads, and the Identity Transformation team. It shares the defining mindset of the whole platform engineering function: genuine passion for the Microsoft platform, curiosity about its full capability, and the drive to get to a secure, consistent, vendor-recommended configuration as quickly and as safely as possible.

Role Responsibilities / Accountabilities

• Microsoft Estate Assessment, Gap Analysis & Strategy
  • Conduct a structured, critical assessment of the current Microsoft security estate, covering Active Directory, Microsoft Entra ID, Intune, M365 (E3 and current Defender deployments), and Azure security configuration; benchmark the current state against Microsoft’s secure score recommendations, vendor best practice, and the Group cyber technical standard, and produce a clear, evidence-based gap analysis.
  • Develop a prioritised Microsoft security uplift strategy and delivery plan that sequences remediation and enhancement activity by risk reduction impact, operational feasibility, and alignment with the E5 migration roadmap; ensure the plan is realistic for federated environment and has clear milestones, owners, and success criteria.
  • Maintain the Microsoft security uplift plan as a live document; track progress against milestones, report status to the Security Platform Engineering Manager, and adapt the plan to the Groups environment, the threat landscape, and the Microsoft product roadmap evolve.
• Microsoft Defender Platform Ownership & Engineering
  • Own the technical configuration, ongoing engineering, and operational health of the full M365 Defender suite, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, and Microsoft Sentinel integration; maintain configurations to the approved baseline and drive continuous improvement against vendor-recommended configuration.
  • Work closely with the SOC to tune Defender configurations for effective detection and response; adjust detection rules, custom detection queries, and alert thresholds in response to SOC operational feedback, ensuring analysts receive high-fidelity, actionable alerts with minimal noise.
  • Develop and maintain detailed configuration documentation, runbooks, and change records for all Defender workloads; ensure configuration state is consistently documented, version-controlled, and auditable.
• Entra ID Security & Identity Controls
  • Own the security configuration of Microsoft Entra ID across the Group; take implied technical ownership of the security-relevant Entra capabilities including Conditional Access policy design and enforcement, Privileged Identity Management (PIM), access packages and entitlement management, Identity Protection, and the application of least privilege principles across the directory.
  • Work with the Cyber Architecture Manager, the IT Frameworks Director, and Assurance leads to ensure that GCS policies – including BYOD, remote access, and privilege management policies – are correctly and completely manifested in Entra Conditional Access policies and Intune device compliance rules; maintain a clear mapping between policy intent and platform configuration.
  • Support the Active Directory to Entra ID modernisation journey; identify legacy AD configurations and hybrid identity risks that need to be addressed as part of the E5 migration, and work with the Identity Transformation team to ensure Entra security configuration activity is co-ordinated with the broader identity programme.
  • Own the Intune security configuration, maintain device compliance policies, configuration profiles, and security baselines; ensure Intune is configured to enforce the Group endpoint security standard and provides accurate device compliance data to Entra Conditional Access and the Defender estate.
• E5 Migration, ECIF Engagement & Microsoft Relationship
  • Act as GCS’s primary technical liaison to the Microsoft ECIF (Engineering Co-Investment Fund) team; plan, prioritise, and drive the E5 deployment programme in partnership with the ECIF team, ensuring that Microsoft engineering resources are directed at the highest-value activities and that the Organisation is getting the maximum benefit from the co-investment engagement.
  • Manage the technical relationship with Microsoft across the security and identity platform; maintain active engagement with Microsoft technical account management, product specialists, and engineering teams; use the account relationship to gain early access to roadmap briefings, preview features, escalation paths, and best-practice guidance relevant to the organisations environment.
  • Plan and manage the technical delivery of E5 capability rollout across the divisions; sequence deployment activity to maximise early security value, sequence it safely within the change management constraints, and ensure each phase is fully tested, documented, and supported before moving to the next.
  • Maintain accurate records of Microsoft licence entitlements, feature adoption, and E5 deployment progress; ensure the Group is consuming the capabilities it is paying for, and provide the Security Platform Engineering Manager with clear, up-to-date visibility of licence utilisation and deployment status.
• Policy Manifestation, Standards Alignment & Assurance
  • Translate Group cyber technical standards and security policies into enforceable Microsoft platform configurations; maintain a clear, auditable mapping between each policy requirement and its implementation in Defender, Entra, Intune, or other Microsoft controls, and ensure divergence is identified and remediated promptly.
  • Work closely with the Director of Cyber Assurance and Assurance leads to support controls assessment of the Microsoft estate; provide technical evidence of configuration compliance, investigate gaps identified through continuous controls monitoring (including Axonius), and drive remediation of control failures to closure.
  • Work with the Cyber Architecture Manager to ensure that Microsoft security configurations are consistent with the Group cyber enterprise architecture and approved reference patterns; flag and resolve any divergence between the configured state and the architectural design intent.
• Divisional Engagement, Change Communication & End-User Focus
  • Work directly with Divisional Security Leads to share emerging practice, gather direct and usable feedback on how Microsoft security configurations are landing in the business, and drive adoption of a consistent, vendor-recommended Microsoft configuration across all 11 divisions as quickly as the operating model allows.
  • Put end users at the heart of every configuration and deployment decision; maintain a zero-tolerance approach to avoidable downtime, design changes to minimise disruption to business operations, and ensure that user-impacting changes are thoroughly tested and piloted before broad rollout.
  • Own the change communication approach for Microsoft platform changes; ensure that divisions, IT teams, and end users understand what is changing, why it is changing, and what they need to do – well in advance of any change taking effect; develop training and guidance materials that help users and IT teams adapt confidently to new security controls.
  • Provide technical configuration guidance and support to divisional IT and security teams deploying or operating Microsoft security platforms in their environments; act as the technical authority for Microsoft platform queries across the Group, and help divisional teams reach and maintain compliance with the Group Microsoft security baseline.
• Identity Transformation Alignment & Stakeholder Collaboration
  • Work closely and continuously with the Identity Transformation team throughout the transformation programme; ensure that GCS Microsoft security configuration activity – particularly Entra ID, PIM, and Conditional Access – is aligned with and supportive of the broader identity transformation workstream, and that dependencies, conflicts, and sequencing decisions are surfaced and resolved early.
  • Collaborate with the Group CTO function and IT Frameworks Director to ensure that Microsoft security platform plans are integrated into the broader IT technology strategy; surface platform interdependencies that span security and non-security technology and ensure they are managed proactively.
  • Contribute actively to continuous improvement within the Security Platform Engineering function; document lessons learned from each phase of E5 delivery, share practice with other platform engineers, and help build the team’s collective Microsoft knowledge and capability over time.

