Senior Systems Engineer

nuvioIT LLC
Norfolk, United States of America
7 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 120K

Job location

Norfolk, United States of America

Tech stack

Microsoft Windows
API
Application Firewall
Systems Engineering
Azure
Microsoft Online Services
Cloud Computing
Computer Security
Computer Networks
Dynamic Host Configuration Protocol
DNS
Hyper-V
Identity and Access Management
Virtual Private Networks (VPN)
Microsoft Security Essentials
Microsoft Office
Windows Server
Network Architecture
Network Diagrams
Routing
Network Segmentation
Powershell
Kusto Query Language
Virtual Local Area Networks
Virtualization Technology
Software Vulnerability Management
EndPointSecurity
Computer Networking Systems
Firewalls (Computer Science)
Microsoft InTune
Build Tools
Cisco networks
VMware

Job description

nuvioIT is hiring a Senior Engineer to design, deploy, and operate secure Microsoft cloud environments for defense contractors and commercial clients. This is a hands-on senior technical role: you will architect and administer Microsoft 365 GCC High and commercial tenants, implement and tune Microsoft security tooling, engineer and support client networks and virtualization platforms, support CMMC Level 2 readiness and assessment activities, and serve as a technical escalation point for our service desk and systems engineering team.

The right candidate has lived inside regulated environments. You understand why a control exists, what an assessor will ask for, and how to build systems that produce their own evidence. You are comfortable being accountable for client environments where mistakes have contractual and compliance consequences., Environment Architecture and Administration

  • Design, deploy, and administer Microsoft 365 GCC High and commercial tenants for DIB and commercial clients, including migrations into GCC High.
  • Implement and maintain Microsoft security tooling across client environments, including Defender, Sentinel, Entra ID with Conditional Access, Intune, and Purview.
  • Manage privileged identity management (PIM) and least-privilege access models across client tenants.
  • Harden endpoints and identities to CMMC Level 2 aligned baselines using Intune and, where applicable, Active Directory Group Policy.
  • Design, implement, and troubleshoot client network infrastructure, including firewalls, routing and switching, VLAN segmentation, VPN, and wireless.
  • Administer virtualization platforms (Hyper-V, VMware) and Windows Server environments, including upgrades, capacity planning, and migrations to cloud infrastructure.

Security Operations

  • Build, tune, and maintain Sentinel analytics rules, workbooks, and automation for client environments.
  • Investigate and respond to security incidents as a senior SOC resource, including containment, remediation, and client communication.
  • Perform vulnerability management, flaw remediation, and configuration drift review across managed environments.

CMMC and Compliance Engineering

  • Implement technical controls mapped to NIST SP 800-171 and CMMC Level 2 practices, and document how each control is enforced.
  • Contribute to System Security Plans (SSPs), POA&Ms, asset inventories, network diagrams, and shared responsibility matrices.
  • Produce and organize assessment evidence, and support clients through C3PAO assessments and readiness reviews.
  • Apply correct CMMC scoping discipline, including CUI asset, Security Protection Asset, and external service provider classifications.

Team and Client Leadership

  • Act as a technical escalation point for desktop and systems engineers, and mentor junior staff.
  • Lead client-facing technical work: onboarding, architecture reviews, and change planning, documented through the PSA (ConnectWise Manage).
  • Maintain accurate, current documentation as a first-class deliverable, not an afterthought.

Requirements

  • 7+ years of systems or security engineering experience, with at least 3 years in regulated environments (DoD contractors, federal, healthcare, or financial services).
  • Direct experience supporting CMMC or NIST SP 800-171 compliance programs, including control implementation and evidence production.
  • Hands-on experience with Microsoft 365 GCC High, including its licensing, service parity differences from commercial, and data residency and export control considerations (ITAR/EAR awareness).
  • Deep proficiency with the Microsoft security stack: Defender for Endpoint, Defender for Office 365, Sentinel, Entra ID and Conditional Access, Intune, and Purview.
  • Strong networking experience: firewall administration, routing and switching, VLANs and network segmentation, VPN, DNS/DHCP, and structured troubleshooting.
  • Hands-on virtualization experience with Hyper-V and/or VMware, including host management, Windows Server administration, and workload migrations.
  • Strong identity and access management fundamentals: MFA enforcement, PIM, role-based access, and device compliance policies.
  • Experience writing technical documentation suitable for assessor review., * CMMC ecosystem credentials: Certified CMMC Professional (CCP).
  • Microsoft certifications such as SC-200, SC-300, AZ-500, or MS-102.
  • Experience at an MSP or MSSP serving multiple client tenants concurrently.
  • Familiarity with Azure Government, AVD or Windows 365 Cloud PC, and secure remote support architectures.
  • Experience with ConnectWise Manage, NinjaOne, Cisco Duo, or comparable PSA, RMM, and MFA platforms.
  • Scripting and automation skills (PowerShell, Microsoft Graph API, KQL).

Benefits & conditions

Pulled from the full job description

  • Paid time off, * A senior seat at a growing MSSP where your architecture decisions ship and your compliance work is used in real assessments.
  • A standardized, modern Microsoft-first stack: no legacy tool sprawl.
  • Direct access to ownership, fast decisions, and room to shape service delivery as the company scales.
  • health coverage, PTO, certification reimbursement, nuvioIT, LLC is an equal opportunity employer. Employment offers are contingent on background check results and citizenship verification as required for access to regulated client environments.

Pay: $100,000.00 - $120,000.00 per year

About the company

nuvioIT, LLC is a managed security services provider (MSSP) and CMMC Registered Practitioner Organization headquartered in Norfolk, Virginia. We deliver managed IT, security operations, and compliance services to Defense Industrial Base (DIB) contractors and commercial businesses across Hampton Roads and beyond. We are a growing company where senior engineers work directly with clients and ownership, decisions move quickly, and the work you do shows up in real assessments and real client outcomes. You will be working in regulated environments where scoping, evidence, and assessor expectations matter every day., * All work involving client environments is performed exclusively on nuvioIT-issued, Intune-managed devices with Entra ID identity and enforced MFA. Personal devices are not permitted. * Access to client environments is granted on a least-privilege basis and only from compliant, managed devices. * Candidates must successfully complete a background check and verification of US citizenship prior to receiving access to any DIB client environment. * Ongoing role-based security training and participation in nuvioIT's security awareness program are conditions of employment.

Apply for this position