Microsoft 365 / Azure Architect - Los Angeles, CA

Hi,

 

Microsoft 365 / Azure Architect

Duration: Longterm Contract onsite

Location: Los Angeles, CA

 

We have below longterm job opening.

If you are interested , Please send your updated resume with below details. 

 

Your current location:

Visa status:

Availability:

Expected rate all inc on c2c /1099 :

 

Position Summary

Client is seeking a Microsoft 365 and Azure Architect to lead the design, security, and ongoing optimization of an enterprise environment across one of the largest public transportation agencies in the United States. This role will architect identity, azure, cybersecurity, with direct accountability for the integrity, posture and design of the Microsoft 365 tenant, Azure subscriptions, and the hybrid infrastructure that connects these services.

The successful candidate is a hands-on expert who can translate Microsoft platform capabilities into measurable security, performance, and outcomes for a regulated government environment. This role requires deep technical authority in M365 and Azure, paired with the judgment to operate inside the constraints of public sector procurement, audit, and compliance.

 

Key Responsibilities

Microsoft 365 Architecture and Operations

• Own the architecture, configuration baseline, and lifecycle of the M365 tenant supporting active directory accounts, including Exchange Online, SharePoint Online, OneDrive, Teams etc.

• Define and enforce tenant-wide policies for identity, licensing, data loss prevention, retention, eDiscovery, best practices and information protection.

• Lead remediation of legacy configurations, technical debt, and drift accumulated in the existing M365 environment, with a clear roadmap to a hardened target state.

• Manage hybrid identity through Entra ID (Azure AD), Entra Connect, Conditional Access, and PIM, including integration with on-premises Active Directory and downstream applications.

• Govern Microsoft licensing strategy across E3, E5, and add-on SKUs to align entitlements with security requirements and budget constraints.

Azure Platform and Virtual Machines

• Architect and operate Azure subscriptions, management groups, and policy structures aligned to Microsoft Cloud Adoption Framework and Zero Trust principles.

• Design, harden, and optimize Azure Virtual Machines and supporting services, including VM sizing, availability sets, scale sets, disk encryption, backup, patching, and Just-in-Time access.

• Implement and tune Microsoft Defender for Cloud, Defender for Servers, Microsoft Sentinel, and Azure Monitor to deliver actionable telemetry to the SOC.

Security, Identity, and Compliance

• Partner directly with the Cybersecurity organization to translate security requirements into enforceable Microsoft platform controls.

• Implement and continuously improve Conditional Access, MFA, privileged access management, and identity governance across all M365 and Azure workloads.

• Maintain alignment with NIST 800-53 where applicable, CIS Microsoft 365 and Azure Benchmarks, and any state and federal mandates relevant to a transit agency.

• Establish secure configuration baselines for collaboration tooling that account for the operational realities of a 24/7 transit workforce.

Required Qualifications

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field. Equivalent professional experience considered in lieu of a degree.

• Minimum 8 years of progressive experience designing and operating enterprise Microsoft environments, with at least 5 years focused on M365 and Azure at scale.

• Expert-level command of Microsoft 365 administration, including hands-on experience with tenants of 10,000 accounts or more.

• Demonstrated expertise in Azure IaaS and PaaS, with deep knowledge of Azure Virtual Machines, networking, storage, identity, and governance.

• Strong working knowledge of Active Directory, Group Policy, Windows Server, certificate services, and traditional on-premises Microsoft infrastructure.

• Proven track record applying NIST, CIS, or equivalent frameworks to Microsoft cloud environments.

• Proficiency with PowerShell, including Microsoft Graph, Exchange Online, and Azure modules.

• Excellent written and verbal communication skills, with the ability to brief both engineers and executives.

 

Preferred Qualifications

• Prior experience in a government, transit, utility, or other regulated public sector environment.

• Active Microsoft certifications such as Azure Solutions Architect Expert, Cybersecurity Architect Expert, Identity and Access Administrator, or Microsoft 365 Administrator Expert.

• Experience with Microsoft Sentinel, Defender XDR, Purview, and Intune at enterprise scale.

• CISSP, CCSP, or equivalent senior security certification.

• Hands-on experience with infrastructure-as-code, CI/CD pipelines, and GitHub or Azure DevOps in a controlled-change environment.

 

Thanks & Regards,

Girish Kumar

All your information will be kept confidential according to EEO guidelines.