Microsoft 365 (M365) Security & Endpoint Engineer

Capgemini Government Solutions (CGS) is seeking a highly motivated Microsoft 365 Engineer with deep experience in cybersecurity, endpoint management, and cloud-native security solutions to join our team in supporting federal government clients in GCC High environments. This role emphasizes hands-on architecture and administration of Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Intune, Azure Virtual Desktop (AVD), and other M365 workloads within regulated and high-security environments.

The successful applicant will have the opportunity to apply and grow their skills, work with a motivated and high-reaching team, engage with a wide range of collaborators, and build CGS' capabilities to serve our clients.

Job Responsibilities-

General Responsibilities-

• Provide strategic input to identity and security architecture in Microsoft 365, Azure AD, and related services
• Collaborate with security, operations, and compliance teams to implement secure-by-design configurations
• Develop technical documentation, runbooks, and executive-level reporting for compliance audits and operational transparency
• Troubleshoot Tier 3 issues related to Sentinel rules, Intune policy conflicts, AVD connectivity, and security misconfigurations
• Serve as the SME for endpoint security, SIEM/SOAR platforms, and Zero Trust implementations within Microsoft ecosystems

Key Responsibilities-

Cloud Security & Monitoring

• Architect, configure, and manage Microsoft Sentinel for advanced threat detection, investigation, and response
• Integrate Sentinel with Microsoft Defender solutions and third-party data connectors to monitor hybrid cloud infrastructure
• Design and implement security best practices using Microsoft Defender for Cloud, focusing on CSPM, workload protection, and threat analytics
• Create custom KQL queries and workbooks for detection, automation, and incident response workflows

Endpoint & Access Management

• Architect and manage Microsoft Intune for endpoint security, compliance, device lifecycle management, and mobile application management (MAM)
• Define conditional access policies integrated with Azure AD to support Zero Trust architecture
• Drive enrollment, configuration profiles, compliance baselines, and application deployment for Windows 10/11, iOS, and Android endpoints

Azure Virtual Desktop (AVD)

• Plan, deploy, and manage scalable AVD environments in Azure Government Cloud, ensuring optimal user experience and policy enforcement
• Implement FSLogix profile management, MSIX app attach, and integration with Defender and Sentinel
• Monitor AVD performance and usage analytics for capacity planning and optimization

GCC High & Compliance-Focused Workloads

• Work within Microsoft 365 GCC High environments, ensuring full compliance with DoD, FedRAMP High, and NIST 800-53 frameworks
• Secure M365 workloads with a strong focus on tenant hardening, conditional access, DLP, and insider risk policies

Required Qualifications-

• US Citizenship is required
• Eligible to obtain and maintain a DoD Security Clearance (Secret or Top Secret)
• BS/BA degree and 12 years of IT experience, or 15 years total without a degree
• Demonstrated experience in M365 GCC High, Azure Government Cloud, and DoD-compliant environments
• Expert knowledge of Microsoft Sentinel, Defender for Cloud, Intune, and Azure AD Conditional Access
• Working knowledge of AVD architecture, deployment, and management in regulated environments
• Proficiency in PowerShell scripting for automation, policy enforcement, and monitoring
• Experience designing solutions aligned with Zero Trust Architecture, NIST, and FedRAMP High standards
• Strong communication skills for technical and executive-level briefings and documentation

Preferred Qualifications

• Microsoft certifications such as SC-200, MS-500, AZ-104, MD-102, or AZ-140
• Experience integrating third-party SIEM, EDR, or MDM platforms with Microsoft solutions
• Hands-on experience with Log Analytics, KQL, Playbook automation (Logic Apps), and Graph API
• Familiarity with Microsoft Purview, DLP, and Insider Risk Management
• One or more of the following DoD 8570 Level II Certifications:

Security+ CE, GSEC, SSCP, CCNA Security, or equivalent

Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem. The Group reported 2024 global revenues of 22.1 billion.

Disclaimer

All qualified applicants will be considered for employment based on their skills, and merit.

Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.

Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.

Capgemini discloses salary range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is 130k-170k.

This role may be eligible for other compensation including variable compensation, bonus, or commission. Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determined. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.