Devoteam Cyber Trust - Lead Cloud Security Consultant - Microsoft Focus

Responsibilities

• Write KQL, tune analytics rules, build connectors, configure Defender XDR policies, and walk customers through what their telemetry, posture, exposure, and risks mean.
• Assess and improve security controls across Sentinel, Defender XDR, Defender for Cloud, Entra ID, Azure workloads, logging/monitoring, and privileged access.
• Translate cyber security requirements into practical configurations, remediation actions, detection use cases, and operational improvements.
• Support multi-cloud engagements (Google Cloud, AWS) and CNAPP-related work where the customer needs posture improvement, exposure reduction, or detection coverage.
• Run customer-facing workshops and build the reusable assets the practice will scale on: playbooks, deliverable templates, KQL libraries, detection rule packs, configuration baselines, hardening guides, remediation roadmaps.
• Microsoft Sentinel:
• Deployed or supported Sentinel in production for at least one enterprise customer.
• Writes KQL from scratch for analytics rules, hunting queries, investigations, and workbooks.
• Has built, tuned, or maintained analytics rules, scheduled queries, hunting queries, or incident workflows.
• Has worked with data connectors, including Microsoft and non-Microsoft sources.
• Has experience with automation rules, Logic Apps playbooks, or response workflows.
• Understands alert fatigue and has experience improving signal-to-noise in a SOC or monitoring environment.
• Defender XDR cross-pillar:
• Configured and operated Defender for Endpoint, Identity, Office 365, and Cloud Apps.
• Investigated incidents spanning multiple pillars using the unified incident model.
• Comfortable with advanced hunting across the Defender XDR schema.
• Understands how Defender XDR and Sentinel complement each other in detection and response.
• Azure and cloud security:
• Solid Azure security understanding from a cyber perspective, not just infrastructure.
• Has delivered Azure security assessments, posture improvement, hardening, or secure configuration reviews.
• Hands-on with Microsoft Defender for Cloud - recommendations, regulatory compliance, workload protection, posture management.
• Understands subscriptions/management groups, Azure Policy, RBAC, logging/monitoring, network exposure, and workload protection.
• Comfortable working in broader cloud security contexts: posture management, workload protection, misconfiguration review, exposure reduction.
• Identity and access:
• Strong Microsoft Entra ID security - MFA, Conditional Access, Identity Protection, access reviews, enterprise applications, service principals.
• Familiarity with PIM, RBAC, least privilege, break-glass accounts, access governance.
• Understands identity as a core cloud security control.
• Cloud security and CNAPP awareness:
• Understands CSPM, CWPP, attack paths, misconfiguration abuse, and cloud-specific attack patterns.
• Familiar with CNAPP concepts and tools.
• Can turn cloud security findings into practical remediation plans for security, cloud, and engineering teams.
• Delivery experience:
• 5+ years cybersecurity experience, including relevant experience with the Microsoft security stack in a delivery, consulting, cloud security, detection engineering, or senior SOC role.
• Experience delivering client-facing cyber security work, including assessments, implementations, workshops, remediation planning, or technical documentation.
• Able to produce clear technical deliverables: assessment reports, implementation plans, remediation roadmaps, configuration baselines, runbooks, and executive-level summaries.
• Portuguese and English.

Requirements

• Microsoft Purview - DLP, information protection, insider risk.
• Google Cloud or AWS security background.
• Exposure to Wiz or another CNAPP pl

Additional Information

We're building a new Cloud Security Practice that delivers outcome-driven security engagements across Microsoft Azure, Microsoft 365, Google Cloud, AWS, and partner CNAPP platforms. We're hiring a Lead Cloud Security Consultant - Microsoft Focus as a hands-on cyber security expert. You'll help design how we deliver engagements, execute them in the consoles, and build the reusable assets the practice will scale on. This is a cyber-first role with Microsoft as the primary stack. Microsoft Sentinel, Defender XDR, Defender for Cloud, and Entra ID are the core of the work, but you should be comfortable operating in broader cloud security contexts - multi-cloud posture, CNAPP findings, exposure reduction - when engagements call for it. You don't need to be a pure infrastructure engineer, but you should understand cloud environments well enough to identify security gaps, implement controls, and help customers improve their posture.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Devoteam? Share your experience