Senior Systems Engineer (Lead)

About The Position

Requirements

• Minimum of eight (8) years of progressive experience in enterprise systems engineering, cloud architecture, or IT infrastructure operations.
• Expert-level proficiency in Microsoft Azure architecture is mandatory, encompassing compute provisioning, complex networking topologies (including Virtual Networks, Network Security Groups, and ExpressRoute), advanced storage solutions, and seamless identity integration.
• Must demonstrate deep, hands-on experience with the Microsoft 365 ecosystem, specifically proving competence in orchestrating Microsoft Entra ID, Microsoft Sentinel, Microsoft Defender, Purview, and Intune within an enterprise context.
• Demonstrated expertise in managing Hyper-V virtualization and Azure Virtual Desktop (AVD) environments optimized specifically for high-performance applications common in engineering firms.
• Experience configuring, managing, and documenting systems in strict accordance with CMMC Level 2, NIST 800-171, or FedRAMP High standards.
• Applied knowledge of Infrastructure as Code (IaC) utilizing HashiCorp Terraform or Azure Bicep is required to ensure scalable and auditable infrastructure management.
• Foundational experience with, or a strong conceptual understanding of, Artificial Intelligence in IT operations (AIOps) and Agentic AI workflow automation.

Nice To Haves

• Microsoft Certified: Azure Solutions Architect Expert, Azure Virtual Desktop Specialty, or equivalent architectural certifications within the Google Cloud Platform (GCP) ecosystem.
• Direct experience orchestrating enterprise tenant migrations into Microsoft 365 GCC High environments is highly desired, given the specialized nature of sovereign cloud architectures.
• Practical experience developing autonomous AI agents using frameworks such as LangChain, or integrating large language models (LLMs) with IT service management platforms, will distinguish leading candidates.
• Background within the Architecture, Engineering, and Construction (AEC) industry or the Defense Industrial Base (DIB) is considered a significant asset, as it guarantees familiarity with the specific operational tempos and compliance burdens inherent to these sectors.

Responsibilities

• Design, deploy, and govern secure, well-architected Azure and Google Cloud Platform (GCP) landing zones, ensuring optimal performance, high availability, and cost-efficiency.
• Lead the provisioning, baselining, and continuous management of new Microsoft 365 enterprise tenants, enforcing strict security postures from inception.
• Administer comprehensive Microsoft identity and access management (IAM) strategies utilizing Microsoft Entra ID (formerly Azure AD), including the deployment of Conditional Access policies, multi-factor authentication (MFA), and Privileged Identity Management (PIM).
• Oversee the full suite of Microsoft security and governance tools, architecting deployments of Microsoft Sentinel (SIEM/SOAR), Microsoft Defender (XDR), Microsoft Purview (Data Loss Prevention and Information Protection), and Microsoft Intune (Mobile Device Management).
• Architect and maintain high-performance Virtual Desktop Infrastructure (VDI) using Azure Virtual Desktop (AVD) and Windows 365, specifically tuned to support heavy engineering, CAD, and BIM workloads.
• Implement and manage FSLogix profile containers, ensuring low-latency access to roaming profiles via optimized Premium SSD storage and Azure NetApp Files.
• Administer on-premises and hybrid virtualization clusters, leveraging deep expertise in Microsoft Hyper-V, VMware, and advanced Storage Area Networks (SAN) to ensure robust disaster recovery and failover capabilities.
• Serve as the primary technical architect for achieving and maintaining Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance.
• Engineer and support Microsoft 365 GCC High environments designed to process, store, and transmit Controlled Unclassified Information (CUI) in accordance with NIST SP 800-171 and DFARS 7012 mandates.
• Develop and maintain critical compliance artifacts, including System Security Plans (SSP), Plans of Action and Milestones (POA&M), network diagrams, and continuous monitoring evidence required for third-party audits (C3PAO).
• Lead the strategic deployment of Agentic AI systems to autonomously monitor, diagnose, and remediate enterprise infrastructure anomalies, significantly reducing incident resolution times.
• Architect secure agentic workflows that integrate directly with enterprise APIs, allowing AI agents to orchestrate multi-step IT processes (e.g., automated resource scaling, ticket resolution, and inventory reconciliation) while maintaining strict human-in-the-loop oversight where required.
• Establish reliability, security, and observability foundations for AI agents, ensuring deterministic performance and preventing unauthorized access to sensitive environments.
• Transform manual infrastructure provisioning into automated, repeatable, and auditable pipelines using Infrastructure as Code (IaC) tools such as HashiCorp Terraform and Azure Bicep.
• Integrate IaC deployments with continuous integration and continuous delivery (CI/CD) platforms (e.g., Azure DevOps, GitHub Actions), enforcing code reviews, static analysis, and security scanning prior to deployment.
• Automate routine system administration tasks through advanced PowerShell scripting and automation runbooks.
• Provide technical leadership, mentorship, and daily guidance to the systems engineering team (Systems Engineers I/II and IT support staff), fostering a culture of continuous learning and operational excellence.
• Collaborate with cross-functional stakeholders, including software developers, network engineers, executive leadership, and external clients—to define business requirements and translate them into scalable infrastructure designs.
• Manage vendor relationships, evaluate new technologies (such as emerging multi-cloud platforms and AI-native observability tools), and perform cost-benefit analyses to support executive purchasing decisions.