Azure Security Engineer Contract

We are hiring an Azure Security Engineer to strengthen our Microsoft security posture with a hands-on focus on improving Defender for Cloud findings, remediating vulnerabilities across Azure and endpoint estates, and uplift of compliance and data protection controls.

This is a role for someone who enjoys fixing things, not just recommending. You'll be embedded with engineering and infrastructure teams, working through remediation tasks, tightening configuration, and improving real-world risk reduction week by week.

Core Responsibilities

Microsoft Defender Suite (Primary Requirement)

• Monitor and remediate vulnerabilities surfaced by Defender for Cloud
• Manage and optimise Defender for Endpoint, attack surface reduction and device hardening
• Operate and tune External Attack Surface Management (EASM) findings and asset exposure
• Improve Secure Score and continuously reduce risk through technical remediation
• Collaborate with SOC to triage, respond, and close findings

Data Protection & Compliance (Purview-Led)

• Implement and manage Purview (DLP, sensitivity labels, insider risk, records)
• Assist with compliance uplift against ISO 27001, SOC2, GDPR, NIS2
• Maintain audit trails, evidence, runbooks, and security documentation

Vulnerability & Configuration Hardening

• Hands-on remediation - patching, configuration fixes, policy deployments
• Work with product teams to close findings rather than just escalate
• Improve posture for identity, endpoints, networking, and cloud workloads
• Implement conditional access, PIM, key vault, and encryption standards

Detection, Monitoring & Response

• Tune Sentinel analytics, automation rules, alert noise reduction
• Support incident investigation, triage, threat hunting as needed
• Generate security metrics, reporting, and measurable improvement trends

Collaboration & Delivery

• Work with DevOps, Infra, Desktop, and Cloud teams on real-world fixes
• Translate risk into understandable action for stakeholders
• Create repeatable processes to shorten future remediation cycles

Do you have experience in PowerShell?, Must-Have

• Strong hands-on experience with Defender for Cloud, Defender for Endpoint, EASM
• Working knowledge of Purview, DLP, sensitivity labels, insider risk
• Demonstrable history of closing vulnerabilities and improving posture
• Azure identity & access security (Entra ID, Conditional Access, PIM)
• PowerShell/MS Graph for automation or scripted remediation

Nice to Have * Sentinel exposure (analytic rules, workbooks, automation)

• Understanding of Zero Trust principles and Microsoft Compliance Manager
• Experience working in regulated or audited environments

Certifications Required

• AZ-500 - Azure Security Engineer Associate
• SC-100 (or commitment to completion within 12 months)

Plus one of MS-500 or SC-400 or SC-900

Desirable

• CCSP
• Additional Defender/M365 security modules

3 month initial contract outside IR35