We have a current opportunity for a Head of Azure Platform Security on a permanent basis. The position will be based in London. For further information about this position please apply. Requirements - Hands-on Azure cloud security architecture and implementation - Defender for Cloud, Policy-as-Code, RBAC, PIM, private endpoints, and secure landing zone design; AWS security experience also considered - Network security engineering: firewall policy design and lifecycle management, micro-segmentation, NSG/UDR/NVA architecture, hub-spoke topology, and perimeter defence for hybrid environments - WAF design, deployment, and operational tuning - Cloudflare, Azure Application Gateway, or equivalent; custom rule authoring and false-positive management at production scale - Network flow log analysis and intrusion detection engineering - building detection logic for lateral movement, beaconing, anomalous egress, and C2 patterns - SIEM engineering: detection rule authoring (KQL, SPL, or equivalent), log pipeline design, alert correlation, triage workflow - you write the rules, not just read the dashboard - Endpoint and desktop security: EDR deployment and tuning (Defender for Endpoint, CrowdStrike), Intune/Jamf device management, privileged access workstations, JIT/JEA models - API and application security: threat modelling (STRIDE/PASTA), OAuth 2.0/OIDC implementation review, secrets management (Key Vault, HashiCorp Vault), and secure SDLC integration - PKI, certificate lifecycle automation, identity federation, and SSO across hybrid cloud and on-premises environments - Security automation and IaC: Python, PowerShell, Terraform, Bicep, or Sentinel analytics rules - you codify controls, you do not document them - MITRE ATT&CK coverage mapping; threat hunting, adversary emulation, and proactive gap analysis against realistic TTPs - Cloud infrastructure - Azure preferred, AWS considered; IAM, managed services, automated and auditable deployment pipelines, secrets management Nice to Have o Financial services, trading, or capital markets - operational security in a regulated, high-availability, zero-downtime-tolerance environment o Zero-trust architecture: BeyondCorp, Zscaler, or equivalent; conditional access policy design and implementation o DDoS mitigation, BGP security, and network resilience engineering for latency-sensitive financial infrastructure o ISO 27001, SOC 2, DORA, or equivalent - hands-on implementation, not just audit participation o Red team, adversarial simulation, or penetration testing programme design - experience on both sides of the exercise To find out more about Huxley, please visit www.huxley.com Huxley, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 8 Bishopsgate, London, EC2N 4BQ, United Kingdom | Partnership Number | OC387148 England and Wales