Microsoft Cloud Solution Architect — Cybersecurity (CMMC Level 2)

LocationSan Diego, California, United States

TypeRemote

Company Description

Agile IT is a Microsoft‑focused consulting and managed services provider. We help customers modernize and secure Microsoft 365, Azure, Azure Government, and Microsoft GCC High, with a mission to make CMMC Level 2 practical and sustainable through repeatable architectures, evidence automation, and managed operations.What you’ll work across (our services)

Professional Services – Enablement (fixed‑price projects)
Managed Services – Security & CMMC Compliance for Microsoft cloud and on‑premises systems
Microsoft GCC High Licensing (secure onboarding & lifecycle operations)
Complementary Partner Services (co‑delivered with strategic partners)

Job Description

You are a hands‑on cloud security architect who leads discovery, designs CMMC Level 2–aligned solutions, produces HLD/LLD and implementation plans, and guides delivery teams through build/migrate/hardening in Azure Government and Microsoft 365 GCC High. You’ll map NIST 800‑171/172 practices to Microsoft controls, accelerate time‑to‑audit‑ready, and create repeatable patterns our delivery and managed‑services teams can run at scale.

Responsibilities

Pre‑sales & Solutioning

Lead technical discovery/workshops; translate business, compliance, and risk needs into secure cloud designs.
Produce solution artifacts (HLD/LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin.
Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks.

Security & Compliance Architecture (Azure Gov / GCC High)

Design CMMC L2 control implementations across Identity, Device, Data, and Threat:
Identity/Access: Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect/Cloud Sync, privileged access workstations.
Endpoint/Device: Intune baselines, compliance/hardening, BitLocker, updates.
Data Protection: Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and data‑flow mapping.
Threat: Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel (SIEM/SOAR), KQL analytics, playbooks.
Cloud Platform: Azure Gov landing zones, Policy/Blueprint equivalents, Key Vault, Private Link, segmentation, logging/monitoring, BCDR.
Define CUI boundary controls and evidence capture to support audit‑ready operations.

Delivery Leadership & Handoffs

Create build/runbooks and validation procedures; coach engineers during implementation.
Contribute to SSP/POA&M inputs with GRC partners; ensure evidence is automated and durable.
Transition finished solutions into Managed Services (SLAs/OLAs, monitors, alerts, dashboards, knowledge transfer).

Automation & Operationalization

Use PowerShell, Bicep/Terraform, Logic Apps/Power Automate—and when helpful, API integrators (e.g., n8n, Rewst)—to reduce toil and automate evidence/control checks.
Provide requirements to platform/automation teams for multi‑tenant patterns.

Qualifications

Required Qualifications

7+ years designing and implementing Microsoft cloud security solutions.
Expertise with Microsoft Entra ID, Intune, Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel, Microsoft Purview, and core Azure security services.
Strong documentation skills (HLD/LLD, diagrams, build guides) and executive‑level communication.
Proficiency with PowerShell and at least one IaC/automation tool (Bicep/Terraform, Logic Apps/Power Automate).
Experience with Azure Government or Microsoft 365 GCC High (deep in one, able to ramp quickly on the other).
Education: College degree preferred, not required.

Preferred (Nice to Have)

Hands‑on experience mapping and implementing CMMC Level 2 (or NIST 800‑171) technical controls in Microsoft cloud.
Experience in DIB or public‑sector environments
Prior GCC High migrations/tenant separations; knowledge of Microsoft GCC High Licensing and Microsoft NCE basics.
Familiarity with PSA/RMM concepts for clean managed‑services handoffs.
Certifications: SC‑100, AZ‑500, one or more of SC‑200/300/400, AZ‑104/AZ‑305, MS‑102; security/CMMC credentials (e.g., CCP, CISSP).
Contributions to SSP/POA&M and audit preparation with assessors.

Additional Information

Compensation & benefits

Competitive executive compensation (base + performance bonus + stock options after first year).
Comprehensive benefits (medical, retirement, PTO, professional development).
Mission‑driven work that directly strengthens the national security supply chain.

Life at Agile IT

Doing IT right the first time.

Were defined by the work we do for our customers. It's why hundreds of companies rely on us for cloud managed IT services. Here's what a few of our customers have to say.

We've had a strong relationship with Agile IT for two years. The team takes their jobs seriously. Theyre knowledgeable in many areas and transparent about what falls outside their expertise. - Harry Tchira, President, Dotchi

Downtime has been incredibly reduced my costs have decreased, also. It solved a lot of little problems we were having all in one-shot, which was cool. -- John Merritt, SVP / CIO YMCA of San Diego County

The money we spent on Agile IT's help is far less than it would have cost us in downtime, or productivity on my part. -- Chris Burtch, CTO, TrendSource

Our goal is simple. Help business tap the full potential of their software and systems. At Agile IT, were not only experts in the cloud, we provide services that have a deep impact on your bottom line, including business automation, data, integration and intelligence.

Careers Were not just focused on providing the best service for our customers, we do right by our employees. Whether in sales, marketing or support we have dozens of rich, rewarding career paths available. Here's just a few of the perks of working at Agile IT. - Collaborative work environment and team bonding events. - Office perks. We moved into a new office last year and decked it out, including a foosball table, nap room standing and treadmill desks. - Continual learning and growth. - Giving back. We make it a yearly priority to give back to local organizations and communities. - Flexible schedule. - Dog friendly office. Meet our furry friends.

Specialties Microsoft Consulting, Fixed Price IT Support, Lync Consulting, Office 365 Consulting, Office 365 Migration, Microsoft Office 365 Partner, Intune Management, Exchange Consulting, Hyper-V Consulting, SharePoint Consulting, System Center Consulting, and Amazon Web Services

Recognition 2017 - Named to CRN's Next Gen 250 List which recognizes standout IT solutions providers for their ability to provide technologies to clients before they become mainstream. Also named to CIO Review's list of 20 Most Promising Office 365 Solutions Providers.

Thrive Here & What We Value

We are a team united in purpose.

Emphasis on learning, growth, and pushing boundaries.

Strong bond among diverse team members.

Competitive compensation and benefits package.

Prioritizing top talent recruitment and development.

Focus on 22 daily behaviors for excellence.

Celebrating ideas, contributions, and innovations.

Committed to CMMC compliance support.