Job Description

What You'll Work Across (Our Service Lines):

• Primarily: Professional Services – Projects to deploy, configure, and secure Microsoft cloud environments.
• Secondarily: Managed Services – Ongoing operations for Microsoft cloud and on-premises client systems.
• Misc Support: Microsoft AD/365/Azure Support: Perform troubleshooting, management and liaise Microsoft support tickets for clients as needed; occasional internal infrastructure support.

Agile IT is hiring a Mid- or Senior- Career level Delivery Engineer to primarily execute Microsoft cloud projects for commercial sector defense contractors and other regulated enterprises. In this hands-on technical role, you'll perform migrations into M365 GCC and GCC-High environments, implement the security architectures and configurations our Solution Architects design—deploying Sentinel, Entra ID, CAP, MFA, Purview, DLP, Intune, Defender, and related technologies to meet CMMC Level 2 and other compliance requirements.

Your primary focus (~80–90%) is project delivery: taking scoped engagements from kickoff through completion, migrating from source environments into a GCC or GCC-H environment, configuring the new environment, documenting your work, documenting security controls evidence, and ensuring clients are set up for business success. As a secondary function (~10–20%), you'll perform recurring cloud administration tasks across our client base and support your colleagues.

We're looking for someone entrepreneurial: You see a problem and fix it without waiting for instructions. You don't just complete tasks; you look for ways to automate repetitive work, create tools that help your colleagues, and build efficiency into everything you do. When you encounter a gap in our processes or a manual task that should be scripted, you take initiative to solve it.

This is a fully remote position for someone who thrives with autonomy and takes ownership of outcomes. You're comfortable working across multiple clients, you deliver clean implementations that pass compliance scrutiny, and you're always thinking about how to do things better and faster.

Key Responsibilities:

** Project Delivery (Primary focus)**

• Microsoft Cloud Implementation: Configure and deploy Microsoft 365, Azure, and Azure Government solutions according to project scope. This typically includes Entra ID (Azure AD), Conditional Access policies, Microsoft Defender suite (Endpoint, 365, Cloud Apps), Intune/Endpoint Manager, Purview (DLP, sensitivity labels, audit), SharePoint/Teams governance, and Azure infrastructure (networking, VMs, AVD, W365).
• Identity Migrations: Execute migrations from on-premises Active Directory to Entra ID and Microsoft 365, including hybrid identity configurations, Entra Connect deployments, and similar cloud tenant-to-tenant migrations. Your experience with on-prem AD forests—designing, deploying, and managing them—translates directly to understanding what clients are migrating from and ensuring clean transitions.
• **GCC High & CMMC-Aligned Deployments: **Execute implementations in GCC High tenants following security baselines aligned to CMMC Level 2 and NIST 800-171. Ensure configurations meet control requirements and are audit-ready from day one.
• **Automation & Scripting: **Develop and maintain automation to streamline deployments and recurring tasks. For M365 work, this means PowerShell and Microsoft Graph; for Azure, PowerShell and ARM templates. Automate bulk operations (user provisioning, license assignments, policy deployments), create reusable deployment scripts for common configurations, and build tools that accelerate project delivery across engagements. When you solve a repeating problem, you script it so no one has to solve it manually again.
• Technical Documentation: Create as-built documentation, configuration guides, and runbooks for each project. Contribute technical details to System Security Plans (SSPs) and control implementation statements where required.
• Remediation Execution: Implement remediation tasks identified during compliance gap analyses—deploying MFA, hardening Conditional Access, configuring audit logging, tightening access controls, and closing security gaps.
• **Client Handoffs & Training: **Conduct knowledge transfer sessions with client IT teams at project close. Ensure clients understand what was deployed and how to maintain it.

Managed Services Program Support (Secondary focus)

• Recurring Cloud Administration: Provide hands-on support (~5–10 hours/week) for our growing managed services. Tasks include topics such as user/group management in Entra ID, license assignments, Conditional Access updates, Intune policy adjustments, and responding to service tickets; as well as similar level of administration for clients with on-premise AD.

