Agile IT
Microsoft Cloud Solution Architect Cybersecurity (CMMC Level 2)
Agile IT, San Diego, California, United States, 92189
Agile IT is a Microsoftfocused consulting and managed services provider. We help customers modernize and secure Microsoft 365, Azure, Azure Government, and Microsoft GCC High, with a mission to make CMMC Level 2 practical and sustainable through repeatable architectures, evidence automation, and managed operations. What youll work across (our services) Professional Services Enablement (fixedprice projects) Managed Services Security & CMMC Compliance for Microsoft cloud and onpremises systems Microsoft GCC High Licensing (secure onboarding & lifecycle operations) Complementary Partner Services (codelivered with strategic partners)
If you think you are the right match for the following opportunity, apply after reading the complete description.
You are a handson cloud security architect who leads discovery, designs CMMC Level 2aligned solutions, produces HLD/LLD and implementation plans, and guides delivery teams through build/migrate/hardening in Azure Government and Microsoft 365 GCC High. Youll map NIST 800171/172 practices to Microsoft controls, accelerate timetoauditready, and create repeatable patterns our delivery and managedservices teams can run at scale. Responsibilities Presales & Solutioning Lead technical discovery/workshops; translate business, compliance, and risk needs into secure cloud designs. Produce solution artifacts (HLD/LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin. Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks. Security & Compliance Architecture (Azure Gov / GCC High) Design CMMC L2 control implementations across Identity, Device, Data, and Threat: Identity/Access: Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect/Cloud Sync, privileged access workstations. Endpoint/Device: Intune baselines, compliance/hardening, BitLocker, updates. Data Protection: Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and dataflow mapping. Threat: Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel (SIEM/SOAR), KQL analytics, playbooks. Cloud Platform: Azure Gov landing zones, Policy/Blueprint equivalents, Key Vault, Private Link, segmentation, logging/monitoring, BCDR. Define CUI boundary controls and evidence capture to support auditready operations. Delivery Leadership & Handoffs Create build/runbooks and validation procedures; coach engineers during implementation. Contribute to SSP/POA&M inputs with GRC partners; ensure evidence is automated and durable. Transition finished solutions into Managed Services (SLAs/OLAs, monitors, alerts, dashboards, knowledge transfer). Automation & Operationalization Use PowerShell, Bicep/Terraform, Logic Apps/Power Automateand when helpful, API integrators (e.g., n8n, Rewst)to reduce toil and automate evidence/control checks. Provide requirements to platform/automation teams for multitenant patterns. Required Qualifications 7+ years designing and implementing Microsoft cloud security solutions. Expertise with Microsoft Entra ID, Intune, Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel, Microsoft Purview, and core Azure security services. Strong documentation skills (HLD/LLD, diagrams, build guides) and executivelevel communication. Proficiency with PowerShell and at least one IaC/automation tool (Bicep/Terraform, Logic Apps/Power Automate). Experience with Azure Government or Microsoft 365 GCC High (deep in one, able to ramp quickly on the other). Education: College degree preferred, not required. Preferred (Nice to Have) Handson experience mapping and implementing CMMC Level 2 (or NIST 800171) technical controls in Microsoft cloud. Experience in DIB or publicsector environments Prior GCC High migrations/tenant separations; knowledge of Microsoft GCC High Licensing and Microsoft NCE basics. Familiarity with PSA/RMM concepts for clean managedservices handoffs. Certifications: SC100, AZ500, one or more of SC200/300/400, AZ104/AZ305, MS102; security/CMMC credentials (e.g., CCP, CISSP). Contributions to SSP/POA&M and audit preparation with assessors. Compensation & benefits Competitive executive compensation (base + performance bonus + stock options after first year). Comprehensive benefits (medical, retirement, PTO, professional development). Missiondriven work that directly strengthens the national security supply chain. PandoLogic. Keywords: Cloud Security Architect, Location: San Diego, CA - 92108
If you think you are the right match for the following opportunity, apply after reading the complete description.
You are a handson cloud security architect who leads discovery, designs CMMC Level 2aligned solutions, produces HLD/LLD and implementation plans, and guides delivery teams through build/migrate/hardening in Azure Government and Microsoft 365 GCC High. Youll map NIST 800171/172 practices to Microsoft controls, accelerate timetoauditready, and create repeatable patterns our delivery and managedservices teams can run at scale. Responsibilities Presales & Solutioning Lead technical discovery/workshops; translate business, compliance, and risk needs into secure cloud designs. Produce solution artifacts (HLD/LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin. Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks. Security & Compliance Architecture (Azure Gov / GCC High) Design CMMC L2 control implementations across Identity, Device, Data, and Threat: Identity/Access: Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect/Cloud Sync, privileged access workstations. Endpoint/Device: Intune baselines, compliance/hardening, BitLocker, updates. Data Protection: Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and dataflow mapping. Threat: Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel (SIEM/SOAR), KQL analytics, playbooks. Cloud Platform: Azure Gov landing zones, Policy/Blueprint equivalents, Key Vault, Private Link, segmentation, logging/monitoring, BCDR. Define CUI boundary controls and evidence capture to support auditready operations. Delivery Leadership & Handoffs Create build/runbooks and validation procedures; coach engineers during implementation. Contribute to SSP/POA&M inputs with GRC partners; ensure evidence is automated and durable. Transition finished solutions into Managed Services (SLAs/OLAs, monitors, alerts, dashboards, knowledge transfer). Automation & Operationalization Use PowerShell, Bicep/Terraform, Logic Apps/Power Automateand when helpful, API integrators (e.g., n8n, Rewst)to reduce toil and automate evidence/control checks. Provide requirements to platform/automation teams for multitenant patterns. Required Qualifications 7+ years designing and implementing Microsoft cloud security solutions. Expertise with Microsoft Entra ID, Intune, Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel, Microsoft Purview, and core Azure security services. Strong documentation skills (HLD/LLD, diagrams, build guides) and executivelevel communication. Proficiency with PowerShell and at least one IaC/automation tool (Bicep/Terraform, Logic Apps/Power Automate). Experience with Azure Government or Microsoft 365 GCC High (deep in one, able to ramp quickly on the other). Education: College degree preferred, not required. Preferred (Nice to Have) Handson experience mapping and implementing CMMC Level 2 (or NIST 800171) technical controls in Microsoft cloud. Experience in DIB or publicsector environments Prior GCC High migrations/tenant separations; knowledge of Microsoft GCC High Licensing and Microsoft NCE basics. Familiarity with PSA/RMM concepts for clean managedservices handoffs. Certifications: SC100, AZ500, one or more of SC200/300/400, AZ104/AZ305, MS102; security/CMMC credentials (e.g., CCP, CISSP). Contributions to SSP/POA&M and audit preparation with assessors. Compensation & benefits Competitive executive compensation (base + performance bonus + stock options after first year). Comprehensive benefits (medical, retirement, PTO, professional development). Missiondriven work that directly strengthens the national security supply chain. PandoLogic. Keywords: Cloud Security Architect, Location: San Diego, CA - 92108