We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Chevo Consulting jobs

Microsoft Cloud Security Architect

Chevo Consulting
tuition assistance, 401(k)
United States, D.C., Washington
Mar 21, 2026
Apply
Job Type
Full-time
Description

Chevo is hiring a Microsoft Cloud Security Architect to serve as Key Personnel on the DOI Office of Wildland Fire (OWF) FireNet Enterprise Business Services contract. FireNet is a Microsoft 365/Azure-based interagency collaboration platform supporting federal, state, tribal, and local wildland fire operations across DOI, USDA Forest Service, and non-federal partners. In this role, you will own hands-on security engineering for the FireNet tenant, working directly within the Government's Change Advisory Board (CAB) approval process and serving as the on-call technical resource for Priority 1 security incidents.

Location: Remote (CONUS) | Occasional On-Site Travel Required

Clearance: Federal Public Trust (National Agency Check with Inquiries - NACI) Required

Duties and Responsibilities:

  • Engineer, implement, and continuously improve the security posture of the FireNet Microsoft 365 and Azure environment.
  • Configure and maintain Entra ID Conditional Access policies, Multi-Factor Authentication (MFA), and Privileged Identity Management (PIM) to enforce a zero-trust, least-privilege posture across all privileged and high-risk roles.
  • Manage guest and external identity lifecycle including entitlement management, access packages, and periodic access reviews in coordination with Government ISSOs and program stakeholders.
  • Will be solely accountable for Microsoft Secure Score and Identity Secure Score improvements, developing and executing a monthly action plan to achieve net-positive score improvements and remediating critical findings within 10 business days or an approved POA&M.
  • Will build and maintain Microsoft Defender for Cloud and Microsoft Sentinel analytics rules, incident playbooks, KQL workbooks, and queries to detect and respond to threats across the tenant.
  • Support Purview data loss prevention and sensitivity label implementation as authorized by the Government and ensure all logging and telemetry pipelines are configured for continuous monitoring IAW the DOI Continuous Monitoring Plan and FISMA requirements.
  • Provide on-call coverage for Priority 1 security and platform incidents, with expectations to acknowledge within 30 minutes, begin triage within 1 hour, and restore or implement a workaround within 4 hours.
  • repare CAB packets for security-scoped changes, coordinate with the Power Platform CoE Lead and Web Development team on security controls and DevOps pipeline guardrails and contribute to monthly Security Posture Reports and knowledge transfer documentation for Government ISSOs
Requirements

Required Qualifications:

  • Ability to obtain and maintain a Federal Public Trust (NACI) and be comfortable serving in an on-call capacity during national wildland fire preparedness seasons (National Preparedness Level 3-5).
  • Demonstrated, hands-on experience engineering enterprise Microsoft 365 and Azure security environments, including deep proficiency with Entra ID (Azure Active Directory), Conditional Access, PIM, MFA, and zero-trust architecture principles.
  • Experience with Microsoft Defender for Cloud, Microsoft Sentinel, and KQL for custom analytics rules and threat hunting is required.
  • Familiarity with Microsoft Purview and data governance controls within a government environment.
  • Experience operating in DOI, FISMA, FedRAMP, or NIST 800-53 compliance environments is strongly preferred.
  • Familiarity with DOI or other Federal agency security operations and authorization-to-operate (ATO/A&A) documentation is a plus.
  • Relevant Microsoft certifications such as SC-100 (Cybersecurity Architect), SC-200 (Security Operations Analyst), SC-300 (Identity and Access Administrator), or AZ-500 (Azure Security Engineer) are highly desirable and may substitute for certain experience requirements consistent with the GSA MAS pricelist.

Salary Range: $130,000 - $165,000

ELIGIBLE FOR PERFORMANCE BASED BONUS

Chevo offers a comprehensive benefits package including medical, dental and vision coverage, paid leave, observes all 11 federal government holidays, 401K plan with matching, monthly SMART card employer contribution for commuting expenses, tuition assistance and more!

Chevo, a Women-Owned Small Business (WOSB), has made Consulting Magazine's 2023 and 2024 "Best Firms to Work For" list and is a 2023, 2024, 2025, and 2026 Elev8 GovCon honoree. Chevo is a nine-time awardee of the Alliance for Workplace Excellence award; ranked one of the best Small Business Strategy firms by Consulting Magazine; made the Washington Technology Fast 50 list; and has earned multiple Program Management Industry awards.

Chevo is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin, or any other characteristic protected under federal, state, or applicable local law.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-kzk4k)