Senior Security Consultant

Manila - Philippines

Monthly Salary: Not Disclosed

Posted on: 4 hours ago

Vacancies: 1 Vacancy

Job Summary

Love the buzz of turning noisy security data into sharp automated defence At NCC Group youll help well-known brands get the most from Microsofts security stack designing Sentinel-led detection and response wiring up smart SOAR playbooks and shaping XDR strategy that actually lands. Its hands-on high-impact work with a team that backs experimentation knowledge-sharing and doing things properly.
Why this role
Love the buzz of turning noisy security data into sharp automated defence At NCC Group youll help well-known brands get the most from Microsofts security stack designing Sentinel-led detection and response wiring up smart SOAR playbooks and shaping XDR strategy that actually lands. Its hands-on high-impact work with a team that backs experimentation knowledge-sharing and doing things properly.
What youll do
Build & tune Microsoft Sentinel: data connectors normalisation analytics rules UEBA watchlists workbooks and cost-savvy ingestion strategies.
Orchestrate & automate: create pragmatic SOAR playbooks (Logic Apps/Power Automate) that slash MTTR and remove toil.
XDR in the real world: deploy and optimise Microsoft Defender XDR across endpoints identity email and cloud; align detections to MITRE ATT&CK and real threats.
Hunt & respond: KQL-led threat hunting incident triage guidance detection content packs purple-team style improvements.
Secure the data: advise on Purview information protection & DLP from policy design to pilot and rollout.
Make it land: roadmaps runbooks and regular stakeholder updates translating deep technical detail into business-ready outcomes.
Coach & mentor: guide junior consultants; share patterns reusable content and lessons learned.
Shape opportunities: support presales scoping proposals and estimation for consulting and implementation work.
What youll bring
Proven experience delivering Microsoft security projects: Sentinel (must-have) Defender XDR SOAR (Logic Apps) and Purview/DLP.
Comfortable with KQL and scripting (PowerShell); version control with Git.
A knack for cost optimisation (ingestion retention table choices Basic vs Analytics).
Solid consulting skills workshops architecture reviews stakeholder management and great written reports.
Familiarity with control frameworks (ISO 27001 NIST CSF/800-53 PCI DSS GDPR) and how to evidence them in Microsoft cloud.
Nice-to-haves (not show-stoppers)
Azure Resource Manager/Bicep or IaC pipelines; Entra ID/Conditional Access; Defender for Cloud; Intune; MITRE mapping; incident response exposure; certifications such as SC-200/SC-100 CISSP/CISM ISO 27001 LA/LI PCI QSA.
A week in the life (example)
Monday: run a Sentinel use-case workshop; prioritise detections that matter to the clients threats.
Tuesday: deploy connectors and write analytics rules; build a workbook for exec-friendly KPIs.
Wednesday: craft SOAR playbooks to automate enrichment and ticketing; test and iterate with the SOC.
Thursday: Threat hunt with KQL; raise tuning PRs and push improvements to content packs.
Friday: roadmap review with stakeholders; document runbooks and handover notes; mentor a colleague.
How we work
Pragmatic > performative. We favour simple maintainable solutions over shiny complexity.
Collaborative by default. Youll have access to SMEs across NCC Group and a library of reusable content.
Growth mindset. Conferences labs and time to experiment are part of the deal.
Flexible and supportive. We embrace difference and want you to bring your authentic self to work.
About NCC Group
Were a global cyber security company with 2000 colleagues supporting 15000 customers across the UK North America Europe APAC and the ME. Our mission is to help organisations protect their brand value and reputation against an ever-evolving threat landscape. We invest in our people and operate with fairness creativity and respect.
Inclusion & accessibility
Were committed to diversity equity and flexibility. If you need reasonable adjustments at any stage of the process please let us know. Well handle your personal data in line with our Privacy Policy. If youd prefer us not to retain your details for future roles email .
Ready to apply
If this sounds like you but you dont tick every single box please still apply. We care about capability curiosity and potential as much as keywords on a CV.
*** Please note that this role has background clearance as mandatory due to the nature of the work NCC Group does. To apply you must be willing and able to undergo the vetting process ***

Required Experience:

Senior IC

Love the buzz of turning noisy security data into sharp automated defence At NCC Group youll help well-known brands get the most from Microsofts security stack designing Sentinel-led detection and response wiring up smart SOAR playbooks and shaping XDR strategy that actually lands. Its hands-on hig...