• Recurring Managed Compliance Activities: Support our CMMC compliance program specialists with monthly evidence collection for clients under managed compliance agreements. This includes gathering audit logs, configuration exports, access reviews, policy documentation, and compliance reports from Microsoft 365 and Azure environments to demonstrate ongoing control implementation. You'll work alongside our CMMC specialist to ensure evidence packages are complete and audit-ready.

• Incident Support: Support escalations from colleagues on complex issues where you have expertise; Assist with investigating security incidents as needed.

Qualifications

Experience

• 5+ years of hands-on experience implementing Microsoft cloud and identity technologies.
• Demonstrated project delivery experience—you've taken engagements from kickoff to completion, not just maintained existing environments.
• Experience designing, deploying, and managing on-premises Active Directory forests. You understand GPOs, trusts, sites/services, replication, and the nuances of enterprise AD—this foundation is critical for executing clean migrations to Microsoft 365.
• Experience in consulting, MSP, or professional services environments preferred (comfortable with multiple concurrent clients and defined scopes).
• Strong experience with compliance frameworks (CMMC, NIST 800-171, FedRAMP, or similar) is a significant advantage but not required.

Technical Skills

• **Identity & Access: **Deep experience with Entra ID (Azure AD), Conditional Access, Entra Connect/Cloud Sync, and hybrid identity architectures. Strong understanding of on-premises Active Directory—you've built forests from scratch and know how they work under the hood.
• Microsoft 365: Tenant configuration, Exchange Online, SharePoint/OneDrive administration, Teams governance, Intune/Endpoint Manager, Microsoft Defender suite (Endpoint, O365, Cloud Apps), and Purview (DLP, sensitivity labels, audit).
• Azure: Familiarity with Azure infrastructure—subscriptions, resource groups, networking (VNets, NSGs, VPN/ExpressRoute), Azure Virtual Desktop, and IaaS deployments.
• **Automation & Scripting: **Strong PowerShell skills for automation and bulk operations. For M365: experience with Microsoft Graph API and PowerShell. For Azure: experience with ARM templates and Azure PowerShell modules. You should be comfortable writing scripts that save hours of manual work—and you actively look for opportunities to do so.
• Highly Preferred: Experience with Microsoft high-security environments and products such as GCC, GCC High, Azure Government, Microsoft Sentinel SIEM, SCCM/MECM.

Who You Are

• **Entrepreneurial & Self-Directed: **You don't wait to be told what to do. You see problems and solve them. You identify inefficiencies and fix them. You take ownership of outcomes and drive projects forward without constant oversight.
• Automation-Minded: You have a visceral dislike for repetitive manual work. When you do something twice, you start thinking about how to script it. You build tools that help yourself and your colleagues work faster.
• Detail-Driven: Your configurations are clean, your documentation is thorough, and your work holds up to audit scrutiny.
• Clear Communicator: You can explain what you built to both technical teams and non-technical stakeholders. You document your work so others can follow it.
• Adaptable: Comfortable context-switching between projects and clients; you manage your time well across concurrent engagements in a fully remote environment.

Education & Certifications

• Bachelor's degree in IT, Computer Science, or related field preferred but not required—demonstrated expertise matters more.
• Relevant Microsoft certifications strengthen your candidacy: AZ-104 (Azure Administrator), AZ-500 (Azure Security Engineer), MS-102 (Microsoft 365 Administrator), SC-300 (Identity and Access Administrator), or legacy MCSE/MCSA credentials demonstrating AD expertise.

Additional Information

Compensation & Benefits

• Competitive salary
• Comprehensive benefits (medical, dental, vision, retirement, PTO, professional development)
• Fully remote work environment with flexibility and autonomy
• Mission-driven work that directly strengthens our national security posture

Why This Role?

This is a builder's role with autonomy. If you're energized by deploying solutions, scripting away inefficiencies, and knowing your work helps defense contractors and government agencies operate securely—you'll fit right in. You'll work with cutting-edge Microsoft security technologies, develop deep expertise in GCC High and CMMC compliance, and have the latitude to shape how we deliver. We value people who make things better, not just people who complete tasks.