You are a hands‑on cloud security architect who leads discovery, designs CMMC Level 2–aligned solutions, produces HLD/LLD and implementation plans, and guides delivery teams through build/migrate/hardening in Azure Government and Microsoft 365 GCC High. You’ll map NIST 800‑171/172 practices to Microsoft controls, accelerate time‑to‑audit‑ready, and create repeatable patterns our delivery and managed‑services teams can run at scale.ResponsibilitiesPre‑sales & SolutioningLead technical discovery/workshops; translate business, compliance, and risk needs into secure cloud designs.Produce solution artifacts (HLD/LLD, diagrams, LOE inputs) and shape SOWs with Sales, ensuring delivery feasibility and margin.Package enablement offers that cleanly hand off to managed services with clear acceptance criteria and runbooks.Security & Compliance Architecture (Azure Gov / GCC High)Design CMMC L2 control implementations across Identity, Device, Data, and Threat:Identity/Access: Microsoft Entra ID (PIM, Conditional Access, MFA), Entra Connect/Cloud Sync, privileged access workstations.Endpoint/Device: Intune baselines, compliance/hardening, BitLocker, updates.Data Protection: Microsoft Purview (labels, DLP, Insider Risk), CUI scoping and data‑flow mapping.Threat: Microsoft Defender (Endpoint/Identity/Office/Cloud), Microsoft Sentinel (SIEM/SOAR), KQL analytics, playbooks.Cloud Platform: Azure Gov landing zones, Policy/Blueprint equivalents, Key Vault, Private Link, segmentation, logging/monitoring, BCDR.Define CUI boundary controls and evidence capture to support audit‑ready operations.Delivery Leadership & HandoffsCreate build/runbooks and validation procedures; coach engineers during implementation.Contribute to SSP/POA&M inputs with GRC partners; ensure evidence is automated and durable.Transition finished solutions into Managed Services (SLAs/OLAs, monitors, alerts, dashboards, knowledge transfer).Automation & OperationalizationUse PowerShell, Bicep/Terraform, Logic Apps/Power Automate—and when helpful, API integrators (e.g., n8n, Rewst)—to reduce toil and automate evidence/control checks.Provide requirements to platform/automation teams for multi‑tenant patterns.
