Azure Security Engineer - UK (Hybrid)
3 month initial contract outside IR35
Focus: Vulnerability Remediation, Defender Suite, Purview Compliance
We are hiring an Azure Security Engineer to strengthen our Microsoft security posture with a hands-on focus on improving Defender for Cloud findings, remediating vulnerabilities across Azure and endpoint estates, and uplift of compliance and data protection controls.
This is a role for someone who enjoys fixin g things, not just recommending. You'll be embedded with engineering and infrastructure teams, working through remediation tasks, tightening configuration, and improving real-world risk reduction week by week.
Core Responsibilities
Microsoft Defender Suite (Primary Requirement)
- Monitor and remediate vulnerabilities surfaced by Defender for Cloud
- Manage and optimise Defender for Endpoint, attack surface reduction and device hardening
- Operate and tune External Attack Surface Management (EASM) findings and asset exposure
- Improve Secure Score and continuously reduce risk through technical remediation
- Collaborate with SOC to triage, respond, and close findings
Data Protection & Compliance (Purview-Led)
- Implement and manage Purview (DLP, sensitivity labels, insider risk, records)
- Assist with compliance uplift against ISO 27001, SOC2, GDPR, NIS2
- Maintain audit trails, evidence, runbooks, and security documentation
Vulnerability & Configuration Hardening
- Hands-on remediation - patching, configuration fixes, policy deployments
- Work with product teams to close findings rather than just escalate
- Improve posture for identity, endpoints, networking, and cloud workloads
- Implement conditional access, PIM, key vault, and encryption standards
Detection, Monitoring & Response
- Tune Sentinel analytics, automation rules, alert noise reduction
- Support incident investigation, triage, threat hunting as needed
- Generate security metrics, reporting, and measurable improvement trends
Collaboration & Delivery
- Work with DevOps, Infra, Desktop, and Cloud teams on real-world fixes
- Translate risk into understandable action for stakeholders
- Create repeatable processes to shorten future remediation cycles
Experience & Skills Needed
Must-Have
- Strong hands-on experience with Defender for Cloud, Defender for Endpoint, EASM
- Working knowledge of Purview, DLP, sensitivity labels, insider risk
- Demonstrable history of closing vulnerabilities and improving posture
- Azure identity & access security (Entra ID, Conditional Access, PIM)
- PowerShell/MS Graph for automation or scripted remediation
Nice to Have
- Sentinel exposure (analytic rules, workbooks, automation)
- Understanding of Zero Trust principles and Microsoft Compliance Manager
- Experience working in regulated or audited environments
Certifications Required
- AZ-500 - Azure Security Engineer Associate
- SC-100 (or commitment to completion within 12 months)
- Plus one of MS-500 or SC-400 or SC-900
Desirable
- CCSP
- Additional Defender/M365 security modules
What This Role Offers
- Real ownership in improving cyber posture
- Hands-on security engineering where the work is measurable
- Hybrid UK working
- Modern cloud-security-driven environment
3 month initial contract outside IR35