Microsoft 365 & Azure Architect

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field. Equivalent professional experience considered in lieu of a degree.
• Minimum 8 years of progressive experience designing and operating enterprise Microsoft environments, with at least 5 years focused on M365 and Azure at scale.
• Expert-level command of Microsoft 365 administration, including hands-on experience with tenants of 10,000 accounts or more.
• Demonstrated expertise in Azure IaaS and PaaS, with deep knowledge of Azure Virtual Machines, networking, storage, identity, and governance.
• Strong working knowledge of Active Directory, Group Policy, Windows Server, certificate services, and traditional on-premises Microsoft infrastructure.
• Proven track record applying NIST, CIS, or equivalent frameworks to Microsoft cloud environments.
• Proficiency with PowerShell, including Microsoft Graph, Exchange Online, and Azure modules.
• Excellent written and verbal communication skills, with the ability to brief both engineers and executives.

Nice To Haves

• Prior experience in a government, transit, utility, or other regulated public sector environment.
• Active Microsoft certifications such as Azure Solutions Architect Expert, Cybersecurity Architect Expert, Identity and Access Administrator, or Microsoft 365 Administrator Expert.
• Experience with Microsoft Sentinel, Defender XDR, Purview, and Intune at enterprise scale.
• CISSP, CCSP, or equivalent senior security certification.
• Hands-on experience with infrastructure-as-code, CI/CD pipelines, and GitHub or Azure DevOps in a controlled-change environment.

Responsibilities

• Own the architecture, configuration baseline, and lifecycle of the M365 tenant supporting active directory accounts, including Exchange Online, SharePoint Online, OneDrive, Teams etc.
• Define and enforce tenant-wide policies for identity, licensing, data loss prevention, retention, eDiscovery, best practices and information protection.
• Lead remediation of legacy configurations, technical debt, and drift accumulated in the existing M365 environment, with a clear roadmap to a hardened target state.
• Manage hybrid identity through Entra ID (Azure AD), Entra Connect, Conditional Access, and PIM, including integration with on-premises Active Directory and downstream applications.
• Govern Microsoft licensing strategy across E3, E5, and add-on SKUs to align entitlements with security requirements and budget constraints.
• Architect and operate Azure subscriptions, management groups, and policy structures aligned to Microsoft Cloud Adoption Framework and Zero Trust principles.
• Design, harden, and optimize Azure Virtual Machines and supporting services, including VM sizing, availability sets, scale sets, disk encryption, backup, patching, and Just-in-Time access.
• Implement and tune Microsoft Defender for Cloud, Defender for Servers, Microsoft Sentinel, and Azure Monitor to deliver actionable telemetry to the SOC.
• Partner directly with the Cybersecurity organization to translate security requirements into enforceable Microsoft platform controls.
• Implement and continuously improve Conditional Access, MFA, privileged access management, and identity governance across all M365 and Azure workloads.
• Maintain alignment with NIST 800-53 where applicable, CIS Microsoft 365 and Azure Benchmarks, and any state and federal mandates relevant to a transit agency.
• Establish secure configuration baselines for collaboration tooling that account for the operational realities of a 24/7 transit workforce.

Benefits

• 401(k)
• 401(k) matching
• Competitive salary
• Dental insurance
• Flexible schedule
• Health insurance
• Opportunity for advancement
• Paid time off
• Profit sharing
• Relocation bonus
• Training & development
• Vision insurance