Menu

Sean MOORE (SEAN MOORE)

  • Barratt Redrow
  • Infrastructure Security Architect

Coalville, UK

En résumé

Working in the cyber security field since 2008, I have held positions as an analyst, engineering, architect and consulting. I have held several lead roles and have a broad knowledge of cyber security frameworks, standards and toolsets having designed and implemented many solutions from SIEM, RBAC and PAM to SASE.

Entreprises

  • Barratt Redrow - Infrastructure Security Architect

    Technique | Coalville, UK 2025 - 2025 • Network and Infrastructure design security solution architect
    • Privilege Access Management (PAM) digital transformation (High Level Design and Migration Path)
    • Web Proxy to Secure Web Gateway (SWG) migration (High Level Design, RFP management)
    • Microsoft Defender for Servers (Architectural Oversight Documentation)
    • Define in collaboration the SASE / SSE Strategy
    • Present designs to the Barratt Design Authority for acceptance and approval
    • Document management, High-level designs, stakeholder presentations, RFPs
    • Stakeholder management

  • Six Degrees - Technical Security Architect

    Technique | London, UK 2023 - 2025 • Microsoft Sentinel design, implementation, engineering and development
    • Design diagramming and documentation of High and Low level SOC designs
    • Review and modernise the detection and automated Incident Response processes aligned to each service tier
    • Development of incident response workflows from SOC tiers through to automated response flows
    • Log onboarding with out of the box Data Connectors (Syslog, API, Azure Services, Azure Policy)
    • Microsoft Sentinel integration with Defender XDR, Third Party Threat Intelligence (Recorded Future)
    • Configuration of Log Analytics Workspaces – Logging method , storage retention Log ingestion and cost analysis
    • Development of custom workbooks, detection analytic rule tuning (Kusto Query Language – KQL) ad custom analytic rules
    • Configuration of multi-tenant Microsoft Sentinel Workspace Manager and repositories for content management
    • Azure Role Based Access Control – Entra ID, Azure, Built-in Roles, GDAP AOBO and Unified permissions
    • Development of Entra ID Identity Governance B2B access policy, reviews and authorisations
    • Development of Conditional Access profiles incorporating Multi-Factor Authentication (MFA) with MS authenticator
    • Azure Architecture (Tenant, Management Groups, Subscriptions, Resource Group, Azure Workloads and Azure Policy assignment)
    • Development of Azure Lighthouse offer parameter files for publishing and subscription delegation
    • Security Posture Management applying security benchmarks (CIS, NIST, MCSB)

  • Softcat PLC MSSP - Product Design Security Architect

    Technique | Marlow, UK 2022 - 2023 Designed the Softcat Microsoft Sentinel SOC service offering migrating from AlienVault.

    • Understand key requirements of the service offering using Microsoft Sentinel
    • Design the Microsoft Sentinel service within Microsoft Azure in alignment with the client requirements
    • Planning of Use Case Detection rule rollout packages
    • Ascertain Role Based Access Control (RBAC) based on MSSP and Customer roles and responsibilities derived from RACI models
    • Ensure Microsoft Sentinel Managed Service follows Microsoft best-practise

  • Credit Suisse - Security Consultant

    Technique | London, UK 2022 - 2022 • Prepare a tactical transitional migration strategy to migrate to Microsoft Sentinel from Splunk
    • Design the on-premise log collection architecture required to onboard existing log sources in Microsoft Sentinel
    • Ascertain the current Splunk architecture and deployment
    • Understand current Use Cases both business and technical
    • Perform cost analysis of both the transitional log collection and strategic end state
    • Develop Visio diagrams, presentations and concepts for key stakeholders

  • KPMG Uk Limited - Lead Security Architect

    London, UK 2020 - 2021 Lead cloud security architect responsible for the planning, design of an internal MSSP model Azure Sentinel SIEM across KPMG UK delivering the new SIEM platform to replace an existing legacy SIEM solution.

    • Plan, design and implement Microsoft Sentinel for the KMPG UK SOC
    • Migrate existing log sources from McAfee Netwitness to Microsoft Sentinel with zero event loss
    • Build the Linux based log collection infrastructure and development of Rsyslog optimisation and rule sets
    • Development of Microsoft Sentinel SIEM platform inclusive of Event feeds, Use Cases, Playbooks and Workbooks
    • Manage small team of developers (KQL) and SIEM architects
    • Design Event archival process using Azure Data Explorer (ADX) and Azure Event Hub
    • Multi-tenant Azure Defender enablement, policy configuration and deployment, integration with Microsoft Sentinel
    • Use Case development framework to identify, establish, develop and mature Use Cases within Microsoft Sentinel
    • Use Case Out-of-the-box enablement and gap analysis across Magma and Mitre-Att@ck frameworks
    • Development of the log onboarding migration plan and operational cutover strategy

  • National Trust Charity - Security Operations Lead

    Technique | Swindon, UK 2020 - 2020 Security Operations lead role responsible for the internal security operations team for the National Trust during a transitional period in the development of a dedicated security operations team.

    • Utilisation of infrastructure and network security toolsets
    • Creation of automation of incident response processes
    • Perform monitoring of Azure Security Services including Defender ATP, Office 365 Security, Identity Protection, Exchange Online Protection
    • Understanding National Trust Use Cases and performing Gap Analysis across the security toolset aligned to CIS controls framework
    • Coordinate the security analysts to ensure exposure and responsibility shared across the team collaboratively
    • Contribute to the Cyber Resilience Taskforce in the development of security playbooks and runbooks aligned with NIST Incident Response
    • Produce monthly SecOps reports for senior stakeholders highlight the performance of the SecOps team

  • GIE Axa Group Operations France - SIEM Consultant

    Technique | Paris (75000) 2019 - 2019 • Business Security Use Case Identification and Development
    • ArcSight Flex-Connector Development – Syslog Regex, REST API Cloud JSON, File Reader Connectors
    • Transformation of Use Case Specifications into ArcSight Content
    • ArcSight Content Development – Rules, Active Lists, Filters, Variables, Data Monitors, Dashboards, Active Channels
    • Continuous Development and Integration utilising JIRA and Confluence
    • Architect the migration of external managed SIEM (LogRhythm) into the Private IaaS AXA Cyber Defence SOC
    • LogRhythm and ArcSight SIEM designs both tactical and strategic aligned to the SOC Incident Response Requirements

Formations

Réseau

Pas de contact professionnel

Annuaire des membres :