The Modern Workplace Engineer Level III supports Microsoft 365 environments for managed services customers. This role will lead the design, optimization, and security of Microsoft 365 E5 environments for clients primarily in the Defense Industrial Base. This senior technical role will architect complex collaboration and security solutions, mentor junior staff, and directly support customer compliance and productivity goals in tightly regulated environments. This role will focus on both the ongoing operations of managed services as well as project-based onboarding and adoption.

Key Responsibilities

Architecture and deployment

Design and implement secure, scalable Microsoft 365 configurations including: SharePoint Online site collections and permissions Microsoft Teams structures, templates, and lifecycle policies Exchange Online transport rules, shared mailboxes, and mail flow OneDrive for Business policies and sharing controls

Deploy and configure Microsoft 365 security features such as: Data Loss Prevention (DLP) policies Sensitivity labels and encryption rules Safe Links and Safe Attachments (Defender for Office 365) Defender for Endpoint integration with Microsoft 365 Defender suite

Recommend architectures based on Microsoft best practices patterns (Secure Future Initiative and others), including Zero Trust access control methodologies.

Lead initiatives to integrate Microsoft 365 features with broader endpoint, identity, and cloud security strategies. End User Productivity Support

Provide Tier III support for Microsoft 365 services, including: Entra ID Exchange Online Microsoft Teams SharePoint Online OneDrive for Business Microsoft Office Apps (Word, Excel, Outlook, etc.)

Troubleshoot issues related to Microsoft 365 access, synchronization, and collaboration.

Act as a technical escalation point for Level I engineers and assist with troubleshooting escalated tickets.

Advise clients on best practices for governance, collaboration, and compliance in the Microsoft 365 ecosystem.

Participate in customer workshops, onboarding sessions, and quarterly business reviews (QBRs) with account managers as necessary. Identity and access support

Implement and fine-tune Microsoft Purview features including DLP, eDiscovery, Information Barriers, and sensitivity labels for classified or controlled unclassified data handling.

Serve as a subject matter expert (SME) for Microsoft 365 compliance in support of CMMC, NIST 800-171, DFARS 7012, and Zero Trust adoption.

Advise clients and internal stakeholders on secure M365 governance and risk mitigation strategies.

Configure and maintain Conditional Access, passwordless authentication, and identity protection policies in Microsoft Entra ID.

Support hybrid identity scenarios and secure guest access across Microsoft 365 services.

Execute Microsoft 365 tenant baseline configurations and validation to support compliance initiatives. Security and compliance tasks

Implement and fine-tune Microsoft Purview features including DLP, eDiscovery, Information Barriers, and sensitivity labels for data governance and handling.

Serve as a subject matter expert (SME) for Microsoft 365 compliance in support of CMMC, NIST 800-171, DFARS 7012, and Zero Trust adoption.

Advise clients and internal stakeholders on secure M365 governance and risk mitigation strategies. Service delivery and operations

Respond to service requests and incidents in alignment with SLAs and internal escalation paths.

Perform basic configuration and policy updates using Microsoft 365 Admin Center and Microsoft Endpoint Manager (Intune). Follow internal processes (such as change control) for making changes in customer environments.

Document technical issues, solutions, and recurring patterns in internal knowledge base systems. Customer Engagement

Work directly with customer stakeholders, primarily technical contacts, to resolve routine issues and implement M365 changes.

Participate in onboarding activities for new users, sites, or departments within existing managed customers. Team Collaboration

Provide technical leadership to Level I and II engineers, reviewing deliverables and providing hands-on support for advanced tasks.

Lead internal knowledge-sharing sessions and certification readiness programs for the Modern Workplace team.

Lead coordination efforts with senior team members from Endpoint Engineering, Security Operations, and Azure Engineering teams to resolve issues.

Participate in regular team syncs and ongoing training sessions to stay current on Microsoft 365 features and changes. Operational excellence

Standardize deployment methodologies across the engineering team using infrastructure-as-code, automation, and best practices.

Lead the development and refinement of configuration baselines, operational playbooks, and escalation procedures.

Drive proactive monitoring and alerting strategies using Microsoft 365 tools, analytics, and RMM integrations. Qualifications

5+ years of experience in Microsoft 365 solution engineering with increasing levels of responsibility.

Deep hands-on knowledge of the full Microsoft 365 E5 suite, including Defender for Office 365, Defender for Endpoint, and Purview compliance solutions.

Strong experience in regulated environments (e.g., DIB, government, finance, healthcare), with direct contributions to CMMC or NIST 800-171 programs.

Proficiency with PowerShell, Microsoft Graph API, and administrative scripting for automation and reporting.

Excellent documentation, presentation, and client communication skills. Preferred

Familiarity with Microsoft Defender for Endpoint and its integration with Defender for Office 365.

Hands-on experience with Microsoft Purview compliance solutions.

Experience with secure M365 cross-tenant collaboration (e.g., B2B collaboration policies, information barriers).

Knowledge of hybrid Exchange environments and complex mail flow architectures.

Familiarity with Microsoft Sentinel, Defender for Cloud Apps, and cross-platform M365 telemetry.

Project management or team lead experience within a Managed Services Provider (MSP) context.

Experience working in regulated industries or classified environments.

Microsoft 365 Certified: Fundamentals (MS-900)

Microsoft 365 Certified: Enterprise Administrator Expert (MS-102)

Microsoft 365 Certified: Modern Desktop Administrator Associate (MD-102)

Microsoft Certified: Identity and Access Administrator Associate (SC-300)

CompTIA Security+ (especially valued for work in DIB environments) EOE M/F/D/V