Azure Security Engineer Contract

Azure Security Engineer – UK (Hybrid)

3 month initial contract outside IR35

Focus: Vulnerability Remediation, Defender Suite, Purview Compliance

We are hiring an Azure Security Engineer to strengthen our Microsoft security posture with a hands-on focus on improving Defender for Cloud findings, remediating vulnerabilities across Azure and endpoint estates, and uplift of compliance and data protection controls.

This is a role for someone who enjoys fixing things, not just recommending. You’ll be embedded with engineering and infrastructure teams, working through remediation tasks, tightening configuration, and improving real-world risk reduction week by week.

Core Responsibilities

Microsoft Defender Suite (Primary Requirement)

• Monitor and remediate vulnerabilities surfaced by Defender for Cloud
• Manage and optimise Defender for Endpoint, attack surface reduction and device hardening
• Operate and tune External Attack Surface Management (EASM) findings and asset exposure
• Improve Secure Score and continuously reduce risk through technical remediation
• Collaborate with SOC to triage, respond, and close findings

Data Protection & Compliance (Purview-Led)

• Implement and manage Purview (DLP, sensitivity labels, insider risk, records)
• Assist with compliance uplift against ISO 27001, SOC2, GDPR, NIS2
• Maintain audit trails, evidence, runbooks, and security documentation

Vulnerability & Configuration Hardening

• Hands-on remediation — patching, configuration fixes, policy deployments
• Work with product teams to close findings rather than just escalate
• Improve posture for identity, endpoints, networking, and cloud workloads
• Implement conditional access, PIM, key vault, and encryption standards

Detection, Monitoring & Response

• Tune Sentinel analytics, automation rules, alert noise reduction
• Support incident investigation, triage, threat hunting as needed
• Generate security metrics, reporting, and measurable improvement trends

Collaboration & Delivery

• Work with DevOps, Infra, Desktop, and Cloud teams on real-world fixes
• Translate risk into understandable action for stakeholders
• Create repeatable processes to shorten future remediation cycles

Experience & Skills Needed

Must-Have
✓ Strong hands-on experience with Defender for Cloud, Defender for Endpoint, EASM
✓ Working knowledge of Purview, DLP, sensitivity labels, insider risk
✓ Demonstrable history of closing vulnerabilities and improving posture
✓ Azure identity & access security (Entra ID, Conditional Access, PIM)
✓ PowerShell/MS Graph for automation or scripted remediation

Nice to Have

• Sentinel exposure (analytic rules, workbooks, automation)
• Understanding of Zero Trust principles and Microsoft Compliance Manager
• Experience working in regulated or audited environments

Certifications Required

• AZ-500 – Azure Security Engineer Associate
• SC-100 (or commitment to completion within 12 months)
Plus one of → MS-500 or SC-400 or SC-900

Desirable

• CCSP
• Additional Defender/M365 security modules

What This Role Offers

• Real ownership in improving cyber posture
• Hands-on security engineering where the work is measurable
• Hybrid UK working
• Modern cloud-security-driven environment

3 month initial contract outside IR35