Systems Engineer

Who we are: BAL is a team of brilliant people who change lives through elite immigration work and collaborative innovation. We pursue the exceptional in all that we do, but never at the expense of our values. There’s no denying our work is demanding, both in volume and pace, but we’re up for the challenge.

We love the balance of hard work and fun – so, you’ll see us in jeans as we shatter glass ceilings and conventional stereotypes. BAL employees feel valued, rewarded, and respected. We seek opportunities to be of service to others and our communities.

We are committed to your growth and development, and want to set you up for success here at BAL and beyond. Who you are: You are looking for work that has a purpose. You aren’t afraid to roll up your sleeves and get stuff done.

You learn quickly. You move fast. You embrace challenge and detail as well as creative thinking.

You believe you have something unique to contribute and you aren’t afraid to raise your hand. You understand that powering human achievement is ultimately about impacting a real person. You are looking for a place to grow and an environment where everyone has a spot and is genuinely welcome.

We’re better together: A bright, driven person like you and an industry-leading powerhouse like BAL? It’s a perfect combination! We truly want to see you succeed here and become an integral part of our mission to provide an experience that makes a positive difference in people’s lives.

Come be a part of something special, where you can have an impact and be valued just for being you! In addition to competitive pay, a discretionary annual bonus, and a supportive, team oriented culture, we offer an outstanding benefits package that includes medical, dental, vision, disability, and life insurance, sick time, unlimited vacation, and 401(k) with company match. Berry Appleman & Leiden is not your typical law firm when it comes to technology.

We've built an in-house Products team from the ground up that is dedicated to building the best technology in our industry. Our Products Team supports our flagship SaaS product, Cobalt, which won the SIIA CODiE award for “Best Legal Solution” in 2020, was a 2020 Tech Titans Finalist for Corporate Innovation and won the 2021 Law.com award for Most Innovative Operations Team. We've also built our industry’s first mobile application, a new B2C mobile app and we're looking for new trails to blaze this year!

The Software Engineer plays a vital role in contributing to software design, development, and the overall product lifecycle. This position involves collaborating with a diverse team of professionals to create, support, and deploy production applications. Role Summary The Systems Engineer builds and improves the Microsoft 365 tenant and adjacent platforms to enhance reliability, security, and user experience.

The role owns solution design and implementation for Intune, SharePoint, Teams, Entra ID integrations, Exchange Online, OneLogin SSO, and targeted Azure and AWS WorkSpaces capabilities. The engineer emphasizes automation (PowerShell/Graph, Azure Automation) and safe change delivery. Scope & Impact Designs and implements solutions across multiple Microsoft 365 workloads with measurable reliability and security gains.

Influences standards through engineering, documentation, and peer reviews. Partners with Cyber and Network to deliver end-to-end outcomes (identity, device posture, secure access). Key Responsibilities Solution Engineering & Automation Engineer Intune baselines (compliance, configuration, update rings), Autopilot, app packaging/lifecycle.

Automate tenant tasks via PowerShell and Microsoft Graph; develop Azure Automation runbooks and schedules. Build SharePoint/Teams information architecture and governance (site templates, lifecycle, external access controls). Design and manage Exchange Online configurations: transport rules, connectors, accepted domains, anti-spam/phish posture (with Security).

Identity, Access & SSO Integrate applications with OneLogin and/or Entra ID using SAML/OIDC and SCIM; implement role- and group-based access. Implement Conditional Access and device-based controls in partnership with Cyber. Execute Microsoft 365 Admin Center licensing provisioning at scale; optimize assignments and reclaim unused licenses.

Reliability, Security & Change Author RFCs/CRs; perform impact analysis, pilots, staged rollouts, and backout plans. Create monitoring/health dashboards (Intune compliance, device posture, sign-in risk, Exchange mail flow). Contribute to audit evidence and control alignment (ISO/NIST/CIS) in collaboration with Cyber.

Qualifications Required 4+ years in enterprise systems engineering focused on Microsoft 365 and Intune. Hands-on expertise with Exchange Online administration (mail flow, transport rules, connectors, shared mailboxes). Demonstrated automation with PowerShell and Microsoft Graph; experience creating Azure Automation runbooks.

Experience with OneLogin or Entra ID app integrations (SAML/OIDC/SCIM) and Conditional Access. Proven experience with Microsoft 365 Admin Center licensing provisioning and lifecycle management. Preferred SharePoint/Teams governance and lifecycle design.

AWS WorkSpaces image engineering and policy integration. Exposure to DLP/Insider Risk and SIEM integrations (with Security). Certifications: MS-102, MD-102, SC-300, AWS Associate (nice-to-have).

Technical Competencies Intune/Autopilot, Windows/macOS/iOS/Android management. Exchange Online (mail flow, transport, connectors, anti-spam posture). Azure Automation, Azure Monitor, Log Analytics, PowerShell/Graph.

OneLogin and Entra ID (SAML/OIDC, SCIM, Conditional Access). SharePoint/Teams administration and governance. Behavioral Competencies Systems thinking; clear problem decomposition and documentation.

Proactive risk management and crisp communication across teams. Bias for automation and measurable outcomes. KPIs / Success Metrics (First 6–12 Months) ≥ 95% Intune compliance; ≤ 2% configuration drift across assigned scopes.

Change success rate ≥ 98% with zero P1s caused by change.30–40% automation coverage for repetitive tenant tasks; monthly health dashboards adopted by the team.Measured improvement to Exchange mail flow resiliency and phishing control efficacy (in partnership with Security). Tools & Technologies Microsoft 365 Admin Center, Exchange Admin Center, Intune/Autopilot, SharePoint/Teams Admin. Azure Automation, Azure Monitor, Log Analytics, PowerShell, Graph API, Git.

Entra ID, OneLogin, AWS WorkSpaces, ServiceNow/Jira #J-18808-Ljbffr