M365 Chief Architect

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

Department Summary:

Role Summary: MITRE seeks a Technical Microsoft 365 Architect to serve as the enterprise technical authority for the Microsoft 365 platform across a cloud-forward digital workplace. You will set standards, reference architectures, and guardrails; drive a sequenced adoption roadmap (including potential GCC High transition) aligned to security, compliance, and CMMC timelines; and ensure cohesive integration with infrastructure, security, applications, data, and cloud domains. Operating within MITRE’s Enterprise Applications Division—managing 100+ apps, collaboration platforms, and AI-enabled tools (e.g., Microsoft 365 Copilot, Moveworks)—you will enable secure, scalable, and resilient productivity at enterprise scale.

Roles & Responsibilities

· Platform leadership: Serve as Microsoft 365 technical authority and chief architect; define enterprise standards, reference architectures, guardrails; partner with Senior Manager, Digital Workplace (M365 Platform) for execution, staffing, and budgets.

· Architecture governance: Chair Microsoft 365 architecture review board/design council; publish architectural decision records; synchronize with operational CAB/change advisory for release planning and change scheduling.

· Cross-domain alignment: Lead strategic alignment across infrastructure, security, applications, data, and cloud; define integration patterns, dependencies, service boundaries, and data governance to ensure architectural cohesion, performance, and scalability.

· Identity & access (Entra ID): Design Conditional Access, MFA, PIM, B2B/B2C, cross-tenant collaboration, session controls; oversee retirement of legacy patterns; coordinate delivery with platform operations.

· Security & compliance: Architect controls across Microsoft Purview and Defender for Office 365; define policy baselines, control objectives; partner with ops for implementation, monitoring, and mail hygiene (anti-phishing, Safe Links/Safe Attachments, SPF/DKIM/DMARC, transport rules, secure mail flow).

· Endpoint management: Define Intune/Endpoint Manager architecture (device compliance, Autopilot, MAM/MDM); align to Zero Trust; coordinate policy deployment, rings, and exceptions with platform team.

· Migration & transformation: Lead strategies for on-prem Exchange/SharePoint to cloud, hybrid patterns, directory synchronization (Entra Connect/Cloud Sync), tenant-to-tenant consolidation, GCC High readiness; set cutover/coexistence patterns for execution by platform team.

· Automation & configuration-as-code: Establish standards for PowerShell, Microsoft Graph API, CLI for Microsoft 365, Git-based workflows; define quality gates; guide pipelines and repositories operated by the platform team.

· Reliability & resilience: Define service level objectives (SLOs), RTO/RPO targets, backup/restore strategies; lead post-incident architectural reviews; platform team owns incident response and runbooks.

· Evergreen SaaS governance: Create guardrails for feature management, update channels, and release readiness; align with CAB for change approvals and stakeholder communications.

· Licensing & cost optimization: Define licensing strategy and guardrails (E3/E5, add-ons, adoption KPIs); partner on budget management and operational reporting.

· Regulatory alignment: Collaborate with cybersecurity, privacy, legal, records management, HR, finance, and mission teams to meet NIST 800-53, FedRAMP, CMMC obligations; address GCC/GCC High considerations, data residency/sovereignty.

· Architecture assets & mentorship: Publish standards, blueprints, interface models, data flows, pattern libraries; provide technical mentorship, design reviews; escalate resourcing/performance matters to Senior Manager as needed (no direct supervisory responsibilities).

· Emerging capabilities: Monitor Microsoft roadmap (Power Platform, Viva, Copilot for Microsoft 365); run pilots with clear entry/exit criteria; recommend responsible adoption and deprecation timelines.

· Continuous improvement: Drive metrics/KPIs, architecture conformance assessments, and post-incident reviews; inform strategy updates and backlog prioritization.

Basic Qualifications

· Typically, 15+ years with a Bachelor’s; or 12+ with a Master’s; or 10+ with a PhD; or equivalent combination of related education and work experience.

· Certifications: Microsoft 365 Certified: Enterprise Administrator Expert; MS-500; SC-300; SC-400; Azure Solutions Architect Expert.

· Microsoft 365 at scale: Architect and operate enterprise M365 environments (20,000+ users) across Exchange Online, SharePoint Online, Teams, OneDrive, Power Platform, Viva, Copilot for Microsoft 365.

· Entra ID/identity: Conditional Access, MFA, PIM, B2B/B2C, cross-tenant collaboration, session controls, directory sync (Entra Connect/Cloud Sync), hybrid identity.

· Purview/compliance: DLP, Information Protection (sensitivity labels), retention and records management, eDiscovery/Advanced eDiscovery, legal holds, Insider Risk Management.

· Email security: Defender for Office 365 or Proofpoint; anti-phishing, Safe Links/Safe Attachments, SPF/DKIM/DMARC, transport rules, secure mail flow.

· Zero Trust & endpoints: Device compliance, Conditional Access policy design, Intune/Endpoint Manager, Windows Autopilot, macOS/iOS/Android compliance, MAM/MDM.

· Power Platform governance: DLP policies, environment strategy, connector management, CoE toolkit, ALM patterns.

· Copilot governance: Data exposure risk assessments, semantic index readiness, responsible AI adoption practices.

· Migration/coexistence: Email and collaboration coexistence/migration strategies and tools (MRS, EWS, third-party), domain consolidation, cutover/coexistence planning.

· Automation/DevOps: Advanced PowerShell, Microsoft Graph API, CLI for Microsoft 365; configuration baselining, reporting, guardrail enforcement; CI/CD, GitOps, reusable modules, policy-as-code.

· Reliability & operations: Incident/problem management leadership; DR design, backup/restore; SLOs, RTO/RPO for M365 workloads.

· Architecture & communication: Produce high-quality diagrams, standards, guardrails, decision records; communicate with technical staff and executives; system-of-systems integration across infrastructure, applications, data, security, cloud, DevOps; map dependencies.

· Compliance frameworks: Align M365 controls to NIST 800-53, FedRAMP, CMMC; address GCC/GCC High, IL controls, data residency/sovereignty requirements.

· Methods & frameworks: Working knowledge of Agile, DevOps, CI/CD; familiarity with enterprise architecture frameworks/tools (TOGAF, DoDAF, Zachman; ArchiMate/UML).

· This position requires a minimum of 50% hybrid on-site.

Preferred/ Qualifications

· Experience with GCC/GCC High tenants, IL control requirements, cross-tenant collaboration patterns.

· Engage Microsoft FastTrack and Premier/Unified Support; manage service roadmaps, feature waves, readiness activities.

· Cloud architect certifications (Azure/AWS/GCP); knowledge of data governance, cybersecurity frameworks, ITIL.

· Ability to manage ambiguity and drive decisions in complex, multi-stakeholder, matrixed environments while maintaining architectural integrity.

Work Environment/Logistics

· Partnership model: Works closely with Senior Manager, Digital Workplace (M365 Platform); chairs architecture review board/design council; collaborates across cybersecurity, privacy, legal, records, HR, finance, and mission teams.

· Supervisory scope: No direct supervisory responsibilities; provides technical mentorship and design reviews; escalates resourcing/performance matters as needed.

This requisition requires the candidate to have a minimum of the following clearance(s):

None

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

None

Work Location Type:

Hybrid

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org for general support and collegerecruiting@mitre.org for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.

Benefits information may be found here.

Copyright © 1997-2025, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.