PandoLogic
Microsoft Cloud Solution Architect — Cybersecurity (CMMC Level 2)
PandoLogic, San Diego, California, United States, 92189
Microsoft Cloud Solution Architect — Cybersecurity (CMMC Level 2)
Agile IT is a Microsoft‑focused consulting and managed services provider. We help customers modernize and secure Microsoft 365, Azure, Azure Government, and Microsoft GCC High, with a mission to make CMMC Level 2 practical and sustainable through repeatable architectures, evidence automation, and managed operations.
What you’ll work across (our services)
Professional Services – Enablement (fixed‑price projects)
Managed Services – Security & CMMC Compliance for Microsoft cloud and on‑premises systems
Microsoft GCC High Licensing (secure onboarding & lifecycle operations)
Complementary Partner Services (co‑delivered with strategic partners)
You are a hands‑on cloud security architect who leads discovery, designs CMMC Level 2‑aligned solutions, produces HLD/LLD and implementation plans, and guides delivery teams through build/migrate/hardening in Azure Government and Microsoft 365 GCC High. You’ll map NIST 800‑171/172 practices to Microsoft controls, accelerate time‑to‑audit‑ready, and create repeatable patterns our delivery and managed‑services teams can run at scale.
Responsibilities Pre‑sales & Solutioning
Lead technical discovery/workshops; translate business, compliance, and risk needs into secure cloud designs.
Produce solution artifacts (HLD/LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin.
Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks.
Security & Compliance Architecture (Azure Gov / GCC High)
Design CMMC L2 control implementations across Identity, Device, Data, and Threat:
Identity/Access: Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect/Cloud Sync, privileged access workstations.
Endpoint/Device: Intune baselines, compliance/hardening, BitLocker, updates.
Data Protection: Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and data‑flow mapping.
Threat: Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel (SIEM/SOAR), KQL analytics, playbooks.
Cloud Platform: Azure Gov landing zones, Policy/Blueprint equivalents, Key Vault, Private Link, segmentation, logging/monitoring, BCDR.
Define CUI boundary controls and evidence capture to support audit‑ready operations.
Delivery Leadership & Handoffs
Create build/runbooks and validation procedures; coach engineers during implementation.
Contribute to SSP/POA&M inputs with GRC partners; ensure evidence is automated and durable.
Transition finished solutions into Managed Services (SLAs/OLAs, monitors, alerts, dashboards, knowledge transfer).
Automation & Operationalization
Use PowerShell, Bicep/Terraform, Logic Apps/Power Automate—and when helpful, API integrators (e.g., n8n, Rewst)—to reduce toil and automate evidence/control checks.
Provide requirements to platform/automation teams for multi‑tenant patterns.
Required Qualifications
7+ years designing and implementing Microsoft cloud security solutions.
Expertise with Microsoft Entra ID, Intune, Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel, Microsoft Purview, and core Azure security services.
Strong documentation skills (HLD/LLD, diagrams, build guides) and executive‑level communication.
Proficiency with PowerShell and at least one IaC/automation tool (Bicep/Terraform, Logic Apps/Power Automate).
Experience with Azure Government or Microsoft 365 GCC High (deep in one, able to ramp quickly on the other).
Education: College degree preferred, not required.
Preferred (Nice To Have)
Hands‑on experience mapping and implementing CMMC Level 2 (or NIST 800‑171) technical controls in Microsoft cloud.
Experience in DIB or public‑sector environments.
Prior GCC High migrations/tenant separations; knowledge of Microsoft GCC High Licensing and Microsoft NCE basics.
Familiarity with PSA/RMM concepts for clean managed‑services handoffs.
Certifications: SC‑100, AZ‑500, one or more of SC‑200/300/400, AZ‑104/AZ‑305, MS‑102; security/CMMC credentials (e.g., CCP, CISSP).
Contributions to SSP/POA&M and audit preparation with assessors.
Compensation & Benefits
Competitive executive compensation (base + performance bonus + stock options after first year).
Comprehensive benefits (medical, retirement, PTO, professional development).
Mission‑driven work that directly strengthens the national security supply chain.
#J-18808-Ljbffr
What you’ll work across (our services)
Professional Services – Enablement (fixed‑price projects)
Managed Services – Security & CMMC Compliance for Microsoft cloud and on‑premises systems
Microsoft GCC High Licensing (secure onboarding & lifecycle operations)
Complementary Partner Services (co‑delivered with strategic partners)
You are a hands‑on cloud security architect who leads discovery, designs CMMC Level 2‑aligned solutions, produces HLD/LLD and implementation plans, and guides delivery teams through build/migrate/hardening in Azure Government and Microsoft 365 GCC High. You’ll map NIST 800‑171/172 practices to Microsoft controls, accelerate time‑to‑audit‑ready, and create repeatable patterns our delivery and managed‑services teams can run at scale.
Responsibilities Pre‑sales & Solutioning
Lead technical discovery/workshops; translate business, compliance, and risk needs into secure cloud designs.
Produce solution artifacts (HLD/LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin.
Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks.
Security & Compliance Architecture (Azure Gov / GCC High)
Design CMMC L2 control implementations across Identity, Device, Data, and Threat:
Identity/Access: Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect/Cloud Sync, privileged access workstations.
Endpoint/Device: Intune baselines, compliance/hardening, BitLocker, updates.
Data Protection: Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and data‑flow mapping.
Threat: Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel (SIEM/SOAR), KQL analytics, playbooks.
Cloud Platform: Azure Gov landing zones, Policy/Blueprint equivalents, Key Vault, Private Link, segmentation, logging/monitoring, BCDR.
Define CUI boundary controls and evidence capture to support audit‑ready operations.
Delivery Leadership & Handoffs
Create build/runbooks and validation procedures; coach engineers during implementation.
Contribute to SSP/POA&M inputs with GRC partners; ensure evidence is automated and durable.
Transition finished solutions into Managed Services (SLAs/OLAs, monitors, alerts, dashboards, knowledge transfer).
Automation & Operationalization
Use PowerShell, Bicep/Terraform, Logic Apps/Power Automate—and when helpful, API integrators (e.g., n8n, Rewst)—to reduce toil and automate evidence/control checks.
Provide requirements to platform/automation teams for multi‑tenant patterns.
Required Qualifications
7+ years designing and implementing Microsoft cloud security solutions.
Expertise with Microsoft Entra ID, Intune, Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel, Microsoft Purview, and core Azure security services.
Strong documentation skills (HLD/LLD, diagrams, build guides) and executive‑level communication.
Proficiency with PowerShell and at least one IaC/automation tool (Bicep/Terraform, Logic Apps/Power Automate).
Experience with Azure Government or Microsoft 365 GCC High (deep in one, able to ramp quickly on the other).
Education: College degree preferred, not required.
Preferred (Nice To Have)
Hands‑on experience mapping and implementing CMMC Level 2 (or NIST 800‑171) technical controls in Microsoft cloud.
Experience in DIB or public‑sector environments.
Prior GCC High migrations/tenant separations; knowledge of Microsoft GCC High Licensing and Microsoft NCE basics.
Familiarity with PSA/RMM concepts for clean managed‑services handoffs.
Certifications: SC‑100, AZ‑500, one or more of SC‑200/300/400, AZ‑104/AZ‑305, MS‑102; security/CMMC credentials (e.g., CCP, CISSP).
Contributions to SSP/POA&M and audit preparation with assessors.
Compensation & Benefits
Competitive executive compensation (base + performance bonus + stock options after first year).
Comprehensive benefits (medical, retirement, PTO, professional development).
Mission‑driven work that directly strengthens the national security supply chain.
#J-18808-Ljbffr