M365 Security Design Engineer

A prominent client within the Defence & Security sector is seeking an experienced and proactive Microsoft 365 Security Design Engineer to architect and deliver robust security solutions across the M365 platform. This role demands deep technical proficiency in M365 security features, alongside a comprehensive understanding of contemporary cyber threats, compliance mandates, and enterprise security architectures.

Key Responsibilities:

Lead the design and deployment of security controls across Microsoft 365 E5 services, including Endpoint Security, Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.
Provide subject matter expertise in the planning and implementation phases of Windows 11 and Exchange Online projects.
Develop, document, and maintain security configuration baselines in alignment with recognised standards such as NIST, CIS, and ISO/IEC 27001.
Configure and manage Microsoft security technologies, including Defender for Office 365, Defender for Cloud, Defender for Endpoint/Servers, Microsoft Purview (Information Protection, DLP), and Microsoft Entra ID (formerly Azure AD).
Integrate Microsoft Sentinel with existing SOC infrastructure and facilitate adoption of Sentinel capabilities within security operations.
Implement and administer Microsoft Privileged Identity Management (PIM) solutions.
Provide security leadership in areas of identity and access management, conditional access policies, and the implementation of Zero Trust principles.
Conduct security risk assessments, identify control gaps, and perform impact analyses on M365 deployments and integrations.
Collaborate with security operations and compliance stakeholders to detect, investigate, and respond to security threats and incidents.
Produce and maintain technical documentation and deliver knowledge transfer and training sessions to operational and support teams.

Required Skills & Qualifications:

Demonstrable experience in designing and securing Microsoft 365 environments at enterprise scale.
Expert knowledge of Microsoft 365 security tools and services, including the Microsoft Defender suite, Microsoft Purview, and Microsoft Entra ID.
Strong expertise in identity and access management concepts, including role-based access, conditional access, and multifactor authentication.
Solid understanding of regulatory and compliance frameworks such as GDPR, HIPAA, and ISO/IEC 27001.
Proficiency with Microsoft security and compliance centres, PowerShell scripting, and relevant automation techniques.
Industry-recognised certifications highly desirable, particularly: SC-100 (Cybersecurity Architect), SC-300 (Identity and Access Administrator), MS-500 (Security Administrator), and AZ-500 (Security Engineer Associate).Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change