Security Cloud Solution Architect - CTJ - Top Secret

Microsoft Federal is seeking individuals passionate about advancing cybersecurity readiness through immersive, hands-on exercises that strengthen operational resilience for U.S. Federal agencies. Ideal candidates for this role will demonstrate technical expertise, strong facilitation skills, and a commitment to driving measurable security outcomes. As a Security Cloud Solution Architect (L64) focused on Cyber Exercises, you will support the planning, facilitation, and delivery of immersive cybersecurity exercises for U.S. Federal customers. Working alongside senior CSAs, you will help design scenarios, operationalize technical solutions, and drive measurable security outcomes through hands-on engagement and collaboration. Responsibilities include:

• Adversary Emulation Leadership

• Own end-to-end red team operations for multi-day cyber exercises, from scenario scoping through executionand debrief.

• Author and govern adversary scenario developmentusing industry standard frameworks (e.g., MITRE ATT&CK), including adversary goals, TTP chains, inject timelines, success criteria,and safety boundaries.

• Lead live red team actions with strict OPSEC and command and control discipline; coordinating with control-cell and blueteamsto deliverinjectsanddrive realisticoperationalpressure on cyber defenders.

• Ensure exercise delivery is repeatable and scalable by producing reusable playbooks, operator guides, and standardized scenario packages.

• Red Team-focused Stakeholder Orchestration

• Align exercise scope, objectives, and communicationswith accountteam, customer,and delivery stakeholders; coordinatecontrolcell and intelligenceforinjects; managered team operationsschedule.

• Represent the program in customer briefings and executive touchpoints; set expectations and ensure outcomes are landed with account teams.

• Translate complex technical tradecraft into clear, outcome-focused narratives for senior customer leadership and non-technical stakeholders.

• Drive Business Outcomes

• Own and leadexercise deliveryaligned tostrategic customer objectives, acceleratingadoptionand effective operationalizationof Microsoft security tools and services.

• Lead collaborationwith Microsoft sales, engineering, and account teams to trackdelivery metrics, securityimpact,productusageoutcomes, and return on investment.

• Drive follow-on technical engagements by identifying capability gaps, recommending next-step priorities, and aligning findings to customer roadmaps.

• Design Realistic Scenarios

• Lead theresearchand development ofexercise scenarios based on emerging threats and current adversary tactics, techniques, and procedures (TTPs).

• Tailor scenario selection to customer-specific training objectives,operational priorities,and maturity level.

• Research, develop, and incorporate modern topics such as AI-enabled threats or hybrid-cloud attack surfaces.

• Build scenario artifacts that enhance realism (e.g., simulated phishing, OAuth abuse, identity compromise, lateral movement narratives, and supporting evidence) while maintaining safe exercise guardrails.

• Mentorship &Collaboration

• Coachjunioroperators on tradecraft, safety, and scenario design; run postop reviews and publish SOPs and playbooks.

• Leadregular team knowledge-sharing sessions toscaletechnical and operational expertise.

• Contribute to Microsoft communities of practice with demos, guidance, and reusableintellectual property.

Preferred Qualifications

• Bachelor's Degree in Computer Science, Information Technology, Engineering, Business, Liberal Arts, or related field AND 8+ years experience in cloud/infrastructure technologies, information technology (IT) consulting/support, systems administration, network operations, software development/support, technology solutions, practice development, architecture, and/or consulting OR Master's Degree in Computer Science, Information Technology, Engineering, Business, Liberal Arts, or related field AND 6+ years experience in cloud/infrastructure technologies, technology solutions, practice development, architecture, and/or consulting OR equivalent experience.
• 4+ years experience working in a customer-facing role (e.g., internal and/or external).

• Experienceleading multi-day red team operations or cyber exercises, including scenariodevelopmentandmapping TTPs toindustry recognizedsecurity frameworks (e.g., MITRE ATT&CK).

• Ability to build reusable adversary playbooks and scenarios aligned with real-world and fictional threat actorsincluding success criteria, inject timelines, and mapped TTPs for repeatable delivery at scale.

• Demonstrated hands-on experience executing full attack chains (initial access,persistence,privilege escalation,lateral movement,cloud workload impact) in realistic enterprise environments.

• Ability to clearly explain offensive tradecraft, decision-making, and operational risk tradeoffs during delivery to technical and non-technical audiences.

• Cloud, Hybrid, & On-premises Tradecraft:

• Expert-level experience withattack paths across Entra ID, Microsoft 365, and Azure. Including token theft/reuse, app consent abuse, conditional access bypass, device identity abuse, andAI-enabled tradecraft.

• Strong understanding of hybrid identity attack techniques including Kerberos/NTLM, AD CS/PKI relay, ADFS, and lateral movement to cloud workloads.

• Experience with cloud persistence and privilege escalation techniques including service principal abuse, application registrations, federated identity credentials, and managed identity abuse.

• Experience with Azure IaaS compromise and lateral movement including Azure VM access, credential harvesting, automation account abuse, and storage/key access paths (Key Vault, Storage Accounts, SAS tokens).

• Detection, Hunting, & Blue-Team Partnership:

• Translate red teamactionsinto blue team improvements using Microsoft Defender XDR (MDE/MDI/MDO) and Microsoft Sentinel, includinganalytic rules and KQL-basedthreathunting.

• Lead and facilitateexercise delivery after action reports (AARs) with customer-facing SOC/incident response teams, executive level leadership, and Microsoft security personnel.

• Ability to develop detection recommendations mapped directly to exercise TTPs, including suggested telemetry sources, logging gaps, and validation steps.

• Experience collaborating live with blue teams during delivery to support purple-team style validation and rapid iteration of detections/hunting.

• Red Team Engineering & RangeDesign:

• Strong experience with adversary emulation and automated tradecraft frameworks (e.g., MITRE CALDERA, Atomic Red Team) for building reusable exercise scenarios and repeatable execution.

• Design,build, and publish red team intellectual property (IP) that reduces exercise build/lead time and increases parallel delivery throughput.

• Expert-level knowledge of safety and governance controls for tenant/domain isolation, identity segmentation, and range guardrailsto reduce delivery risk.

• Ability to modify, extend, or develop red team tooling (PowerShell/Python/C# preferred) to support custom tradecraft and exercise objectives.

• Familiarity with modern open-source red team tooling such as Havoc, Sliver, Mythic, Impacket, BloodHound, and related tradecraft ecosystems.

• Leadership & Mentorship

• Ability to mentor and train junior operators, driving cross-disciplinecollaboration with intelligence/control-cell teams.

• Experience leading red team operations with multiple junior operators, including tasking, quality control, safety oversight, and operational coaching.

• Experience serving as the lead operator and/or exercise lead, ensuring consistent delivery quality across multiple parallel exercise teams.

• Certifications (Preferred, Not Required):

• Microsoft SecurityOperations Analyst(SC-200)or Azure Security Engineer (AZ-500).

• Industryrecognized red team or offensive securitycertifications likeOSCPor GXPNare desirable but not mandatory.

• Strong experience in red team operations, offensive security, or related role OR equivalent academic/project experience.

• Demonstrated interest in cyber exercises, incident response, orcloudsecurity architecture.