Microsoft 365 & Azure Architect

Auriga Corporation
Los Angeles, United States of America
5 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Los Angeles, United States of America

Tech stack

Microsoft Windows
Microsoft Active Directory
Azure
Microsoft Online Services
Cloud Computing
Computer Security
Information Systems
Information Leak Prevention
Multi-Factor Authentication
Github
Identity and Access Management
Microsoft Windows SDK
Windows Server
Platform as a Service (PAAS)
Powershell
Azure
Zero Trust Network Access
SharePoint
Virtual Machines
Cloud Monitoring
Technical Debt
Microsoft InTune
Information Technology
Microsoft Sentinel
Network Server

Job description

  • Own the architecture, configuration baseline, and lifecycle of the M365 tenant supporting Active Directory accounts, including Exchange Online, SharePoint Online, OneDrive, Teams etc.
  • Define and enforce tenant-wide policies for identity, licensing, data loss prevention, retention, eDiscovery, best practices and information protection.
  • Lead remediation of Legacy configurations, technical debt, and drift accumulated in the existing M365 environment, with a clear roadmap to a hardened target state.
  • Manage hybrid identity through Entra ID (Azure AD), Entra Connect, Conditional Access, and PIM, including integration with on-premises Active Directory and downstream applications.
  • Govern Microsoft licensing strategy across E3, E5, and add-on SKUs to align entitlements with security requirements and budget constraints.
  • Architect and operate Azure subscriptions, management groups, and policy structures aligned to Microsoft Cloud Adoption Framework and Zero Trust principles.
  • Design, harden, and optimize Azure Virtual Machines and supporting services, including VM sizing, availability sets, scale sets, disk encryption, backup, patching, and Just-in-Time access.
  • Implement and tune Microsoft Defender for Cloud, Defender for Servers, Microsoft Sentinel, and Azure Monitor to deliver actionable telemetry to the SOC.
  • Partner directly with the Cybersecurity organization to translate security requirements into enforceable Microsoft platform controls.
  • Implement and continuously improve Conditional Access, MFA, privileged access management, and identity governance across all M365 and Azure workloads.
  • Maintain alignment with NIST 800-53 where applicable, CIS Microsoft 365 and Azure Benchmarks, and any state and federal mandates relevant to a transit agency.
  • Establish secure configuration baselines for collaboration tooling that account for the operational realities of a 24/7 transit workforce.

Requirements

  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field. Equivalent professional experience considered in lieu of a degree.
  • Minimum 8 years of progressive experience designing and operating enterprise Microsoft environments, with at least 5 years focused on M365 and Azure at scale.
  • Expert-level command of Microsoft 365 administration, including hands-on experience with tenants of 10,000 accounts or more.
  • Demonstrated expertise in Azure IaaS and PaaS, with deep knowledge of Azure Virtual Machines, networking, storage, identity, and governance.
  • Strong working knowledge of Active Directory, Group Policy, Windows Server, certificate services, and traditional on-premises Microsoft infrastructure.
  • Proven track record applying NIST, CIS, or equivalent frameworks to Microsoft cloud environments.
  • Proficiency with PowerShell, including Microsoft Graph, Exchange Online, and Azure modules.
  • Excellent written and verbal communication skills, with the ability to brief both engineers and executives., * Prior experience in a government, transit, utility, or other regulated public sector environment.
  • Active Microsoft certifications such as Azure Solutions Architect Expert, Cybersecurity Architect Expert, Identity and Access Administrator, or Microsoft 365 Administrator Expert.
  • Experience with Microsoft Sentinel, Defender XDR, Purview, and Intune at enterprise scale.
  • CISSP, CCSP, or equivalent senior security certification.
  • Hands-on experience with infrastructure-as-code, CI/CD pipelines, and GitHub or Azure DevOps in a controlled-change environment.

Benefits & conditions

Auriga is an Equal Opportunity Employer. Auriga provides compensation and benefits commensurate with the qualifications and experience.

Apply for this position