- Salary: $118,000 - $132,000/year (DOE)
- Portland, OR, minimum 3 days/week in-office required
- Full-time and may require more than 40 hours per week
- Generous Paid Time Off policy
- Medical, dental, vision, FSA, EAP, Life and AD&D insurance
- Retirement contribution
- Commuter benefits
Tonkon is seeking an experienced Microsoft 365 Systems Administrator to serve as the primary administrator for its Microsoft 365 environment, endpoint management, email security, and related Microsoft cloud technologies.
Reporting to the CIO/CISO, this role is accountable for maintaining reliable, secure, and well-documented Microsoft 365, endpoint, identity, and messaging systems. The role will manage endpoint configuration and inventory, support hardware procurement and lifecycle processes, participate in incident response, perform advanced security analysis, and coordinate with external security partners and managed service providers as needed.
The role requires strong technical judgment, risk awareness, discretion, and communication skills. A customer-service mindset is expected, with the ability to support attorneys and staff professionally while balancing operational stability, security requirements, and business needs. The position is Microsoft 365, endpoint, and security-focused. It will partner with existing infrastructure and security administrators on related systems. The role may occasionally assist with help desk coverage or escalated user support during periods of need.
WHAT YOU WILL DO
- Administer and support the firm's Microsoft 365 environment, with responsibility for Intune, Microsoft Defender, Exchange Online, Entra ID, Active Directory, and secure collaboration services.
- Configure and maintain Microsoft Intune, including device compliance policies, configuration profiles, application deployment, patching, conditional access readiness, and endpoint security baselines.
- Manage the complete endpoint lifecycle, including hardware standards, inventory, provisioning, deployment, warranty coordination, replacement planning, and secure asset disposal.
- Administer Microsoft Defender and respond to security incidents, including phishing, malware, suspicious sign-ins, compromised accounts, endpoint threats, alert review, endpoint isolation, and remediation.
- Administer Exchange Online, including mail flow, shared mailboxes, distribution groups, message tracing, quarantine review, retention-related settings, and secure email configuration.
- Manage identity and access through Entra ID and Active Directory, including users, groups, role-based access, authentication controls, onboarding, offboarding, account changes, Group Policy, and identity processes.
- Conduct security investigations using Microsoft security portals and KQL, and coordinate with managed detection and response providers or other external security partners to validate and remediate threats.
- Support law-firm security, governance, and audit requirements, including client data protection, retention, litigation holds, eDiscovery, ethical walls, technical documentation, incident records, and controlled system changes.
REQUIRED QUALIFICATIONS
- Five or more years of progressive experience in systems administration, Microsoft 365 administration, endpoint management, security operations, or a closely related infrastructure role.
- Bachelor's degree or equivalent combination of education, certification, and professional experience.
- Strong hands-on Microsoft 365 administration experience in a security-conscious business environment, including practical experience with Exchange Online and Microsoft 365 administrative tools.
- Demonstrated experience with Microsoft Intune and Windows endpoint management, including configuration, application deployment, device compliance, patching, and endpoint lifecycle practices.
- Working knowledge of Microsoft Defender and security operations, including endpoint protection, email security, alert triage, malware remediation, and incident response.
- Experience with Entra ID and Active Directory, including identity lifecycle management, groups, permissions, authentication methods, conditional access concepts, and identity environments.
- Working knowledge of both PowerShell and KQL for Microsoft 365 administration, operational tasks, security investigations, reporting, and analysis.
- Understanding of confidentiality-sensitive legal or professional-services environments, including client data protection, auditability, retention, eDiscovery, litigation holds, and ethical walls.
- Strong troubleshooting, root-cause analysis, documentation, and communication skills, with the ability to support demanding professional users, manage competing priorities, and balance security with operational stability and user experience.
PREFERRED QUALIFICATIONS
- SharePoint, OneDrive, Teams, Microsoft Purview, eDiscovery, DLP, retention, or sensitivity labeling
- Vulnerability management, backup and disaster recovery, ticketing systems, SASE technologies, and vendor management
- Prior law-firm, accounting-firm, consulting-firm, or other professional-services experience
This is a full-time position working 40 hours per week in a professional office and/or home office environment. Work may occasionally require more than 40 hours per week, including evenings and weekends, to perform essential duties, support scheduled maintenance, respond to incidents, or minimize disruption to firm operations.
The position involves sitting or standing at a desk for long periods, frequent computer use, clear communication with attorneys and staff, operation of standard office equipment, and work in a professional office environment with ability to work under tight deadlines and multitask.
Tonkon Torp will provide reasonable accommodations to qualified individuals with disabilities, unless doing so creates undue hardship.
Tonkon Torp is an Equal Opportunity Employer. It welcomes all eligible applicants to apply without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Pursuant to Oregon law, Tonkon Torp does not request or require disclosure of the applicant's age or date of birth or when the applicant attended or graduated from any educational institution prior to completing an initial interview, except when such information is required to affirm that the applicant meets bona fide occupational qualifications or to comply with any provision of federal, state or local law, rule or regulation.
We comply with Oregon and Portland fair chance hiring laws. In Portland, criminal history is considered only after a conditional offer of employment.
HOW TO APPLY
Interested candidates should submit a resume and cover letter.
Job Type: Full-time
Pay: $118,000.00 - $132,000.00 per year
Benefits:
- Dental insurance
- Employee assistance program
- Flexible spending account
- Health insurance
- Life insurance
- Paid time off
- Referral program
- Retirement plan
- Vision insurance
Ability to Commute:
- Portland, OR 97201 (Required)
Ability to Relocate:
- Portland, OR 97201: Relocate before starting work (Required)
Work Location: In person