Stack: Microsoft Security: Defender XDR, Sentinel, Entra ID, Intune, Defender for Cloud etc. Exposure to other modern security stacks, such as SentinelOne or Crowdstrike is a strong advantage Cloud: Azure (required), AWS or GCP exposure a plus Platforms: AD/Entra hybrid identity, Windows Server, Linux Infrastructure: networking, VPN, Firewalls, endpoint management Tooling: KQL, PowerShell, API usage, automation tooling What we''re looking for Must have: Strong, demonstrable experience across the Microsoft security stack Solid understanding of identity and endpoint security fundamentals. Comfortable writing and tuning detection logic (eg KQL) across detective and threat hunting scenarios. Excellent communication and customer-facing skills; able to lead calls, drive discussions, and influence outcomes. Ability to work autonomously, solve problems, and deliver high-quality technical work. Nice to have: Experience with automation (PowerShell, Python, API integrations) and a sysadmin background Familiarity with security frameworks and incident response concepts. Exposure to logging pipelines (AMA, Syslog, Cribl, SIEM tooling). Working knowledge of other, non-Microsoft security stacks (CrowdStrike, SentinelOne, Tenable, etc). Experience producing architecture documents, diagrams, and design proposals. Background working in an MSSP, consultancy, or customer-facing engineering role. ..... full job details .....