Sentinel Architect - Contract (London or Manchester)

Insight Investment are looking for a Sentinel Architect. You will be responsible for designing and deploying a new Microsoft Sentinel environment to support a critical web application. This includes building and configuring the SIEM architecture, onboarding diverse data sources, and developing custom analytics rules and playbooks for automated response. The role will also involve integrating Sentinel with existing security tools, optimising for performance and cost, and delivering comprehensive documentation and knowledge transfer to the SOC and engineering teams.

Role Responsibilities

• Design, build, and implement a Microsoft Sentinel deployment for a new application environment.
• Develop and configure data connectors, workbooks, analytics rules, and playbooks to meet security monitoring requirements.
• Integrate Sentinel with existing security tools and ensure seamless log ingestion from relevant sources.
• Define and implement alerting, dashboards, and reporting aligned with SOC processes.
• Work closely with application owners, security teams, and stakeholders to ensure requirements are captured and delivered.
• Document the deployment architecture, configurations, and operational procedures for handover to the SOC team.
• Provide knowledge transfer and training to internal teams on Sentinel usage and best practices.

Experience Required

• Proven experience in Microsoft Sentinel deployment and configuration in enterprise environments.
• Strong understanding of SIEM concepts, log ingestion, and security monitoring use cases.
• Hands-on experience with Kusto Query Language (KQL) for creating queries, analytics rules, and dashboards.
• Familiarity with Azure services (e.g., Log Analytics, Azure Monitor) and security integration.
• Ability to work independently and deliver within tight timelines.
• Excellent communication and documentation skills.
• Experience designing Sentinel architecture from scratch, including workspace design, data retention strategy, and cost optimisation.
• Familiarity with onboarding multiple log sources (cloud, on-prem, third-party) and handling complex data normalisation.
• Experience with SOAR automation and playbook development in Sentinel.
• Exposure to cloud security monitoring across Azure, AWS, or GCP.
• Relevant certifications (e.g., SC-200: Microsoft Security Operations Analyst, AZ-500).
• Ability to deliver comprehensive documentation and knowledge transfer for long-term maintainability.

Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at [email protected]

About Insight Investment

Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients’ needs. Founded in 2002, Insight’s collaborative approach has delivered both investment performance and growth in assets under management. Insight manages assets across its core liability-driven investment, risk management, full-spectrum fixed income, currency and absolute return capabilities.

Insight has a global network of operations in the UK, Ireland, Germany, US, Japan and Australia. More information about Insight Investment can be found at: www.insightinvestment.com