Microsoft Cloud Solution Architect Cybersecurity (CMMC Level 2)

Job Description

Agile IT is a Microsoft‑focused consulting and managed services provider. We help customers modernize and secure Microsoft 365, Azure, Azure Government, and Microsoft GCC High, with a mission to make CMMC Level 2 practical and sustainable through repeatable architectures, evidence automation, and managed operations.

What you’ll work across (our services)

Professional Services – Enablement (fixed‑price projects)

Managed Services – Security & CMMC Compliance for Microsoft cloud and on‑premises systems

Microsoft GCC High Licensing (secure onboarding & lifecycle operations)

Complementary Partner Services (co‑delivered with strategic partners)

You are a hands‑on cloud security architect who leads discovery, designs CMMC Level 2–aligned solutions, produces HLD / LLD and implementation plans, and guides delivery teams through build / migrate / hardening in Azure Government and Microsoft 365 GCC High. You’ll map NIST 800‑171 / 172 practices to Microsoft controls, accelerate time‑to‑audit‑ready, and create repeatable patterns our delivery and managed‑services teams can run at scale.

Responsibilities

Pre‑sales & Solutioning

Lead technical discovery / workshops ; translate business, compliance, and risk needs into secure cloud designs.

Produce solution artifacts (HLD / LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin.

Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks.

Security & Compliance Architecture (Azure Gov / GCC High)

Design CMMC L2 control implementations across Identity, Device, Data, and Threat :

Identity / Access : Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect / Cloud Sync, privileged access workstations.

Endpoint / Device : Intune baselines, compliance / hardening, BitLocker, updates.

Data Protection : Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and data‑flow mapping.

Threat : Microsoft Defender (Endpoint / Identity / Office / Cloud), Microsoft Sentinel (SIEM / SOAR), KQL analytics, playbooks.

Cloud Platform : Azure Gov landing zones, Policy / Blueprint equivalents, Key Vault, Private Link, segmentation, logging / monitoring, BCDR.

Define CUI boundary controls and evidence capture to support audit‑ready operations.

Delivery Leadership & Handoffs

Create build / runbooks and validation procedures; coach engineers during implementation.

Contribute to SSP / POA&M inputs with GRC partners; ensure evidence is automated and durable.

Transition finished solutions into Managed Services (SLAs / OLAs, monitors, alerts, dashboards, knowledge transfer).

Automation & Operationalization

Use PowerShell, Bicep / Terraform, Logic Apps / Power Automate—and when helpful, API integrators (e.g., n8n, Rewst)—to reduce toil and automate evidence / control checks.

Provide requirements to platform / automation teams for multi‑tenant patterns.

Required Qualifications

7+ years designing and implementing Microsoft cloud security solutions.

Expertise with Microsoft Entra ID, Intune, Microsoft Defender (Endpoint / Identity / Office / Cloud), Microsoft Sentinel, Microsoft Purview, and core Azure security services.

Strong documentation skills (HLD / LLD, diagrams, build guides) and executive‑level communication.

Proficiency with PowerShell and at least one IaC / automation tool (Bicep / Terraform, Logic Apps / Power Automate).

Experience with Azure Government or Microsoft 365 GCC High (deep in one, able to ramp quickly on the other).

Education : College degree preferred, not required.

Preferred (Nice to Have)

Hands‑on experience mapping and implementing CMMC Level 2 (or NIST 800‑171) technical controls in Microsoft cloud.

Experience in DIB or public‑sector environments

Prior GCC High migrations / tenant separations; knowledge of Microsoft GCC High Licensing and Microsoft NCE basics.

Familiarity with PSA / RMM concepts for clean managed‑services handoffs.

Certifications : SC‑100, AZ‑500, one or more of SC‑200 / 300 / 400, AZ‑104 / AZ‑305, MS‑102; security / CMMC credentials (e.g., CCP, CISSP).

Contributions to SSP / POA&M and audit preparation with assessors.

Compensation & benefits

Competitive executive compensation (base + performance bonus + stock options after first year).

Comprehensive benefits (medical, retirement, PTO, professional development).

Mission‑driven work that directly strengthens the national security supply chain.

PandoLogic. Keywords : Cloud Security Architect, Location : San Diego, CA - 92108