Staff Security & Compliance Engineer- M365 GCCH/ CMMC

<p><strong>About the team:</strong></p><p><br> We are the backbone of Microsoft-powered collaboration at ServiceNow. Our team owns and manages the organization's Microsoft infrastructure — spanning&#xa0;Outlook,&#xa0;SharePoint, OneDrive, Microsoft Teams, and the broader collaboration ecosystem — ensuring employees have the tools, access, and experience they need to work seamlessly.&#xa0;</p><p>Beyond keeping the lights on, we take a strong stance on&#xa0;security and governance&#xa0;within the Microsoft environment. From access controls and data policies to compliance frameworks, we ensure our collaboration platforms are not just productive — but safe, compliant, and built to scale.&#xa0;</p><p>Whether&#xa0;it's&#xa0;enabling the workforce through modern collaboration tools or safeguarding the integrity of our Microsoft ecosystem, the DT Collaboration team sits at the intersection of productivity and trust.&#xa0;</p><p><strong>About the role:&#xa0;</strong></p><p><br> We are seeking a senior individual contributor to lead the technical design, implementation, and ongoing security operations of a Microsoft 365 GCC High environment supporting Controlled Unclassified Information (CUI). This role is accountable for implementing and evidencing compliance with&#xa0;CMMC Level 2,&#xa0;DFARS 7012, and&#xa0;NIST 800-171&#xa0;controls.&#xa0;</p><p>The engineer will act as the&#xa0;technical owner of the GCC High enclave, partnering with Security, Legal, and IT to ensure audit readiness and successful certification by May 2026.&#xa0;</p><p>This role requires independent execution, deep security&#xa0;expertise, and the ability to translate regulatory requirements into enforceable technical controls.&#xa0;</p><p><strong>The impact you'll make:</strong></p><p><strong>Architecture &amp; Tenant Build&#xa0;</strong></p><ul><li>Lead GCC High tenant design and deployment&#xa0;</li><li>Define secure architecture for:&#xa0;</li><li>Entra ID (Azure AD)&#xa0;</li><li>Exchange Online&#xa0;</li><li>SharePoint/OneDrive&#xa0;</li><li>Teams&#xa0;</li><li>Intune&#xa0;</li><li>Defender Suite&#xa0;</li><li>Purview Compliance&#xa0;</li><li>Establish Zero Trust and least-privilege administrative model&#xa0;</li><li>Design CUI boundary protections and data segmentation&#xa0;</li></ul><p><strong>Compliance Implementation (CMMC/NIST 800-171)&#xa0;</strong></p><ul><li>Map CMMC practices to technical controls and configurations&#xa0;</li><li>Develop and&#xa0;maintain:&#xa0;<ul><li>System Security Plan (SSP)&#xa0;</li><li>Control narratives&#xa0;</li><li>Evidence repository&#xa0;</li><li>POA&amp;M&#xa0;</li></ul></li><li>Implement:&#xa0;<ul><li>MFA/Conditional Access&#xa0;</li><li>Device compliance &amp; endpoint hardening&#xa0;</li><li>Logging/monitoring/SIEM integration&#xa0;</li><li>DLP &amp; data classification&#xa0;</li><li>Incident response workflows&#xa0;</li></ul></li><li>Lead readiness reviews and assessment preparation with C3PAOs&#xa0;</li></ul><p><strong>Security Operations&#xa0;</strong></p><ul><li>Own security baselines and tenant hardening&#xa0;</li><li>Manage vulnerability remediation lifecycle&#xa0;</li><li>Oversee incident investigations and root cause analysis&#xa0;</li><li>Establish monitoring, alerting, and audit logging standards&#xa0;</li><li>Drive continuous improvement of controls&#xa0;</li></ul><p><strong>Cross-Functional Leadership (IC4 Scope)</strong>&#xa0;</p><ul><li>Serve as technical authority for GCC High security decisions&#xa0;</li><li>Provide guidance to operations engineers and offshore support&#xa0;</li><li>Partner with Legal/Compliance on regulatory interpretation&#xa0;</li><li>Present risk posture and compliance metrics to leadership&#xa0;</li><li>Mentor junior engineers (without direct management responsibility)&#xa0;</li></ul> <ul><li>U.S. Person (citizen or permanent resident) –&#xa0;required&#xa0;for GCC High/CUI access.</li><li>6–10+ years Microsoft 365/Azure security engineering experience.&#xa0;</li><li>Hands-on imple ... (truncated, view full listing at source)