Negotiable
Outside
Undetermined
London
Summary: The Microsoft Sentinel Solution Architect role involves providing hands-on architecture support for Microsoft Sentinel over an initial six-week contract in London. The position requires collaboration with the client’s Product Owner and Security Architect to assess and improve the current Sentinel design and integration model. The architect will identify gaps and recommend practical architecture solutions to enhance security operations. This role is classified as outside IR35, indicating a favorable tax status for contractors.
Key Responsibilities:
- Provide hands on Microsoft Sentinel solution architecture support for a focused six-week review.
- Work directly with the client Product Owner and Security Architect to assess the current Sentinel design, use cases, architecture and enterprise integration model.
- Identify gaps, risks, constraints and improvement opportunities across data ingestion, detection logic, integrations, automation, operating model and scalability.
- Support client in shaping practical architecture recommendations, design decisions and prioritised next steps.
- Current state architecture review of Microsoft Sentinel.
- Assessment of workspace design, data connectors, log sources, ingestion patterns, retention, access model and cost considerations.
- Review of monitoring use cases, analytics rules, detection logic, automation rules, workbooks, playbooks and incident management processes.
- Enterprise integration assessment covering identity, endpoint, cloud, network, infrastructure, application logging, vulnerability management, ticketing and SOC processes.
- Target state recommendations, improvement backlog and sequencing options.
- Architecture decision records, design risks, assumptions, dependencies and governance materials.
Key Skills:
- Strong Microsoft Sentinel solution architecture experience in large enterprise environments.
- Deep knowledge of SIEM architecture, security monitoring, detection engineering, log source onboarding and SOC integration.
- Experience reviewing Sentinel workspace design, connector strategy, analytics rules, KQL, automation rules, Logic Apps, playbooks, workbooks and incident workflows.
- Strong understanding of Microsoft security ecosystem integration, including Microsoft Defender, Entra ID, Azure, Microsoft 365, Defender for Cloud and endpoint telemetry.
- Experience integrating Sentinel with wider enterprise tooling, including cloud platforms, network security tooling, infrastructure logging, application logging, ITSM, case management and vulnerability management.
- Ability to assess monitoring use cases against enterprise threat models, security operations needs and cyber risk priorities.
- Strong architecture governance capability, able to produce clear findings, recommendations, design options and decision papers.
- Able to work hands on with product owners, security architects, engineers, SOC teams and platform teams.
Salary (Rate): undetermined
City: London
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Microsoft Sentinel Solution Architect
Whitehall Resources are currently looking for a Microsoft Sentinel Solution Architect based in London for an initial 6 week contract.
*** OUTSIDE IR35 ***
Main Responsibilities:
- Provide hands on Microsoft Sentinel solution architecture support for a focused six-week review.
- Work directly with the client Product Owner and Security Architect to assess the current Sentinel design, use cases, architecture and enterprise integration model.
- Identify gaps, risks, constraints and improvement opportunities across data ingestion, detection logic, integrations, automation, operating model and scalability.
- Support client in shaping practical architecture recommendations, design decisions and prioritised next steps.
Key deliverables:
- Current state architecture review of Microsoft Sentinel.
- Assessment of workspace design, data connectors, log sources, ingestion patterns, retention, access model and cost considerations.
- Review of monitoring use cases, analytics rules, detection logic, automation rules, workbooks, playbooks and incident management processes.
- Enterprise integration assessment covering identity, endpoint, cloud, network, infrastructure, application logging, vulnerability management, ticketing and SOC processes.
- Target state recommendations, improvement backlog and sequencing options.
- Architecture decision records, design risks, assumptions, dependencies and governance materials.
Essential skills:
- Strong Microsoft Sentinel solution architecture experience in large enterprise environments.
- Deep knowledge of SIEM architecture, security monitoring, detection engineering, log source onboarding and SOC integration.
- Experience reviewing Sentinel workspace design, connector strategy, analytics rules, KQL, automation rules, Logic Apps, playbooks, workbooks and incident workflows.
- Strong understanding of Microsoft security ecosystem integration, including Microsoft Defender, Entra ID, Azure, Microsoft 365, Defender for Cloud and endpoint telemetry.
- Experience integrating Sentinel with wider enterprise tooling, including cloud platforms, network security tooling, infrastructure logging, application logging, ITSM, case management and vulnerability management.
- Ability to assess monitoring use cases against enterprise threat models, security operations needs and cyber risk priorities.
- Strong architecture governance capability, able to produce clear findings, recommendations, design options and decision papers.
- Able to work hands on with product owners, security architects, engineers, SOC teams and platform teams.
Desirable Skills:
- Experience with aviation, critical infrastructure or highly regulated enterprise environments.
- Experience aligning SIEM and monitoring designs to NCSC, CISA, MITRE ATT&CK, NIST or CIS guidance.
- Experience with Sentinel cost optimisation, log retention strategy, data tiering and ingestion prioritisation.
- Experience improving detection quality, reducing alert noise and strengthening incident enrichment.
All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.
Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
