Why Bardavon?

At Bardavon, we treat our people right.

We hire exceptional people who are exceptional at their jobs. We are dreamers. We are driven, idealistic, committed, and optimistic. As a company, we are irreverent about the status quo and confident in our ability to change the Workers’ Compensation industry and healthcare in America.

What You’ll Do:

The System Administrator will oversee and support end users and their devices. This includes the deployment, configuration, management and security of all mobile and endpoint devices across our organization. This role is responsible for managing Microsoft “OnPrem” and Entra (“Azure AD”), MDM platforms including (but not limited to) Microsoft Intune, JAMF, and Microsoft Azure Active Directory (Azure AD) to ensure security, compliance and optimal performance in a hybrid work environment.

As a key player on our small but agile IT team, this role helps enforce device standards, protect corporate data, support end-users, and enable productivity, no matter where our teams are located. This role is required to be in office (Overland Park, KS) 1 day per week.

• Administer Microsoft ”OnPrem” Active Directory including user provisioning, group management, GPO, Entra Connect, and security policies.
• Administer Microsoft Entra including user provisioning, group management, SSO, MFA, and conditional access policies.
• Management and Maintenance of end user inventory lifecycle.
• Configure, Secure, deploy, and manage mobile and endpoint devices (iOS, Android, Windows, macOS) using Microsoft Intune and JAMF. Work with the members of the DevSecOps Team to organize Phishing Campaigns for end users.
• Contain End User Security Incidents utilizing but not limited to tools such as Microsoft Defender, CrowdStrike, Microsoft Exchange, Barracuda.
• Help design and enforce MDM and security policies, including encryption, compliance, app protection, and device restrictions.
• Manage OS and application installation and patching for enrolled devices, ensuring alignment with security and performance standards.
• Resolve technical issues related to device configuration, app deployment, access, and performance.
• Monitor device compliance and generate reports for leadership, with attention to HIPAA, GDPR, and other regulatory frameworks.
• Serve as a point of contact for device-related questions and provide guidance or documentation to help end-users navigate their managed devices.
• Recommend improvements in device onboarding, automation, and usage of existing enterprise mobility tools.
• Partner with security, infrastructure, and helpdesk teams to ensure cross-functional alignment in endpoint management and security.
• Other projects/work as assigned.

Must Have’s:

• 3-5 years in Microsoft AD + Entra for user provisioning, IAM, including full user + endpoint lifecycle management, SSO, MFA, and conditional access.
• 2–5 years of hands-on experience with MDM tools (Microsoft Intune and JAMF).
• Strong working knowledge of device platforms: iOS, Android, Windows, and macOS.
• Experience managing compliance policies, app deployment, encryption, and mobile security protocols.
• Ability to troubleshoot end user hardware
• Ability to troubleshoot MDM issues across multiple platforms and resolve end-user issues effectively.
• Familiarity with Microsoft 365 integration and enterprise collaboration tools.
• Strong problem-solving and analytical mindset
• Excellent communication and training abilities for end-user engagement
• Team-oriented, adaptable, and capable of working independently in a fast-paced environment
• Proactive and organized with strong documentation habits

Nice To Have’s:

• Experience with security
• Experience with HIPAA, SOC2 and other compliance frameworks would be of benefit.
• Certifications: Microsoft 365 Certified Administrator Expert MS-102
• Microsoft 365 Certified Endpoint Administrator Associate MD-102
• Microsoft Certified Identity and Access Administrator Associate SC-300
• Microsoft Administer Active Directory Domain Services
• JAMF Certified Associate or higher
• Experience with scripting (PowerShell, Bash) to automate tasks and streamline deployment.
• Knowledge of additional tools such as VMware Workspace ONE, Apple Business Manager, or Android Enterprise.
• Experience in a hybrid or remote-first organization supporting distributed teams.

Compensation:

• The range of base salary for this role is between $64,000-80,000 plus benefits. Please note that base salary is a guideline and will vary based on factors such as work location, qualifications, skill level, and competencies. Additionally, salary is just one component of Bardavon’s total rewards package. Depending on the role, employees may also be eligible for a bonus program and/or incentive pay.

Timeline:

• Our Talent Acquisition team will review your resume and respond.
• If there is a match, we will give you a call.
• If there is not a match, we promise to let you know and will stay in touch for future roles.

We do Workers’ Comp differently.

Bardavon Health Innovations is a proactive Workers’ Compensation partner that connects all stakeholders to better manage claims and offer work readiness solutions through rehabilitation therapy. We share a holistic analysis of the claim so America’s injured workers can achieve optimized outcomes and return to full-duty employment.

Bardavon offers a complete benefits package, including medical, dental, and vision insurance; 401(k) with company match; and generous paid time off.

EOE M/F/D/