Job Title: Senior Microsoft Cloud Engineer
GSSI Solutions is looking for a qualified candidate to support our client at the Congressional Budget Office (CBO) in Washington, D.C. The candidate will be an employee of GSSI Solutions and will represent GSSI Solutions’ ethics and values in support of our client, the Congressional Budget Office (CBO)
Place of Performance Work will primarily be performed on-site at the following location: Congressional Budget Office Ford House Office Building, Washington, DC. The amount of hybrid work will be at the discretion of the client.
The candidate must be a US Citizen or Green Card
Business core hours are (9:00 AM – 6:00 PM, Monday - Friday) although operational changes may be required on weekends or after-hours to avoid network and work disruptions.
Description:
The chosen candidate is considered key personnel and shall provide advanced engineering, operational, and advisory support for CBO’s Microsoft cloud environments, including Microsoft 365, Azure, and Microsoft Security platforms. The objective is to ensure a resilient, scalable, and secure Microsoft cloud environment that supports CBO’s mission, cybersecurity posture, and continuity of operations.
The person chosen is responsible for designing, implementing, maintaining, and optimizing secure cloud services in alignment with NIST SP 800-53, NIST SP 800-207 (Zero Trust Architecture), and FedRAMP Moderate control requirements. Requirements include enterprise tenant management, Azure infrastructure and application development support, Exchange Online and collaboration services, identity and access management, and the implementation of security controls across Microsoft Defender, Entra ID, Purview, and related services. The Contractor will apply Zero Trust principles, least privilege, continuous verification, and conditional access while supporting compliance, audit readiness, and change management processes.
The candidate selected must have the following Microsoft active credentials
• Microsoft 365 Certified: Administrator Expert
• Microsoft Certified: Cybersecurity Architect Expert
• Microsoft Certified: Azure Solutions Architect Expert
• Microsoft 365 Certified: Endpoint Administrator Associate
• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Certified: Windows Server Hybrid Administrator Associate
• Microsoft 365 Certified: Teams Administrator Associate
• Microsoft Certified: Information Security Administrator Associate
These (or their equivalent prior certifications) should have been maintained for a minimum of 5 years. Expired certifications or certifications never used professionally will not be considered.
The Scope of Work includes, but is not limited to, the following activities:
· Microsoft Cloud Platform Engineering: Design, implement, operate, and optimize Microsoft 365, Azure, and Microsoft Security services to ensure reliability, scalability, and performance in support of CBO mission requirements.
• Security Architecture & Compliance: Implement and maintain cloud security controls aligned with NIST SP 800-53, NIST SP 800-207 (Zero Trust Architecture), and FedRAMP Moderate requirements, including continuous monitoring, risk mitigation, and security posture management.
• Identity & Access Management: Administer and secure identity services using Microsoft Entra ID, Conditional Access, privileged access controls, and least-privilege models in accordance with Zero Trust principles and Microsoft best practices.
• Collaboration & Messaging Services: Manage and support Exchange Online, Teams, SharePoint Online, and related collaboration services, ensuring availability, security, and compliance with organizational policies.
• Azure Infrastructure & Development Support: Provide engineering support for Azure infrastructure, networking, and application workloads, including configuration, maintenance, troubleshooting, and integration with on-premises or hybrid environments as applicable.
• Security Operations Enablement: Configure and manage Microsoft Defender, Purview, and related security platforms to support threat protection, data governance, information protection, and incident response readiness.
• Change Management & Documentation: Support formal change management processes, maintain technical documentation, and contribute to standard operating procedures to ensure transparency, traceability, and operational continuity.
• Advisory & Technical Leadership: Serve as a senior technical advisor to CBO stakeholders, collaborating with network, cybersecurity, and cloud teams to resolve complex issues, improve architecture, and support audits, assessments, and compliance reviews
Candidates should provide a minimum of 2 and no more than 4 short examples of personally written technical documents (ex. documentation, design documents, diagrams, PowerShell script source code, change control, training materials, policy documents, standard operating procedures) not to exceed a total of 5 pages.
As Key Personnel the Senior Microsoft Cloud Engineer must meet the following requirements:
• Demonstrated ability to provide senior-level technical leadership and independent operational support for enterprise Microsoft cloud environments, including Microsoft 365, Azure, and Microsoft Security platforms. This includes proof of currently maintained Microsoft certifications in all related areas for a period of no less than 5 years.
• Proven expertise in designing, implementing, operating, and optimizing Microsoft cloud services to ensure high availability, scalability, performance, and mission alignment.
• Ability to implement and maintain cloud security architectures aligned with NIST SP 800-53, NIST SP 800-207 (Zero Trust Architecture), and FedRAMP Moderate requirements, including continuous monitoring, risk mitigation, and security posture management.
• Advanced ability to fully implement and manage a hybrid Active Directory Microsoft M365 and Entra environment implementing the tiered security standards defined by Microsoft’s security framework.
• Proven experience creating and managing all aspects of Windows, MacOS, and Apple iOS devices in Intune including compliance and policy delivery.
• Proven experience creating and managing Autopilot delivery of operating system images and use of policy and on-demand delivery of software using Intune for environments of at least 700 endpoints.
• Practical experience locking down remote PowerShell access for administrative tasks in Entra and Azure across all related APIs to allow necessary administration including headless Exchange Online mailbox provisioning, SharePoint custom user profile field imports, and all Microsoft Graph related access.
• Advanced proficiency in identity and access management, including Microsoft Entra ID, Conditional Access, privileged access management, and least-privilege access models, including the implementation and minimal impact transition between MFA providers, implementation of 3rd party MFA as an Entra provider, and implementation of Smart Card and FIDO based key authentication methods across Windows and MacOS systems.
• Experience managing and supporting collaboration and messaging services, including Exchange Online, Microsoft Teams, SharePoint Online, and related Microsoft 365 workloads.
• Capability to provide Azure infrastructure and application support, including cloud networking, workload configuration, maintenance, troubleshooting, and hybrid integration where applicable.
• Hands-on experience configuring and managing Microsoft security platforms, including Defender, Sentinel, and Purview, to support threat protection, data governance, information protection, and incident response readiness.
• Demonstrated ability to manage and configure data sources feeding into Microsoft Sentinel including ongoing health reporting and alerting on ingest log data quality.
• Ability to support and comply with formal change management processes, produce and maintain technical documentation, training materials, and contribute to standard operating procedures.
• Demonstrated capacity to act as a senior technical advisor, collaborating with CBO engineering teams to resolve complex technical issues and support audits, assessments, and compliance reviews.
• Ability to perform duties with minimal supervision, exercising sound independent judgment and technical authority in maintaining a secure, resilient, and compliant Microsoft cloud environment.
• Implement automated reporting and dashboard creation using Power BI and other Microsoft tools. Reporting must include health monitoring systems, compliance reports, current spend and forecasted spend reports, and utilization reports across all aspects of CBO’s Microsoft cloud infrastructure.
• Must have proven experience setting up spending budget configurations in Azure including alerting and reporting for potential overages against budgets that allow 90 days lead time to allow CBO decision time for appropriate actions including either reduction in usage to avoid overages or acquisition and allocation of increased funding.
• Implement incident response and disaster response playbook responses as clearly written practical procedural documents that integrate into CBO’s existing IR and COOP documentation and procedural documents.
Please Note: The salary is estimated and is under review
As a leading IT consulting firm, we offer innovative and comprehensive technology solutions to government agencies across the nation. Our team of seasoned consultants understands the unique challenges and requirements of the public sector, and we collaborate closely with you to create tailored solutions that address your specific needs.