Location

Remote based role with preference in Hub Office City

About The Job You're Considering

Capgemini CIS is seeking a highly motivated Microsoft 365 Engineer with deep experience in cybersecurity, endpoint management, and cloud-native security solutions to join our team in supporting federal government clients in GCC High environments. This role emphasizes hands-on architecture and administration of Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Intune, Azure Virtual Desktop (AVD), and other M365 workloads within regulated and high-security environments.

Your Role

General Responsibilities :

• Provide strategic input to identity and security architecture in Microsoft 365, Azure AD, and related services
• Collaborate with security, operations, and compliance teams to implement secure-by-design configurations
• Develop technical documentation, runbooks, and executive-level reporting for compliance audits and operational transparency
• Troubleshoot Tier 3 issues related to Sentinel rules, Intune policy conflicts, AVD connectivity, and security misconfigurations
• Serve as the SME for endpoint security, SIEM/SOAR platforms, and Zero Trust implementations within Microsoft ecosystems

Key Responsibilities :

1.Cloud Security & Monitoring

• Architect, configure, and manage Microsoft Sentinel for advanced threat detection, investigation, and response
• Integrate Sentinel with Microsoft Defender solutions and third-party data connectors to monitor hybrid cloud infrastructure
• Design and implement security best practices using Microsoft Defender for Cloud, focusing on CSPM, workload protection, and threat analytics
• Create custom KQL queries and workbooks for detection, automation, and incident response workflows

2.Endpoint & Access Management

• Architect and manage Microsoft Intune for endpoint security, compliance, device lifecycle management, and mobile application management (MAM)
• Define conditional access policies integrated with Azure AD to support Zero Trust architecture
• Drive enrollment, configuration profiles, compliance baselines, and application deployment for Windows 10/11, iOS, and Android endpoints

3.Azure Virtual Desktop (AVD)

• Plan, deploy, and manage scalable AVD environments in Azure Government Cloud, ensuring optimal user experience and policy enforcement
• Implement FSLogix profile management, MSIX app attach, and integration with Defender and Sentinel
• Monitor AVD performance and usage analytics for capacity planning and optimization

4.GCC High & Compliance-Focused Workloads

• Work within Microsoft 365 GCC High environments, ensuring full compliance with DoD, FedRAMP High, and NIST 800-53 frameworks
• Secure M365 workloads with a strong focus on tenant hardening, conditional access, DLP, and insider risk policies

Your Skills And Experience

Required Qualifications :

• US Citizenship is required
• Eligible to obtain and maintain a DoD Security Clearance (Secret or Top Secret)
• BS/BA degree and 8 years of IT experience, or 10 years total without a degree
• Demonstrated experience in M365 GCC High, Azure Government Cloud, and DoD-compliant environments
• Experience in hybrid cloud/on prem environments
• Experience managing MS, Unix, Linux environments
• Expert knowledge of Microsoft Sentinel, Defender for Cloud, Intune, and Azure AD Conditional Access
• Working knowledge of AVD architecture, deployment, and management in regulated environments
• Proficiency in PowerShell scripting for automation, policy enforcement, and monitoring
• Experience designing solutions aligned with Zero Trust Architecture, NIST, and FedRAMP High standards
• Strong communication skills for technical and executive-level briefings and documentation

Preferred Qualifications :

• Microsoft certifications such as SC-200, MS-500, AZ-104, MD-102, or AZ-140
• Experience integrating third-party SIEM, EDR, or MDM platforms with Microsoft solutions
• Hands-on experience with Log Analytics, KQL, Playbook automation (Logic Apps), and Graph API
• Familiarity with Microsoft Purview, DLP, and Insider Risk Management
• One or more of the following DoD 8570 Level II Certifications: Security+ CE, GSEC, SSCP, CCNA Security, or equivalent

The base compensation range for this role in the posted location is: $65,586 - $130,000.

Capgemini provides compensation range information in accordance with applicable national, state, provincial, and local pay transparency laws. The base compensation range listed for this position reflects the minimum and maximum target compensation Capgemini, in good faith, believes it may pay for the role at the time of this posting. This range may be subject to change as permitted by law.

The actual compensation offered to any candidate may fall outside of the posted range and will be determined based on multiple factors legally permitted in the applicable jurisdiction.

These may include, but are not limited to: Geographic location, Education and qualifications, Certifications and licenses, Relevant experience and skills, Seniority and performance, Market and business consideration, Internal pay equity.

It is not typical for candidates to be hired at or near the top of the posted compensation range.

In addition to base salary, this role may be eligible for additional compensation such as variable incentives, bonuses, or commissions, depending on the position and applicable laws.

Capgemini offers a comprehensive, non-negotiable benefits package to all regular, full-time employees. In the U.S. and Canada, available benefits are determined by local policy and eligibility and may include:

• Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade, Company paid holidays, Personal Days, Sick Leave

• Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)
• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
• Life and disability insurance
• Employee assistance programs
• Other benefits as provided by local policy and eligibility

Important Notice: Compensation (including bonuses, commissions, or other forms of incentive pay) is not considered earned, vested, or payable until it becomes due under the terms of applicable plans or agreements and is subject to Capgemini's discretion, consistent with applicable laws. The Company reserves the right to amend or withdraw compensation programs at any time, within the limits of applicable legislation.