Love the buzz of turning noisy security data into sharp automated defence At NCC Group youll help well-known brands get the most from Microsofts security stack designing Sentinel-led detection and response wiring up smart SOAR playbooks and shaping XDR strategy that actually lands. Its hands-on high-impact work with a team that backs experimentation knowledge-sharing and doing things properly.
Why this role
Love the buzz of turning noisy security data into sharp automated defence At NCC Group youll help well-known brands get the most from Microsofts security stack designing Sentinel-led detection and response wiring up smart SOAR playbooks and shaping XDR strategy that actually lands. Its hands-on high-impact work with a team that backs experimentation knowledge-sharing and doing things properly.
What youll do
Build & tune Microsoft Sentinel: data connectors normalisation analytics rules UEBA watchlists workbooks and cost-savvy ingestion strategies.
Orchestrate & automate: create pragmatic SOAR playbooks (Logic Apps/Power Automate) that slash MTTR and remove toil.
XDR in the real world: deploy and optimise Microsoft Defender XDR across endpoints identity email and cloud; align detections to MITRE ATT&CK and real threats.
Hunt & respond: KQL-led threat hunting incident triage guidance detection content packs purple-team style improvements.
Secure the data: advise on Purview information protection & DLP from policy design to pilot and rollout.
Make it land: roadmaps runbooks and regular stakeholder updates translating deep technical detail into business-ready outcomes.
Coach & mentor: guide junior consultants; share patterns reusable content and lessons learned.
Shape opportunities: support presales scoping proposals and estimation for consulting and implementation work.
What youll bring
Proven experience delivering Microsoft security projects: Sentinel (must-have) Defender XDR SOAR (Logic Apps) and Purview/DLP.
Comfortable with KQL and scripting (PowerShell); version control with Git.
A knack for cost optimisation (ingestion retention table choices Basic vs Analytics).
Solid consulting skills workshops architecture reviews stakeholder management and great written reports.
Familiarity with control frameworks (ISO 27001 NIST CSF/800-53 PCI DSS GDPR) and how to evidence them in Microsoft cloud.
Nice-to-haves (not show-stoppers)
Azure Resource Manager/Bicep or IaC pipelines; Entra ID/Conditional Access; Defender for Cloud; Intune; MITRE mapping; incident response exposure; certifications such as SC-200/SC-100 CISSP/CISM ISO 27001 LA/LI PCI QSA.
A week in the life (example)
Monday: run a Sentinel use-case workshop; prioritise detections that matter to the clients threats.
Tuesday: deploy connectors and write analytics rules; build a workbook for exec-friendly KPIs.
Wednesday: craft SOAR playbooks to automate enrichment and ticketing; test and iterate with the SOC.
Thursday: Threat hunt with KQL; raise tuning PRs and push improvements to content packs.
Friday: roadmap review with stakeholders; document runbooks and handover notes; mentor a colleague.
How we work
Pragmatic > performative. We favour simple maintainable solutions over shiny complexity.
Collaborative by default. Youll have access to SMEs across NCC Group and a library of reusable content.
Growth mindset. Conferences labs and time to experiment are part of the deal.
Flexible and supportive. We embrace difference and want you to bring your authentic self to work.
About NCC Group
Were a global cyber security company with 2000 colleagues supporting 15000 customers across the UK North America Europe APAC and the ME. Our mission is to help organisations protect their brand value and reputation against an ever-evolving threat landscape. We invest in our people and operate with fairness creativity and respect.
Inclusion & accessibility
Were committed to diversity equity and flexibility. If you need reasonable adjustments at any stage of the process please let us know. Well handle your personal data in line with our Privacy Policy. If youd prefer us not to retain your details for future roles email .
Ready to apply
If this sounds like you but you dont tick every single box please still apply. We care about capability curiosity and potential as much as keywords on a CV.
*** Please note that this role has background clearance as mandatory due to the nature of the work NCC Group does. To apply you must be willing and able to undergo the vetting process ***