Senior Systems Engineer
Role details
Job location
Tech stack
Job description
nuvioIT is hiring a Senior Engineer to design, deploy, and operate secure Microsoft cloud environments for defense contractors and commercial clients. This is a hands-on senior technical role: you will architect and administer Microsoft 365 GCC High and commercial tenants, implement and tune Microsoft security tooling, engineer and support client networks and virtualization platforms, support CMMC Level 2 readiness and assessment activities, and serve as a technical escalation point for our service desk and systems engineering team.
The right candidate has lived inside regulated environments. You understand why a control exists, what an assessor will ask for, and how to build systems that produce their own evidence. You are comfortable being accountable for client environments where mistakes have contractual and compliance consequences., Environment Architecture and Administration
- Design, deploy, and administer Microsoft 365 GCC High and commercial tenants for DIB and commercial clients, including migrations into GCC High.
- Implement and maintain Microsoft security tooling across client environments, including Defender, Sentinel, Entra ID with Conditional Access, Intune, and Purview.
- Manage privileged identity management (PIM) and least-privilege access models across client tenants.
- Harden endpoints and identities to CMMC Level 2 aligned baselines using Intune and, where applicable, Active Directory Group Policy.
- Design, implement, and troubleshoot client network infrastructure, including firewalls, routing and switching, VLAN segmentation, VPN, and wireless.
- Administer virtualization platforms (Hyper-V, VMware) and Windows Server environments, including upgrades, capacity planning, and migrations to cloud infrastructure.
Security Operations
- Build, tune, and maintain Sentinel analytics rules, workbooks, and automation for client environments.
- Investigate and respond to security incidents as a senior SOC resource, including containment, remediation, and client communication.
- Perform vulnerability management, flaw remediation, and configuration drift review across managed environments.
CMMC and Compliance Engineering
- Implement technical controls mapped to NIST SP 800-171 and CMMC Level 2 practices, and document how each control is enforced.
- Contribute to System Security Plans (SSPs), POA&Ms, asset inventories, network diagrams, and shared responsibility matrices.
- Produce and organize assessment evidence, and support clients through C3PAO assessments and readiness reviews.
- Apply correct CMMC scoping discipline, including CUI asset, Security Protection Asset, and external service provider classifications.
Team and Client Leadership
- Act as a technical escalation point for desktop and systems engineers, and mentor junior staff.
- Lead client-facing technical work: onboarding, architecture reviews, and change planning, documented through the PSA (ConnectWise Manage).
- Maintain accurate, current documentation as a first-class deliverable, not an afterthought.
Requirements
- 7+ years of systems or security engineering experience, with at least 3 years in regulated environments (DoD contractors, federal, healthcare, or financial services).
- Direct experience supporting CMMC or NIST SP 800-171 compliance programs, including control implementation and evidence production.
- Hands-on experience with Microsoft 365 GCC High, including its licensing, service parity differences from commercial, and data residency and export control considerations (ITAR/EAR awareness).
- Deep proficiency with the Microsoft security stack: Defender for Endpoint, Defender for Office 365, Sentinel, Entra ID and Conditional Access, Intune, and Purview.
- Strong networking experience: firewall administration, routing and switching, VLANs and network segmentation, VPN, DNS/DHCP, and structured troubleshooting.
- Hands-on virtualization experience with Hyper-V and/or VMware, including host management, Windows Server administration, and workload migrations.
- Strong identity and access management fundamentals: MFA enforcement, PIM, role-based access, and device compliance policies.
- Experience writing technical documentation suitable for assessor review., * CMMC ecosystem credentials: Certified CMMC Professional (CCP).
- Microsoft certifications such as SC-200, SC-300, AZ-500, or MS-102.
- Experience at an MSP or MSSP serving multiple client tenants concurrently.
- Familiarity with Azure Government, AVD or Windows 365 Cloud PC, and secure remote support architectures.
- Experience with ConnectWise Manage, NinjaOne, Cisco Duo, or comparable PSA, RMM, and MFA platforms.
- Scripting and automation skills (PowerShell, Microsoft Graph API, KQL).
Benefits & conditions
Pulled from the full job description
- Paid time off, * A senior seat at a growing MSSP where your architecture decisions ship and your compliance work is used in real assessments.
- A standardized, modern Microsoft-first stack: no legacy tool sprawl.
- Direct access to ownership, fast decisions, and room to shape service delivery as the company scales.
- health coverage, PTO, certification reimbursement, nuvioIT, LLC is an equal opportunity employer. Employment offers are contingent on background check results and citizenship verification as required for access to regulated client environments.
Pay: $100,000.00 - $120,000.00 per year