Role: Technical ArchitectSC or DV ClearanceHybrid work modelOUTSIDE IR35
Job Requirements
Spec:

• • end-to-end technical leadership, architecture, and delivery oversight of Network Detection & Response (NDR) and Extended Detection & Response (XDR) solutions using Darktrace and Microsoft Defender
• • secure, scalable, and successful implementation of advanced detection technologies that enhance organisational threat visibility, improve incident response capability, and support a modern security operations function.
• • close collaboration with cybersecurity, infrastructure, networking, SOC analysts, service owners, and senior stakeholders to align technical designs with security strategy, operating models, and business needs.
• • definition of the target architecture for Darktrace NDR and Microsoft Defender XDR across on-premises, hybrid, and cloud environments.
• • creation of high-level and low-level solution designs, ensuring alignment with enterprise architecture standards, secure by design principles, and regulatory requirements.
• • development of data ingestion, telemetry, and integration patterns between Darktrace, Defender, SIEM/SOAR tools, and existing security stacks.
• • production of architecture decision records, design patterns, and technical documentation for long-term maintainability.
• • Leading technical delivery workstreams, providing direction and assurance across engineering teams.
• • Oversee deployment and configuration of Darktrace sensors, appliances, and monitoring coverage across networks, data centres, and cloud estates.
• • Guide onboarding, configuration, and tuning of Microsoft Defender XDR (Endpoint, Identity, Email, Cloud Apps, Server, and Threat Intelligence modules).
• • Ensure correct enablement of telemetry, behavioural analytics, detection logic, and baselining across both platforms.
• • Coordinate testing, validation, and acceptance of detection capabilities, including simulation of realistic attack techniques.
• • Integrate Darktrace and Defender outputs into SIEM, SOAR, and ticketing systems.
• • Work with SOC and automation teams to design playbooks, response workflows, and escalation paths.
• • Ensure centralised logging, enrichment, and context tagging of Darktrace and Defender telemetry to support investigations.
• • Establish architectural guardrails, configuration baselines, and security standards.
• • Perform technical reviews, risk assessments, and compliance checks throughout the delivery lifecycle.
• • Provide expert guidance on product best practice, platform limitations, and future roadmap opportunities.
• • Act as the primary technical authority for Darktrace and Defender XDR programmes.
• • Support programme planning, capacity forecasting, licensing strategy, and cost modelling.
• • Ensure an effective handover to operational teams, including documentation, training, dashboards, and runbooks.
• • Support the SOC in maturing their use of Darktrace and Defender for real-time detection, triage, and investigation.
• • Proven experience leading security technology projects at enterprise scale.
• • Strong understanding of network architecture, identity systems, cloud security, endpoint security, and behavioural analytics.
• • Experience with SIEM/SOAR integration, telemetry pipelines, and incident response workflows.
• • Ability to design and articulate secure, resilient, and operationally viable solutions.