Experience, Knowledge, Skills & Attributes Essential

• Experience
  • 5+ years in cyber security or Microsoft platform engineering, with demonstrable, hands-on depth across the Microsoft 365 security stack in a large enterprise environment.
  • Proven hands-on experience configuring and managing the M365 Defender suite at enterprise scale, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Defender for Office 365.
  • Substantive, practical experience with Microsoft Entra ID security configuration: Conditional Access policy design and enforcement, Privileged Identity Management, Identity Protection, and access package or entitlement management.
  • Experience configuring and managing Microsoft Intune at enterprise scale, including device compliance policies, configuration profiles, and endpoint security baselines.
  • Experience conducting a structured assessment of a Microsoft 365 environment and developing a gap analysis and remediation roadmap against vendor best practice or a defined security standard.
  • Experience working with a SOC or security operations team as a platform engineer, tuning Microsoft Defender detection rules and data feeds to improve alert quality and operational effectiveness.
  • Experience engaging directly with Microsoft technical account teams, ECIF programme teams, or Microsoft FastTrack / CSP engineers to drive platform deployment or optimisation activity.
• Knowledge & Skills
  • Genuine passion for the Microsoft security platform: the curiosity to explore its full capability, track its roadmap proactively, and identify where existing or emerging features can address real problems before defaulting to new tooling.
  • Deep, current technical knowledge of the Microsoft 365 security architecture: how Defender workloads integrate with each other, with Entra ID, with Intune, and with Sentinel; how data flows between components; and where configuration choices in one product affect behaviour in others.
  • Strong understanding of hybrid identity architecture: Active Directory / Entra ID synchronisation, managed vs federated authentication, hybrid join, and the security implications of common hybrid configurations.
  • Excellent stakeholder engagement skills; able to work collaboratively and credibly across GCS, IT, and business functions, and to communicate technical configuration changes in terms that non-technical stakeholders can understand and act on – particularly around user-impacting changes.
  • Able to produce clear, accurate technical documentation – configuration records, runbooks, gap analyses, deployment plans, change requests – to a consistent and auditable standard; able to present findings and proposals to the Security Platform Engineering Manager and senior stakeholders concisely and with evidence.
• Qualifications
  • Degree-level education in computer science, information security, or a related technical discipline; or equivalent professional experience.
  • Microsoft certification in security operations or identity: SC-200 (Security Operations Analyst), SC-300 (Identity and Access Administrator), or AZ-500 (Azure Security Engineer); at least one of these is required, and ideally two or more.

Experience, Knowledge, Skills & Attributes Desirable

• Knowledge & Skills
  • Microsoft Sentinel: KQL query development, analytics rule management, workbook creation, and SOAR playbook integration; experience building or tuning a Sentinel deployment to serve as the primary SIEM for a SOC.
  • PowerShell and/or Microsoft Graph API scripting for automation of Entra, Intune, and Defender configuration tasks; experience using the Microsoft 365 DSC (Desired State Configuration) framework or similar tooling for configuration-as-code.
  • Understanding of Microsoft Purview (Information Protection, DLP, Compliance Manager) and its relationship to the broader Microsoft security and governance configuration.
  • Familiarity with Axonius or equivalent CAASM tooling and how it can be used to validate and evidence Defender and Intune configuration compliance across a large, distributed estate.
• Qualifications
  • SC-100 (Microsoft Cybersecurity Architect) demonstrating breadth across the Microsoft security portfolio at the design and strategy level.
  • CISSP or CISM providing broader security leadership credentials alongside deep Microsoft specialism.
  • Microsoft Certified: Identity and Access Administrator Associate (SC-300) if not already held as an Essential requirement.