Systems Engineer at Brightli

Job Description:

Job Title: Azure Cloud & Systems Engineer

Department: Enterprise Technology (Cloud, Core Systems & Platform Engineering)

Reports to: Director of Infrastructure & Security

Location: Springfield, MO (Hybrid) or Remote within approved states

Employment Type: Full-time

Role Summary

The Azure Cloud & Systems Engineer designs, automates, and operates Brightli’s Azure environment and core enterprise platforms (Windows Server/Active Directory, M365/Intune, virtualization, storage, and backups). You’ll work across Cloud, Security, Applications, Data, and Service Desk teams to deliver compliant, well‑architected solutions at scale in a regulated (HIPAA) environment.

What You’ll Do

Cloud Platform (Azure)

• Design and implement Azure landing zones (hub/spoke or vWAN), subscription topology, and policy guardrails aligned to the Well‑Architected Framework.
• Provision and manage compute (VMSS, App Service, AKS), storage (Blob/Files), data services (Azure SQL/MI), and PaaS offerings.
• Build reusable Infrastructure as Code modules (Terraform or Bicep) and CI/CD pipelines (Azure DevOps or GitHub Actions).
• Drive FinOps practices: budgets, tags, right‑sizing, reservations/Savings Plans, and monthly optimization reviews.

Enterprise Systems (On‑Prem & SaaS)

• Administer Active Directory Domain Services, Group Policy, DNS/DHCP, certificate services (AD CS), file/print, IIS, and RDS.
• Operate Microsoft 365 services (Exchange Online, Teams, SharePoint/OneDrive) and Intune (Autopilot, device compliance/configuration, app lifecycle).
• Support virtualization (VMware vSphere or Hyper‑V), Windows/Linux servers, and enterprise storage (SAN/NAS).

Identity, Security & Compliance

• Operate Entra ID (Azure AD) and hybrid identity (AD DS ↔ Entra), MFA/SSPR, Conditional Access, PIM, RBAC, and managed identities.
• Configure and tune Microsoft Defender for Cloud and Microsoft Sentinel (KQL analytics, workbooks, automation) and integrate with incident response.
• Implement and document HIPAA/SOC 2/HITRUST‑aligned controls, tagging standards, and evidence collection.

Reliability, Observability & DR

• Instrument with Azure Monitor, Log Analytics, and Application Insights; author KQL for dashboards and alerts.
• Own backup/DR patterns (Azure Backup, Site Recovery, and/or Veeam), conduct restoration testing, and track RTO/RPO.

Automation & Collaboration

• Author PowerShell and/or Python tooling for lifecycle tasks, drift detection, and self‑service workflows.
• Provide Tier 3 escalation, participate in a rotating on‑call schedule, document runbooks/reference architectures, and mentor junior engineers.

Minimum Qualifications

• 5+ years combined experience across Azure and enterprise systems engineering, including:

• 2+ years hands‑on Azure in production,
• 3+ years administering Windows Server/AD DS and M365/Intune in a hybrid environment.

• Strong proficiency with Infrastructure as Code (Terraform or Bicep), scripting (PowerShell; Python a plus), and Git workflows.
• Solid understanding of Entra ID, RBAC/PIM/Conditional Access, and managed identities.
• Experience with Azure networking, virtualization (vSphere/Hyper‑V), storage, and backup/DR.
• Familiarity with observability (Azure Monitor/Log Analytics/KQL) and security tooling (Defender, Sentinel).
• Excellent troubleshooting, documentation, and cross‑team communication skills.

Preferred Qualifications

• Certifications (one or more): AZ‑104, AZ‑305, AZ‑500, AZ‑700, AZ‑400, MS‑102, VMware VCP, ITIL, CompTIA Security+.
• AKS/Kubernetes (ingress, Helm), container registry (ACR), and container security.
• Policy‑as‑code, identity governance, and automation at scale.
• Experience in healthcare/regulated environments (HIPAA, SOC 2, HITRUST) and change management/ITIL practices.

Tools You’ll Use

Azure Portal/CLI, Terraform/Bicep, PowerShell, GitHub or Azure DevOps, Azure Monitor/Log Analytics/KQL, Defender for Cloud, Sentinel, ACR, AKS, Key Vault, Azure Firewall, ARM/Graph, Microsoft Graph/Graph PowerShell, Intune, vSphere/Hyper‑V, Veeam, Windows Server.

Work Conditions

Standard business hours with participation in an on‑call rotation for critical incidents; occasional travel for team onsite meetings or data center/vendor engagements.

Position Perks & Benefits:

Paid time off: full-time employees receive an attractive time off package to balance your work and personal life

Employee benefits package: full-time employees receive health, dental, vision, retirement, life, & more

Top-notch training: initial, ongoing, comprehensive, and supportive

Career mobility: advancement opportunities/promoting from within

Welcoming, warm, supportive: a work culture & environment that promotes your well-being, values you as human being, and encourages your health and happiness

Brightli is on a Mission:

A mission to improve client care, reduce the financial burden of community mental health centers by sharing resources, a mission to have a larger voice in advocacy to increase access to mental health and substance user care in our communities, and a mission to evolve the behavioral health industry to better meet the needs of our clients.

As a behavioral and community mental health provider, we prioritize fostering a culture of belonging and connection within our workforce. We encourage applications from individuals with varied backgrounds and experiences, as we believe that a rich tapestry of perspectives strengthens our mission. If you are passionate about empowering local communities and creating an environment where everyone feels valued and supported, we invite you to join our mission-driven organization dedicated to cultivating an authentic workplace.

We are an Equal Employment Opportunity Employer.

Brightli is a Smoke and Tobacco Free Workplace.