You will join a small group of highly experienced engineers as one of the senior architects on the team. This is a deeply technical and high-impact role focused on designing secure, scalable, and compliant environments for clients.
You will be responsible for evaluating complex infrastructures, defining architectural strategies, leading migrations, and supporting high-level technical escalations. This is not an implementation role — your value lies in decision-making, system design, and solving complex problems beyond standard procedures.
Key Responsibilities
- Conduct technical assessments and gap analyses across client environments (networks, identity, M365, Azure, AWS, endpoints, and security posture)
- Design remediation plans and upgrade roadmaps based on risk prioritization and business impact
- Lead end-to-end migration initiatives: discovery, architecture design, coordination, execution, and stabilization
- Architect AWS and Azure environments, including multi-account strategies, networking, identity, and security baselines
- Strengthen Active Directory environments (tiered administration models, privileged access management, GPO reviews, legacy protocol remediation, attack path reduction)
- Enhance Microsoft 365 security (Entra ID Conditional Access, Identity Protection, Defender suite, Exchange Online security, Purview, Intune baselines)
- Translate security and compliance frameworks (NIST CSF, NIST 800-53/171, CMMC, HIPAA, SOC 2, ISO 27001, PCI DSS, CIS Controls) into actionable technical implementations
- Act as a senior escalation point for MSP, MSSP, and Incident Response teams
- Support incident response engagements with deep expertise in identity, architecture, and forensic analysis
- Apply an engineering mindset to improve efficiency through automation, scripting, and tooling where applicable
Requirements
- 7+ years of experience in senior IT architecture, infrastructure engineering, cloud, or DevOps/SRE roles
- Proven experience working in MSP, MSSP, or Incident Response environments
- Deep understanding of networking at the protocol level (not just configuration)
- Hands-on experience architecting solutions in both AWS and Azure
- Strong expertise in Active Directory hardening, permissions modeling, and legacy system remediation
- Extensive experience with Microsoft 365 security (Entra ID, Exchange Online, SharePoint, Defender, Purview, Intune)
- Solid background in security and compliance frameworks, with the ability to translate them into technical controls
- Working knowledge of SIEM platforms (e.g., Sentinel, Splunk, Elastic) for architecture and troubleshooting
- Working knowledge of EDR/AV tools (e.g., CrowdStrike, SentinelOne, Defender for Endpoint)
- Experience with RMM and PSA tools (e.g., ConnectWise, NinjaRMM, Datto, Kaseya, HaloPSA)
- Real-world incident response experience (not only simulations)
- Strong scripting and automation skills (Python, PowerShell, Bash, Terraform, etc.)
- Excellent written and spoken English
Nice to Have
- Experience with AI / LLM-based tools
- AWS or Azure certifications (Solutions Architect Professional, Security Specialty)
- Security certifications (CISSP, OSCP, GCIH, GCIA, GCFA)
- Experience in managed IT environments
Logistics
- 100% remote (global, with reliable internet)
- Full-time position
- Flexible schedule, with expected availability during critical incidents
Job Type: Full-time
Work Location: Remote
