Security Cloud Solution Architect - CTJ - Top Secret

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Technology, Engineering, Business, Liberal Arts, or related field AND 4+ years experience in cloud/infrastructure technologies, information technology (IT) consulting/support, systems administration, network operations, software development/support, technology solutions, practice development, architecture, and/or consulting OR equivalent experience.
• Security Clearance Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
• The successful candidate must have an active U.S. Government Top Secret Security Clearance. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate clearance and/or customer screening requirements may result in employment action up to and including termination.
• Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
• Citizenship & Citizenship Verification: This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customer and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government Clearance

Nice To Haves

• Bachelor's Degree in Computer Science, Information Technology, Engineering, Business, Liberal Arts, or related field AND 8+ years experience in cloud/infrastructure technologies, information technology (IT) consulting/support, systems administration, network operations, software development/support, technology solutions, practice development, architecture, and/or consulting OR Master's Degree in Computer Science, Information Technology, Engineering, Business, Liberal Arts, or related field AND 6+ years experience in cloud/infrastructure technologies, technology solutions, practice development, architecture, and/or consulting OR equivalent experience.
• 4+ years experience working in a customer-facing role (e.g., internal and/or external).
• Experience leading multi-day red team operations or cyber exercises, including scenario development and mapping TTPs to industry recognized security frameworks (e.g., MITRE ATT&CK).
• Ability to build reusable adversary playbooks and scenarios aligned with real-world and fictional threat actors including success criteria, inject timelines, and mapped TTPs for repeatable delivery at scale.
• Demonstrated hands-on experience executing full attack chains (initial access, persistence, privilege escalation, lateral movement, cloud workload impact) in realistic enterprise environments.
• Ability to clearly explain offensive tradecraft, decision-making, and operational risk tradeoffs during delivery to technical and non-technical audiences.
• Cloud, Hybrid, & On-premises Tradecraft:
• Expert-level experience with attack paths across Entra ID, Microsoft 365, and Azure. Including token theft/reuse, app consent abuse, conditional access bypass, device identity abuse, and AI-enabled tradecraft.
• Strong understanding of hybrid identity attack techniques including Kerberos/NTLM, AD CS/PKI relay, ADFS, and lateral movement to cloud workloads.
• Experience with cloud persistence and privilege escalation techniques including service principal abuse, application registrations, federated identity credentials, and managed identity abuse.
• Experience with Azure IaaS compromise and lateral movement including Azure VM access, credential harvesting, automation account abuse, and storage/key access paths (Key Vault, Storage Accounts, SAS tokens).
• Detection, Hunting, & Blue-Team Partnership:
• Translate red team actions into blue team improvements using Microsoft Defender XDR (MDE/MDI/MDO) and Microsoft Sentinel, including analytic rules and KQL-based threat hunting.
• Lead and facilitate exercise delivery after action reports (AARs) with customer-facing SOC/incident response teams, executive level leadership, and Microsoft security personnel.
• Ability to develop detection recommendations mapped directly to exercise TTPs, including suggested telemetry sources, logging gaps, and validation steps.
• Experience collaborating live with blue teams during delivery to support purple-team style validation and rapid iteration of detections/hunting.
• Red Team Engineering & Range Design:
• Strong experience with adversary emulation and automated tradecraft frameworks (e.g., MITRE CALDERA, Atomic Red Team) for building reusable exercise scenarios and repeatable execution.
• Design, build, and publish red team intellectual property (IP) that reduces exercise build/lead time and increases parallel delivery throughput.
• Expert-level knowledge of safety and governance controls for tenant/domain isolation, identity segmentation, and range guardrails to reduce delivery risk.
• Ability to modify, extend, or develop red team tooling (PowerShell/Python/C# preferred) to support custom tradecraft and exercise objectives.
• Familiarity with modern open-source red team tooling such as Havoc, Sliver, Mythic, Impacket, BloodHound, and related tradecraft ecosystems.
• Leadership & Mentorship
• Ability to mentor and train junior operators, driving cross-discipline collaboration with intelligence/control-cell teams.
• Experience leading red team operations with multiple junior operators, including tasking, quality control, safety oversight, and operational coaching.
• Experience serving as the lead operator and/or exercise lead, ensuring consistent delivery quality across multiple parallel exercise teams.
• Certifications (Preferred, Not Required):
• Microsoft Security Operations Analyst (SC-200) or Azure Security Engineer (AZ-500).
• Industry recognized red team or offensive security certifications like OSCP or GXPN are desirable but not mandatory.
• Strong experience in red team operations, offensive security, or related role OR equivalent academic/project experience.
• Demonstrated interest in cyber exercises, incident response, or cloud security architecture.
• Travel is an integral part of this position. You should be willing to travel as is demanded by the needs of our customers and our business. This position requires approximately 50-75% overnight travel.

Responsibilities

• Adversary Emulation Leadership
• Own end-to-end red team operations for multi-day cyber exercises, from scenario scoping through execution and debrief.
• Author and govern adversary scenario development using industry standard frameworks (e.g., MITRE ATT&CK), including adversary goals, TTP chains, inject timelines, success criteria, and safety boundaries.
• Lead live red team actions with strict OPSEC and command and control discipline; coordinating with control-cell and blue teams to deliver injects and drive realistic operational pressure on cyber defenders.
• Ensure exercise delivery is repeatable and scalable by producing reusable playbooks, operator guides, and standardized scenario packages.
• Red Team-focused Stakeholder Orchestration
• Align exercise scope, objectives, and communications with account team, customer, and delivery stakeholders; coordinate control‑cell and intelligence for injects; manage red team operations schedule.
• Represent the program in customer briefings and executive touchpoints; set expectations and ensure outcomes are landed with account teams.
• Translate complex technical tradecraft into clear, outcome-focused narratives for senior customer leadership and non-technical stakeholders.
• Drive Business Outcomes
• Own and lead exercise delivery aligned to strategic customer objectives, accelerating adoption and effective operationalization of Microsoft security tools and services.
• Lead collaboration with Microsoft sales, engineering, and account teams to track delivery metrics, security impact, product usage outcomes, and return on investment.
• Drive follow-on technical engagements by identifying capability gaps, recommending next-step priorities, and aligning findings to customer roadmaps.
• Design Realistic Scenarios
• Lead the research and development of exercise scenarios based on emerging threats and current adversary tactics, techniques, and procedures (TTPs).
• Tailor scenario selection to customer-specific training objectives, operational priorities, and maturity level.
• Research, develop, and incorporate modern topics such as AI-enabled threats or hybrid-cloud attack surfaces.
• Build scenario artifacts that enhance realism (e.g., simulated phishing, OAuth abuse, identity compromise, lateral movement narratives, and supporting evidence) while maintaining safe exercise guardrails.
• Mentorship & Collaboration
• Coach junior operators on tradecraft, safety, and scenario design; run post‑op reviews and publish SOPs and playbooks.
• Lead regular team knowledge-sharing sessions to scale technical and operational expertise.
• Contribute to Microsoft communities of practice with demos, guidance, and reusable intellectual property.