Microsoft Security SME Consultant
Impact, London
Microsoft Security SME Consultant
Impact, London

Who we are:

You'll be joining the 6th largest IT Service Provider, present in more than 50 countries. From our roots in Japan, NTT DATA's mission is to facilitate business change and technology transformation across many industries for a better future for our business, people and community. Some of the projects we have supported include the digitising of The Open  golf tournament and applying Formula 1 technology to support medical staff at University Hospitals Leicester.

Everything we do is underpinned by our core values of 'Clients First', 'Teamwork' and 'Foresight' and we achieve these by putting people first.

We support and celebrate our differences and preferences, these are what makes us unique. Some of our initiatives, collectively known as “DO Diversity”, aim to create a space for us to learn and get involved in building a truly diverse environment. Our Culture & Ethnicity Network gives our colleagues a platform to share their various backgrounds; Our NINGEN programme allows the new generation of NTT DATA employees around the world to connect and shape the future of our organisation and the “City Gives Back” allows us to support our local community that has been affected by the COVID-19 pandemic...and much more!

What you'll be doing:

We are currently recruiting for Microsoft Security SME Consultant's to join our growing client delivery business. The successful candidate will be obsessive about solving business and client challenges, with a strong focus on security risk to help tackle and direct client challenges. This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.

You will be working in the Strategy, Design and Transition phases to unpack and evaluate challenges and change. Drawing upon your strong Microsoft technologies security you will:


Identify -

  • Client needs in terms of; outcomes, stakeholder engagement and risk mitigation.
  • Stakeholder requirements for protecting the organisation’s mission and business processes.
  • Operating structure, capability, process, taxonomy and good practice gaps.
  • Client Security Requirements.
  • Security gaps in both process and infrastructure.
  • Any assumptions, issues and dependencies.

Review, challenge/validate and improve - 

  • Project solution / Solution architecture – with a Security lens.
  • Security posture, risk appetite and control implementation.

Enact/Lead - 

  • Qualification and Scoping of engagements.
  • Structured assessments to identify findings.
  • Microsoft Security recommended and Industry Good Practices.
  • To build in security into the clients development process.

Oversee, evaluate and support - 

  • Documentation, validation, assessment, and authorisation processes necessary to assure new and existing information.
  • Discovery and audits, for extraction of findings and documentation of recommendations
  • The adoption of frameworks such as ISO27001, STRIDE, Mitre Att&ck, NIST CSF, CIS, OWASP and CSA CCM and using these to implement outcomes.

Demonstrate - 

  • Subject matter expertise in Microsoft Security.
  • Subject matter expertise in SSDLC and DevSecOps practices, frameworks and methodologies.
  • The ability to take feedback & lessons learnt from both clients and colleagues.
  • Experience of working within a Security Architect / Security Lead capacity.
  • Strong knowledge of Microsoft Azure cloud platform and security architectures. Exposure to AWS and GCP also valuable.
  • Expert knowledge of key Microsoft cloud technologies, including AD / O365 / M365 / Azure, MS Zero Trust Model, Microsoft Sec. Product range Inc. Active Directory, Key Vault, Entra, Defender, Purview, and Sentinel.  Knowledge of Intune valuable.
  • Knowledge of the security attack vectors, tooling, good practices for assessment, mitigation and remediation.
  • Knowledge and hands-on experience in threat modelling with a specific focus on STRIDE and Mitre Att&ck frameworks.
  • Strong knowledge of API security, WAF, and Cryptography.
  • Demonstrable experience of securing cloud services either through project delivery / continual refinement.
  • Experience of designing and delivering enterprise or cloud architectures using industry standards.
  • Scripting experience such as; JavaScript, Python or PowerShell
  • Knowledge of Infrastructure-as-Code languages and tools such as JSON, Terraform, Azure Resource Manager etc.

What you'll need:

It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have an Engineering and broad security delivery background and experience in operating at client Consulting and Advisory level;

  • Proactive self-starter, able to orientate quickly to different challenges and environments. 
  • Holder of a security certification – CISSP, CCSP, CISM, Microsoft AZ-500, SC100, SC-200, SC-300, SC-400, AZ-300 or equivalent experience.
  • Extensive, multi-year project experience in complex environments.
  • Ability to operate in demanding situations whilst still having relentless drive to deliver with enthusiasm.
  • Strong influencer, with a wide range of styles, having ability to build good working relationships with delivery partners and senior levels within the organisation
  • Must be able to interface with and manage relationships with architects, business people, and technologists at senior levels, showing competence in all three areas.
  • Continued personal growth attaining any necessary further security qualifications and learning
  • Sometimes we work with Public Sector clients where Defence Vetting to such as SC maybe required, as such you hold or are willing to hold vetting certification, this can be beneficial

...and finally:

The focus on Clients First, Teamwork and Foresight is in our DNA and we are looking for someone who shares and embodies these core values, leading by example.

We don't look for finished articles. We look for people who want to continue their career growth alongside NTT DATA 's.

Back to search Email to a friend Apply now

Service Line Manager

Warren O'Driscoll
Head of Security Consulting

Warren is a seasoned security consulting advisory leader & practitioner, who has worked in the Professional & Consulting Services sector for more than 25 years. Employed by NTT he holds a trusted client advisory & consulting role as well as working in client executive or director level roles, Warren is focused on building, leading & directing corporate security functions, educating client boards & executive management on Information & Cyber Security risks, defining strategies in Enterprise & Service Provider environments, as well as helping clients solve individual Cyber & Info. Sec. challenges. Warren understands business language, identifies key drivers and links this to his extensive experience in enterprise security, strategy & road mapping, audit, and a depth of knowledge in a portfolio of security, risk and privacy / industry methodologies & frameworks; NIST, ITIL, SABSA, TOGAF, COBIT, COSO & ISO to name just a few.

2 Royal Exchange

“Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day.

At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation.”

Fernando Apezteguia, CEO, NTT DATA UK

Jobs at NTT DATA

Browse all