Procon Consulting
Procon is a top-ranked construction management and technology consulting firm with 25 years of experience delivering high‑impact projects across the U.S. and worldwide. An ENR Top 100 CM/PM firm for five consecutive years, we specialize in program management, project controls, commissioning, and virtual intelligence—and offer an excellent platform to grow your career while shaping the future of the built environment.
Procon has recently transitioned to Microsoft 365 GCC and is looking for an experienced System Administrator to join our growing team. This role reports to the Manager of Information Technology and works closely with the Helpdesk Analyst and a 3rd Party Managed Security Service Provider (MSSP).
Position Overview This role is ideal for an experienced Microsoft 365 System Administrator to configure, secure, and operate a cloud‑first productivity environment for a 200+ person company. The role requires broad‑based knowledge and experience and involves hands‑on technical work with tenant administration; developing documentation; and policy governance. Experience supporting Microsoft Government Cloud (GCC or GCC High) tenants and implementing rules to handle Controlled Unclassified Information (CUI) is preferred.
Responsibilities And Duties
Harden identity configuration for CUI: implement strict Conditional Access policies, passwordless MFA, identity protection tuning, Privileged Identity Management (PIM), and emergency break‑glass controls.
Maintain identity logs and evidence retention to support audits and assessments against NIST SP 800‑171 controls.
Enforce device posture for CUI access with Intune: strict enrollment gates, baseline configuration profiles, compliance policy strictness, controlled device enrollment (company‑owned only where required), and device encryption enforcement.
Manage Autopilot profiles and lifecycle to ensure new company devices meet CUI security baselines before granting access.
Deploy and operate Microsoft Defender for Endpoint and Defender for Office 365 with advanced telemetry, custom detection rules, automated containment playbooks, and integration into the tenant’s continuous monitoring and incident response processes.
Ensure Defender signals feed into a centralized SIEM or Microsoft Sentinel for correlation, retention, and evidence for assessments.
Configure Microsoft Purview for DLP, sensitivity labeling, encryption, retention, and eDiscovery tailored to CUI handling requirements.
Implement strict guest access and external sharing controls for Teams, SharePoint, and OneDrive with exception workflows and approvals.
Maintain a formal tenant baseline configuration document, change control process, and Infrastructure‑as‑Code or scripted templates to reproduce hardened settings.
Own periodic configuration drift checks, secure tenant setting reviews, and documented remediation actions for audit trails.
Configure unified logging, retention, and automated evidence collection for controls mapped to NIST SP 800‑171; ensure logs meet retention and integrity requirements for assessments.
Produce and maintain artifacts required for audits: control evidence, configuration snapshots, access review records, and incident logs.
Vet and configure SSO and data flows for third‑party SaaS (e.g., Adobe, Bluebeam, backups) to ensure minimal exposure of CUI and appropriate contractual, technical, and monitoring controls.
Implement and enforce app consent and app registration governance in Entra ID.
Build PowerShell/Graph automation to produce recurring compliance reports, control evidence packages, license and entitlement reports, and remediation tickets for non‑compliant items.
Address escalation requests from Helpdesk Analyst and MSSP as needed.
Qualifications And Skills
Minimum 5–7 years experience administering Microsoft 365 for mid‑size organizations.
Experience operating Microsoft Government Cloud tenants (GCC or GCC High) or implementing NIST SP 800‑171 controls in Microsoft 365 tenants.
Hands‑on experience with Microsoft Intune / Endpoint Manager, Windows Autopilot, Microsoft Defender, Entra ID / Azure AD, Exchange Online, Teams, and Microsoft Purview.
Experience implementing Microsoft Purview (DLP, retention, labels) or equivalent information protection controls.
Familiarity integrating SaaS apps (SSO/SAML/OAuth), managing app registrations, and configuring SSO.
Proficiency with PowerShell, Microsoft Graph, and automation for evidence collection and control enforcement.
Excellent documentation skills and experience creating runbooks and operational procedures.
Active security mindset with experience responding to incidents and remediating threats.
Background supporting remote/hybrid workforces and managing non‑domain‑joined devices.
Preferred Qualifications And Skills
Microsoft certifications such as Microsoft 365 Certified: Endpoint Administrator Associate, Microsoft 365 Certified: Security Administrator, or Microsoft Certified: Identity and Access Administrator.
Experience with Microsoft Sentinel, Intune Suite features, or Microsoft Copilot for Security.
Familiarity with third‑party MDM/MAM and backup solutions (e.g., Duo Federal).
Experience in tenant‑to‑tenant migrations, domain changes, or hybrid identity projects.
Benefits Salary commensurate with experience. Procon offers competitive salaries and a comprehensive benefits package, including full medical/dental insurance and 401(k) plan.
