Modern Workplace Engineer III

The Modern Workplace Engineer Level III supports Microsoft 365 environments for managed services customers. This role will lead the design, optimization, and security of Microsoft 365 E5 environments for clients primarily in the Defense Industrial Base. This senior technical role will architect complex collaboration and security solutions, mentor junior staff, and directly support customer compliance and productivity goals in tightly regulated environments.  

This role will focus on both the ongoing operations of managed services as well as project-based onboarding and adoption. 

Role & Responsibilities:

Architecture & Deployment 

• Design and implement secure, scalable Microsoft 365 configurations including: 

• SharePoint Online site collections and permissions 
• Microsoft Teams structures, templates, and lifecycle policies 
• Exchange Online transport rules, shared mailboxes, and mail flow 
• OneDrive for Business policies and sharing controls 

• Deploy and configure Microsoft 365 security features such as: 

• Data Loss Prevention (DLP) policies 
• Sensitivity labels and encryption rules 
• Safe Links and Safe Attachments (Defender for Office 365) 
• Defender for Endpoint integration with Microsoft 365 Defender suite 

• Recommend architectures based on Microsoft best practices patterns (Secure Future Initiative and others), including Zero Trust access control methodologies. 

• Lead initiatives to integrate Microsoft 365 features with broader endpoint, identity, and cloud security strategies. 

End User Productivity Support 

• Provide Tier III support for Microsoft 365 services, including: 

• Entra ID 
• Exchange Online 
• Microsoft Teams 
• SharePoint Online 
• OneDrive for Business 
• Microsoft Office Apps (Word, Excel, Outlook, etc.) 

• Troubleshoot issues related to Microsoft 365 access, synchronization, and collaboration. 
• Act as a technical escalation point for Level I engineers and assist with troubleshooting escalated tickets. 
• Advise clients on best practices for governance, collaboration, and compliance in the Microsoft 365 ecosystem. 
• Participate in customer workshops, onboarding sessions, and quarterly business reviews (QBRs) with account managers as necessary. 

Identity & Access Support 

• Implement and fine-tune Microsoft Purview features including DLP, eDiscovery, Information Barriers, and sensitivity labels for classified or controlled unclassified data handling. 
• Serve as a subject matter expert (SME) for Microsoft 365 compliance in support of CMMC, NIST 800-171, DFARS 7012, and Zero Trust adoption. 
• Advise clients and internal stakeholders on secure M365 governance and risk mitigation strategies. 
• Configure and maintain Conditional Access, passwordless authentication, and identity protection policies in Microsoft Entra ID. 
• Support hybrid identity scenarios and secure guest access across Microsoft 365 services. 
• Execute Microsoft 365 tenant baseline configurations and validation to support compliance initiatives. 

Security & Compliance Tasks 

• Implement and fine-tune Microsoft Purview features including DLP, eDiscovery, Information Barriers, and sensitivity labels for data governance and handling. 

• Serve as a subject matter expert (SME) for Microsoft 365 compliance in support of CMMC, NIST 800-171, DFARS 7012, and Zero Trust adoption. 

• Advise clients and internal stakeholders on secure M365 governance and risk mitigation strategies. 

Service Delivery & Operations 

• Respond to service requests and incidents in alignment with SLAs and internal escalation paths. 
• Perform basic configuration and policy updates using Microsoft 365 Admin Center and Microsoft Endpoint Manager (Intune). Follow internal processes (such as change control) for making changes in customer environments. 
• Document technical issues, solutions, and recurring patterns in internal knowledge base systems. 

Customer Engagement 

• Work directly with customer stakeholders, primarily technical contacts, to resolve routine issues and implement M365 changes. 
• Participate in onboarding activities for new users, sites, or departments within existing managed customers. 

Team Collaboration 

• Provide technical leadership to Level I and II engineers, reviewing deliverables and providing hands-on support for advanced tasks. 
• Lead internal knowledge-sharing sessions and certification readiness programs for the Modern Workplace team. 
• Lead coordination efforts with senior team members from Endpoint Engineering, Security Operations, and Azure Engineering teams to resolve issues. 
• Participate in regular team syncs and ongoing training sessions to stay current on Microsoft 365 features and changes. 

Operational Excellence 

• Standardize deployment methodologies across the engineering team using infrastructure-as-code, automation, and best practices. 
• Lead the development and refinement of configuration baselines, operational playbooks, and escalation procedures. 
• Drive proactive monitoring and alerting strategies using Microsoft 365 tools, analytics, and RMM integrations. 

Competencies / Skills:

• 5+ years of experience in Microsoft 365 solution engineering with increasing levels of responsibility. 
• Deep hands-on knowledge of the full Microsoft 365 E5 suite, including Defender for Office 365, Defender for Endpoint, and Purview compliance solutions. 
• Strong experience in regulated environments (e.g., DIB, government, finance, healthcare), with direct contributions to CMMC or NIST 800-171 programs. 
• Proficiency with PowerShell, Microsoft Graph API, and administrative scripting for automation and reporting. 
• U.S. Citizenship required (due to work with defense contractors and ITAR-regulated customers). 

• Excellent communication skills, with the ability to engage effectively with stakeholders at all levels within the organization, and to articulate complex technical concepts in a clear and concise manner. 

• Demonstrated ability to go above and beyond to understand and serve customers’ needs and in effectively managing several customers simultaneously.  
• Highly collaborative–with “team” mindset, sharing ideas and supporting cross-functional colleagues; handling interactions with professionalism and integrity.  
• Demonstrates a results driven approach to IT operations, recognizing that technology support and system reliability extend beyond traditional 9to5 hours. High accountability for delivering results, owning mistakes and doing the right thing – always.

Preferred

• Familiarity with Microsoft Defender for Endpoint and its integration with Defender for Office 365. 
• Hands-on experience with Microsoft Purview compliance solutions. 
• Experience with secure M365 cross-tenant collaboration (e.g., B2B collaboration policies, information barriers). 
• Knowledge of hybrid Exchange environments and complex mail flow architectures. 
• Familiarity with Microsoft Sentinel, Defender for Cloud Apps, and cross-platform M365 telemetry. 
• Project management or team lead experience within a Managed Services Provider (MSP) context. 
• Experience working in regulated industries or classified environments. 
• Microsoft 365 Certified: Fundamentals (MS-900) certification 
• Microsoft 365 Certified: Enterprise Administrator Expert (MS-102) certification 
• Microsoft 365 Certified: Modern Desktop Administrator Associate (MD-102) certification 
• Microsoft Certified: Identity and Access Administrator Associate (SC-300) certification 
• CompTIA Security+ (especially valued for work in DIB environments)

Where required by law, this posting includes a good‑faith pay range for candidates who will perform the role in specific jurisdictions. For other locations, the actual compensation may differ. Final compensation will be determined based on qualifications, experience, skills, work location, internal equity, and current market data. This job posting is not a contract or promise of employment or any particular compensation, and any employment offer will be set out in a written offer letter.

EOE M/F/D/V