IT Manager

We are a fast-growing Defense Technology startup seeking a hands-on corporate IT Manager to own and scale our IT infrastructure, cloud environment, and cyber risk compliance posture. This role requires deep experience in AWS cloud architecture, Microsoft Office 365 administration, and information assurance compliance frameworks (NIST 800-171, NIST 800-53, CMMC, etc.) relevant to the DoD ecosystem.

The IT Manager will balance strategic leadership with technical execution, directly overseeing system design, endpoint management, security protocols, IT operations, and risk management framework (RMF) activities in a high-stakes, compliance-driven environment.

This role is both tactical and strategic-you will be our first dedicated IT leader, building the IT function from the ground up while ensuring security, reliability, and compliance across the company.

Responsibilities

Corporate IT Management

• Infrastructure Ownership: Manage, scale, and secure AWS cloud infrastructure supporting development, manufacturing, and corporate operations.
• Microsoft 365 Administration: Oversee enterprise-wide Microsoft 365 environment (Exchange, SharePoint, Teams, Intune, compliance center).
• Endpoint & Device Management: Deploy and manage device management tools (Intune, MDM) across Windows, macOS, and iOS endpoints.
• Identity & Access Management: Own provisioning, SSO, MFA, and role-based access controls for all internal and external systems.
• Policy & Documentation: Develop and maintain IT policies, SOPs, and compliance documentation to support audits and certifications.
• Vendor & Tooling Management: Evaluate, implement, and manage IT vendors, SaaS platforms, and external support partners.
• Team Enablement: Provide day-to-day IT support as needed, while also setting strategy for scaling IT as the company grows.
• Security & Compliance: Implement, monitor, and continuously improve IT security practices aligned to DoD compliance frameworks (NIST 800-171, NIST 800-53, CMMC, etc.).
• Incident Response & Risk Management: Lead incident response planning and mitigation efforts; maintain business continuity and disaster recovery readiness.
• Information Assurance: Maintain Final Certificate of CMMC Level 2 Status in accordance with 32 CFR Part 170, support FedRAMP efforts, and prepare the company for classified system accreditation.
• Threat Protection: Harden IT infrastructure to defend against external cyber threats.

• 7+ years of progressive IT experience, with at least 2-3 years in an IT Manager or Lead role.
• Deep AWS experience (IAM, EC2, VPC, S3, security groups, compliance features).
• Advanced Microsoft 365 administration experience, including Exchange Online, Teams, SharePoint, Intune, Microsoft Defender and Microsoft Purview.
• Corporate networking setup, configuration, management and administration
• Strong compliance experience with frameworks such as NIST 800-171, CMMC, ISO 27001, and SOC 2 audits.
• Hands-on skills in endpoint management, identity management, and network/security configuration.
• Strong documentation, process-building, and cross-functional communication skills.
• Experience leading IT audits, government inspections, system hardening, and security monitoring.
• Ability to balance tactical execution with strategic planning in a fast-paced startup environment.
• U.S. citizenship with the ability to obtain a Security Clearance.
• IT certifications a plus (AWS Solutions Architect, Microsoft 365 Enterprise Administrator, CISSP, Security+, etc.).

Preferred Experience

• DoD 8140-compliant professional certification.
• Supporting DoD or defense-related missions.
• Implementing the 7-Step RMF Cycle as defined by NIST 800-37.
• Performing ISSM or ISSO duties within classified environments.
• Familiarity with NIST 800-53, DAAPM, CNSSI 1253, ICD 503, and/or JSIG frameworks.
• Maintaining Authority-to-Operate (ATO) artifacts, such as a System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports (RARs).
• Conducting assured file transfers (AFT) and leveraging cross-domain solutions (CDS).
• Acquaintance with export-control regulations (ITAR and EAR).
• Experience with Cisco and Cisco Meraki-based corporate networks.