SOC Security Technical Architect

Cloud Raptor is Hiring for MNP SPARK Bengaluru

Work Location: Bengaluru, India

Engagement: Full-time (Onsite/Hybrid as per role)

Client: MNP SPARK A strategic technology and innovation arm of MNP LLP, one of Canadas largest professional services firms (75+ years legacy, nearly $5B revenue, 120+ offices).

MNP is one of Canadas largest full-service chartered professional-services firms providing accounting, tax, consulting, risk-advisory, management consulting, and financial advisory services.

• With offices across all provinces and a workforce of thousands, MNP serves clients in public, private, and not-for-profit sectors across Canada.

• MNP emphasizes a culture of balanced lifestyle, competitive compensation and benefits, merit-based career growth, and values that support diversity, inclusion, community, and work-life balance.

Role & responsibilities :

• Lead the design and architecture of the Microsoft Sentinel environment for the MXDR service, including multi-workspace strategies, data connector deployment, log source onboarding, data parsing and normalization, ingestion optimization, and cost management strategies.
• Architect the optimal integration, configuration, and policy management for the full Microsoft Defender XDR suite (Endpoint, Identity, Office 365, Cloud Apps) within the broader MXDR framework.
• Design security solutions leveraging Microsoft Entra ID capabilities (e.g., Conditional Access, Identity Protection, Privileged Identity Management) and Microsoft Purview features (e.g., Data Loss Prevention, Information Protection, Insider Risk Management) to enrich detection and response within the MXDR service.
• Develop and oversee the implementation of the Security Orchestration, Automation, and Response (SOAR) strategy, designing scalable and effective playbooks using Microsoft Sentinel Logic Apps.
• Define and document technical standards, best practices, and governance policies for alert tuning, Analytics Rule development, threat hunting methodologies, and incident response procedures utilized within the platform.
• Collaborate closely with SOC Security Analysts (Tiers 1-3) and SOC leadership to understand operational requirements, challenges, and feedback, translating these into actionable platform improvements and architectural adjustments.
• Continuously evaluate new Microsoft security features, third-party security technologies, and integration possibilities to enhance the MXDR service's capabilities, efficiency, and competitiveness.
• Develop and maintain comprehensive architecture documentation, including high-level designs, low-level designs, data flow diagrams, standard operating procedures, and reference architectures.
• Ensure the MXDR platform architecture is designed for scalability, high availability, resilience, and meets relevant compliance and regulatory requirements (e.g., GDPR, PIPEDA, SOC-2).
• Provide technical leadership, mentorship, and architectural guidance to SOC teams, engineering teams, and other internal stakeholders.
• Support pre-sales activities and client engagements by articulating the technical architecture, capabilities, and benefits of the MXDR service.
• Stay current with the evolution of Microsoft Azure and Microsoft 365 security architectures, best practices, product roadmaps, and the broader cybersecurity threat landscape.

Skills:

• 7+ years in cybersecurity roles, with 3-5+ years focused on security architecture, design, and implementation within the Microsoft cloud security ecosystem.
• Expert-level knowledge of Microsoft Sentinel architecture, including deployment models, workspace design, data connectors, KQL for advanced analytics, Log Analytics workspace configuration, and cost optimization techniques, including the use of Sentinel Auxiliary Logs.
• Deep expertise in designing, implementing, and managing solutions across the entire Microsoft Defender XDR suite (Defender for Endpoint, Identity, Office 365, Cloud Apps).
• Strong understanding and practical experience architecting solutions using Microsoft Entra ID security features (Conditional Access, Identity Protection, PIM, Entra ID Governance).
• Experience designing and implementing solutions involving Microsoft Purview capabilities, particularly Information Protection (Sensitivity Labels, Encryption) and Data Loss Prevention (DLP).
• Proficiency in architecting and securing Microsoft Azure environments, including expertise in Azure networking, Azure Policy, Azure Monitor, and Microsoft Defender for Cloud.
• Demonstrable experience designing and implementing Security Orchestration, Automation, and Response (SOAR) workflows, preferably using Azure Logic Apps within Microsoft Sentinel.
• Strong proficiency in scripting and automation languages/tools relevant to Azure and security (e.g., PowerShell, Python, Azure CLI, ARM Templates, Bicep, Terraform).
• Solid understanding of security frameworks (e.g., NIST Cybersecurity Framework, ISO 27001/27002) and common compliance requirements impacting cloud environments.
• Excellent technical writing skills for creating detailed architecture documents, standards, and diagrams. Skilled in presenting complex architectural designs and strategies to technical and executive audiences.
• Ability to work collaboratively with Stakeholders (IT, SOC, NOC, Business) to define/build effective solutions for varied client needs in the security space.
• Ability to network in the industry to understand key technology trends and solutions and bring thought leadership and best practices to delivery.

Preferred candidate profile:

Educational Qualifications Bachelor of Technology in Computer Science or associated degrees

Certifications:

• Microsoft Certified: Cybersecurity Architect Expert (SC-100) required
• Microsoft Certified: Azure Solutions Architect Expert (AZ-305) desirable
• Certified Information Systems Security Professional (CISSP) desirable
• Microsoft Certified: Azure Security Engineer Associate (AZ-500) desirable
• Other relevant architecture or advanced security certifications (e.g., TOGAF) ideal

Experience 10+ years of experience in Cybersecurity & Architect role

Additional Information

We leverage technology to turn our clients' challenges into real results, starting with having the right people. Our environment promotes continuous growth, meaningful collaboration, and ensures everyone has a voice. To foster collaboration and productivity, we require all team members to be in the office five days a week, enabling effective teamwork and idea sharing.