Microsoft Security Engineer in Cardiff

What if you could do the kind of work the world needs? At WSP, you can access our global scale, contribute to landmark projects and connect with the brightest minds in your field to do the best work of your life. You can embrace your curiosity in a culture that celebrates new ideas and diverse perspectives. You can experience a world of opportunity and the chance to shape a career as unique as you.

We are seeking a highly skilled and advanced technical cybersecurity professional, preferably a Microsoft MVP, to our Global Security Operations and Engineering team. The successful candidate will lead technical security initiatives, with a particular focus on Microsoft Cloud Security covering the full scope, i.e., to plan (architect), implement (build), and manage the security platforms and tools in use at WSP, especially the SOAR capabilities, including automation for the SOC using Microsoft security tools (Microsoft Sentinel, Defender, etc). An important part of this role would be to coach and build the overall knowledge and capabilities within the team. The incumbent would be an integral member of the team and would also gain insight into other technology platforms, e.g., AD auditing solutions, PAM, our Threat Intelligence platforms, etc.

What You Can Expect To Do

• Work with a globally distributed team, taking inputs from the business, SOC, and management to roll out systems and troubleshoot (Tier‑3) support for security issues.
• Lead-guide the local Service Desk/OSS teams with knowledge bases to resolve tickets at first instance for issues relating to security software and configurations.
• Develop the automation (including playbooks, SOAR), scripts to monitor system‑health, and manage the SOC tools in use.
• Extract data from systems and build reports for management; PowerBI skills would be an advantage.
• Monitor and respond to feedback from the customers (employees and business stakeholders).
• Bring a problem‑solving and solutions‑mindset, coordinate with the IT teams as needed.
• Provide feedback on tooling and identify additional needs.
• Plan for expansion of security tools to cover ongoing needs.
• Evaluation of license usage and potential growth.

What We Will Be Looking For You To Demonstrate

• Demonstrable, current, and verifiable technical skills with the Microsoft security tools, especially MS Sentinel, Defender, LogicApp.
• Robust experience with EntraID, AD, e.g., and creating and managing complex role creations, assignments and permissions.
• Experience with Purview.
• A proven, recent, and verifiable track record in improving and maturing existing security implementations and configurations in the Microsoft Cloud landscape.
• Substantial expertise implementing SIEM/SOAR automations, developing and fine‑tuning the SIEM detection rules to reduce manual efforts, including SIEM log ingestion, connector options, and cost analysis for current and future needs.
• Solid current experience in securing the attack landscape in a Microsoft environment, and hardening the existing systems in the enterprise hybrid landscape (end‑user devices, servers, etc); skills and experience with other vendors and services would be an added advantage.
• Substantial expertise about the overall security landscape, including Threat and Vulnerability Management, and the ability to guide on their remediation.
• Deep knowledge of EntraID, including identity protection, conditional access, zero‑trust architecture and advanced threat detection.
• Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering, data sciences, or related field.
• Cyber professional at heart, tracking and mitigating emerging cyber threats against the company (e.g. zero‑day exploits, APTs etc).
• Experience with other concepts and systems like Privileged Account Management, Key Management (certificates, keys, ciphers, etc.).
• Ability to lead security systems integration, e.g., defining the architecture to work with ticketing systems, e.g., integrating Defender to create‑manage the tickets and communications in ServiceNow.
• Knowledge of extracting relevant data, creating security reports etc. would be a definite advantage.
• Solid abilities to lead and plan the architecture, deliveries, and even more importantly coach and teach other members of the technical team to high levels of technology excellence.

What You’ll Bring To WSP

• Previous experience in security tools and systems administration, including experience as a security administrator for security platforms.
• Knowledge and experience in SIEM and Microsoft platforms (Microsoft Azure ecosystems), other vendor security systems are good experiences as well (e.g. CyberArk, Akeyless).
• Good knowledge of EDR systems e.g. MS Defender, KQL etc. (or alternatively the willingness to learn them).
• Planned and meticulous approach to delivery.
• Knowledge and/or willingness to learn about advanced security capabilities, including integrations with other systems.

We are one of the world’s leading engineering and professional services firms. Our 72,800 passionate people are united by the common purpose of creating positive, long‑lasting impacts on the communities we serve through a culture of innovation, integrity, and inclusion. With over 9,000 professionals across the UK and Ireland, we are dedicated to our local communities and propelled by international brainpower.

Here at WSP we positively encourage applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, pregnancy or maternity/paternity. As a Disability Confident leader, we will interview all disabled applicants who meet the essential criteria, please let us know if you require any workplace adjustments in support of your application.