Equal Opportunity Employer Procon is an equal opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, or any other protected factor.
How to Apply Interested and qualified candidates please submit a cover letter and a resume.
#J-18808-Ljbffr
Procon has recently transitioned to Microsoft 365 GCC and is looking for an experienced System Administrator to join our growing team. This role reports to the Manager of Information Technology and works closely with the Helpdesk Analyst and a 3rd Party Managed Security Service Provider (MSSP).
Position Overview This role is ideal for an experienced Microsoft 365 System Administrator to configure, secure, and operate a cloud‑first productivity environment for a 200+ person company. The role requires broad‑based knowledge and experience and involves hands‑on technical work with tenant administration; developing documentation; and policy governance. Experience supporting Microsoft Government Cloud (GCC or GCC High) tenants and implementing rules to handle Controlled Unclassified Information (CUI) is preferred.
Responsibilities And Duties
Harden identity configuration for CUI: implement strict Conditional Access policies, passwordless MFA, identity protection tuning, Privileged Identity Management (PIM), and emergency break‑glass controls.
Maintain identity logs and evidence retention to support audits and assessments against NIST SP 800‑171 controls.
Enforce device posture for CUI access with Intune: strict enrollment gates, baseline configuration profiles, compliance policy strictness, controlled device enrollment (company‑owned only where required), and device encryption enforcement.
Manage Autopilot profiles and lifecycle to ensure new company devices meet CUI security baselines before granting access.
Deploy and operate Microsoft Defender for Endpoint and Defender for Office 365 with advanced telemetry, custom detection rules, automated containment playbooks, and integration into the tenant’s continuous monitoring and incident response processes.
Ensure Defender signals feed into a centralized SIEM or Microsoft Sentinel for correlation, retention, and evidence for assessments.
Configure Microsoft Purview for DLP, sensitivity labeling, encryption, retention, and eDiscovery tailored to CUI handling requirements.
Implement strict guest access and external sharing controls for Teams, SharePoint, and OneDrive with exception workflows and approvals.
Maintain a formal tenant baseline configuration document, change control process, and Infrastructure‑as‑Code or scripted templates to reproduce hardened settings.
Own periodic configuration drift checks, secure tenant setting reviews, and documented remediation actions for audit trails.
Configure unified logging, retention, and automated evidence collection for controls mapped to NIST SP 800‑171; ensure logs meet retention and integrity requirements for assessments.
Produce and maintain artifacts required for audits: control evidence, configuration snapshots, access review records, and incident logs.
Vet and configure SSO and data flows for third‑party SaaS (e.g., Adobe, Bluebeam, backups) to ensure minimal exposure of CUI and appropriate contractual, technical, and monitoring controls.
Implement and enforce app consent and app registration governance in Entra ID.
Build PowerShell/Graph automation to produce recurring compliance reports, control evidence packages, license and entitlement reports, and remediation tickets for non‑compliant items.
Address escalation requests from Helpdesk Analyst and MSSP as needed.
Qualifications And Skills
Minimum 5–7 years experience administering Microsoft 365 for mid‑size organizations.
Experience operating Microsoft Government Cloud tenants (GCC or GCC High) or implementing NIST SP 800‑171 controls in Microsoft 365 tenants.
Hands‑on experience with Microsoft Intune / Endpoint Manager, Windows Autopilot, Microsoft Defender, Entra ID / Azure AD, Exchange Online, Teams, and Microsoft Purview.
Experience implementing Microsoft Purview (DLP, retention, labels) or equivalent information protection controls.
Familiarity integrating SaaS apps (SSO/SAML/OAuth), managing app registrations, and configuring SSO.
Proficiency with PowerShell, Microsoft Graph, and automation for evidence collection and control enforcement.
Excellent documentation skills and experience creating runbooks and operational procedures.
Active security mindset with experience responding to incidents and remediating threats.
Background supporting remote/hybrid workforces and managing non‑domain‑joined devices.
Preferred Qualifications And Skills
Microsoft certifications such as Microsoft 365 Certified: Endpoint Administrator Associate, Microsoft 365 Certified: Security Administrator, or Microsoft Certified: Identity and Access Administrator.
Experience with Microsoft Sentinel, Intune Suite features, or Microsoft Copilot for Security.
Familiarity with third‑party MDM/MAM and backup solutions (e.g., Duo Federal).
Experience in tenant‑to‑tenant migrations, domain changes, or hybrid identity projects.
Benefits Salary commensurate with experience. Procon offers competitive salaries and a comprehensive benefits package, including full medical/dental insurance and 401(k) plan.
Equal Opportunity Employer Procon is an equal opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, or any other protected factor.
How to Apply Interested and qualified candidates please submit a cover letter and a resume.
#J-18808-Ljbffr