Microsoft 365 Security Engineer
6‑Month Contract | Hybrid | 2 days every 2 weeks London | Inside IR35 | £620 per day
i‑confidential is supporting a key client in the search for an experienced Security Operations Engineer (Microsoft 365) to strengthen their cyber defence capability and accelerate the adoption of Microsoft security technologies across their enterprise environment.
This role blends technical leadership with hands‑on engineering, working at the heart of the client’s Cyber Operations function to uplift detection, response, and overall M365 security maturity.
Key Responsibilities
-
Lead the configuration, optimisation and ongoing management of the Microsoft Security Stack, including Defender for Endpoint, Identity, Cloud and Office 365.
-
Maintain, tune and operationalise Defender policies and alerts to ensure high‑quality detection and response.
-
Provide flexible support across incident response, detection engineering and log enrichment workstreams.
-
Ensure Microsoft security telemetry is fully integrated into the central SIEM.
-
Support operational excellence through proactive policy management and threat analysis.
-
Collaborate with Cyber Security, Infrastructure and IT teams across multiple regions.
-
Present technical recommendations and security improvements to senior stakeholders.
Expected Deliverables
-
M365 E5 security assessment, baseline and improvement roadmap.
-
Alignment of M365 detections and configurations to MITRE ATT&CK.
-
Integration of M365 detections into SOAR with defined automation and enrichment.
-
Ongoing incident handling support (live or simulated).
-
Completion of E5 security configuration optimisation.
-
Engineering enhancements to support improved visibility, enrichment and integration.
-
Knowledge‑transfer sessions with internal analysts and engineers.
-
Final close‑out summary and recommendations.
Skills & Experience
-
Strong experience configuring and managing Microsoft Security technologies in an enterprise environment.
-
In‑depth knowledge of Defender, Sentinel, Entra ID (Azure AD) and Intune.
-
Experience with alert triage, policy configuration, and threat analytics.
-
Ability to work autonomously and take ownership of technical domains.
-
Excellent communication skills and the ability to influence senior stakeholders.
-
Experience working within cross‑functional or multi‑regional teams.
#LI-DNI