Cloud Operations and Cloud Migration

Summary

Join the NATO Communications and Information Agency (NCIA) as a highly experienced service delivery expert in Cloud Operations and Cloud Migration. Support and drive the NATO Public Cloud migration project, acting as deputy to the project’s Technical Lead. Deliver end-to-end cloud engineering services, covering cloud operations, security, and platform modernization. Responsibilities include significant support services in Intune, Microsoft 365, Azure, and related tools. Support data migration and service transitioning from on-premises environments. Interface with senior management and operational stakeholders to architect secure cloud solutions and ensure continuous service delivery. This is a full-time on-site position in The Hague, NL, requiring a NATO SECRET security clearance.

Requirements

• Microsoft Azure and M365 Expertise (8 years of experience)
• Strong practical knowledge of M365 tenant architecture and services
• In-depth Azure experience including RBAC, ARM, and NSGs
• Capability to design and maintain secure hybrid environments
• Device and Intune Management (8 years of experience)
• Experience managing corporate devices with Microsoft Intune
• Configuration of policies for compliance and conditional access
• Troubleshooting enrollment, provisioning, and policy conflicts
• Advanced Cloud Security Controls
• Implementation of security configurations in Defender XDR
• Experience with identity protection and MFA enforcement
• Familiarity with Microsoft 365 Secure Score and Zero Trust maturity
• SIEM and Monitoring
• Hands-on experience with Microsoft Sentinel and log correlation
• Knowledge of Kusto Query Language (KQL) for custom rules
• Ability to respond to and triage security alerts
• Data Protection and Compliance
• Proficiency in using Purview for sensitivity, retention, and eDiscovery
• Familiarity with GDPR, DLP, and compliance manager
• Integration of compliance frameworks into daily operations
• Information Labeling Solutions
• Experience with Titus and Microsoft Sensitivity Labels
• Label enforcement in Exchange, Teams, SharePoint, and OneDrive
• Integration with metadata and classification engines
• Zero Trust Architecture
• Experience implementing Cloudflare Zero Trust policies
• Use of WARP client, Access Gateway, and posture validation
• Policy tuning and client troubleshooting in secure environments
• Threat Protection and Email Security
• Configuration and tuning of Proofpoint threat policies
• Knowledge of mail routing, encryption, and threat analytics
• Understanding of SPF, DKIM, and DMARC application
• Automation and DevOps
• PowerShell scripting and automation pipeline development
• Familiarity with Git, YAML, Terraform, and Bicep
• CI/CD lifecycle knowledge for infrastructure as code
• Data Migration and OPSWAT
• Experience with data flattening, rehydration, and ingestion
• Use of MetaDefender for sanitization and CDR operations
• Managing large file sets and PST archives securely
• Storage and Network Infrastructure
• Understanding of Azure Storage Account tiers and encryption
• VNET peering, NSG enforcement, and firewall logging
• Experience with private endpoints and routing policies
• Stakeholder Engagement
• Strong communication and stakeholder management skills
• Experience in requirement elicitation and technical validation
• Presentation of solution architectures and recommendations
• Architecture Documentation
• Skilled in technical writing for solution design and operations
• Authoring and maintaining architectural design documents
• Contribution to SOPs and compliance documentation
• Security Frameworks and Policy
• Familiarity with NIST SP 800-53, CIS Benchmarks, and ISO standards
• Experience supporting NATO and governmental security requirements
• Supporting compliance audits and accreditation processes
• Communication and Collaboration
• Excellent communication skills to effectively collaborate with IT teams, stakeholders, and end-users
• Ability to document processes clearly and provide training on IAM tools and practices
• Organizational Skills
• Strong organizational skills to manage multiple tasks and priorities effectively
• Attention to detail in managing M365 environment and the Microsoft Intune Platform
• Team Collaboration
• Ability to work effectively as part of a team and share knowledge and resources
• Willingness to collaborate with colleagues to solve complex issues
• The individuals shall have strong customer relationship skills, including negotiating complex and sensitive situations under pressure
• Full proficiency in the English language
• The individual must have the nationality of one of the NATO nations
• The individual must possess a NATO Secret Security Clearance or national equivalent

Responsibilities

• Manage and maintain hybrid-cloud workloads using Microsoft Azure and Microsoft 365
• Monitor operational performance, security, and reliability of core cloud services
• Ensure alignment with NATO’s Enterprise Cloud Operating Model
• Assist in data center-to-cloud migration planning and implementation
• Lead technical validation of migrated workloads
• Support phased service transitions and readiness checks
• Maintain and configure Storage Accounts, NSGs, Azure DNS, and VNETs
• Troubleshoot and resolve Azure IaaS and PaaS issues
• Collaborate with security teams to enforce boundary protection
• Oversee Intune policy and compliance profiles
• Coordinate device onboarding and role-based access controls
• Support conditional access and mobile app management
• Configure and monitor Microsoft Defender across 365 and Endpoint environments
• Respond to alerts and support SOC operations
• Develop and manage custom detection rules
• Integrate Sentinel with security tooling for SOC visibility
• Create dashboards and incident response workflows
• Support threat hunting and data normalization
• Implement DLP, retention, and eDiscovery policies
• Manage compliance manager score improvements
• Ensure ongoing audit readiness
• Utilize OPSWAT MetaDefender for malware scanning and content filtering
• Support PST ingestion and data flattening into compliant structures
• Monitor ingestion workflows for OneDrive, SharePoint, and Exchange
• Define and assign sensitivity labels across Microsoft 365 workloads
• Integrate with Titus and metadata frameworks for automated enforcement
• Support information protection and usage reporting
• Support Zero Trust policy deployment with Cloudflare WARP clients
• Configure access policies, DNS filtering, and posture checks
• Troubleshoot endpoint trust issues and network pathing
• Maintain email security policies and configurations
• Review threat intelligence feeds and domain spoofing mitigation
• Support SPF/DKIM/DMARC configuration and enforcement
• Develop scripts and workflows using PowerShell and YAML pipelines
• Integrate CI/CD processes with GitHub Actions and Azure DevOps
• Manage Terraform templates and ARM-based deployments
• Support system architecture review boards (SARBs)
• Provide technical guidance for secure solution design
• Align with NIST, ISO 27001, and NATO-specific frameworks
• Interface with senior management to gather technical requirements
• Present design proposals and readiness assessments
• Coordinate across NCSC, service teams, and project offices
• Maintain As-Built and Operational documentation
• Draft SOPs, STIGs, and runbooks for managed environments
• Deliver training and knowledge transfer to operations teams
• Collaborate with IT security, compliance, and other relevant teams to ensure cohesive Cloud Operations strategies
• Communicate effectively with internal stakeholders to understand requirements and address concerns

Preferred Qualifications

French language proficiency is of advantage

Benefits

• Remote work, flexible hours
• Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of the AAS+ Framework Contract and within the limits of the NCIA Travel Directive