IT Systems & Security Engineer

About The Position

Requirements

• 3–6 years of combined experience in IT administration and/or security operations in a corporate or startup environment.
• Hands-on experience managing macOS and Windows endpoints at scale; familiarity with Apple Business Manager and Intune or similar MDM.
• Strong understanding of SSO and oAuth and general IAAA access control.
• Proficiency with Microsoft 365 administration: Exchange Online, Teams, SharePoint, Azure AD, Conditional Access, and Defender for Business.
• Working knowledge of Sophos Central — endpoint protection, XDR, firewall management, and policy configuration.
• Experience with Datadog for infrastructure monitoring, log management, and alerting; ability to write log queries (QLDB / Datadog query language).
• AWS fundamentals: IAM, EC2, S3, VPC, CloudTrail, and security group management; AWS Solutions Architect Associate (SAA-C03) or equivalent experience preferred.
• Experience administering an enterprise password manager (Keeper, 1Password, or similar).
• Understanding security frameworks and best practices: Zero Trust, NIST CSF, CIS Controls, and/or HIPAA technical safeguards.

Nice To Haves

• Certifications: CompTIA Security+, AWS SAA-C03, Microsoft MS-102 or SC-300.
• Experience in a healthcare or health-tech startup environment with exposure to HIPAA compliance.
• Scripting skills in Python, PowerShell, or Bash for automation of routine IT/security tasks.
• Familiarity with SIEM concepts, threat hunting, or cloud-native security tooling (AWS Security Hub, Guard Duty, Macie).
• Experience with endpoint detection and response (EDR) platforms beyond Sophos.
• Prior exposure to SOC 2 Type II audits and evidence collection workflows.

Responsibilities

• IT Administration & Endpoint Management
• Provision, configure, and maintain Apple (macOS/iOS) and Windows 11 endpoints using MDM solutions (Intune, NinjaOne, Apple Business or equivalent).
• Manage the full device lifecycle: imaging, enrollment, patching, retirement, and asset tracking.
• Administer Okta IdP & Microsoft 365 (Exchange Online, SharePoint, Teams, OneDrive, Azure AD) including user provisioning, licensing, and policy enforcement.
• Maintain identity and access controls — enforce MFA, Conditional Access policies, and least-privilege principles across all platforms.
• Own the Keeper Password Manager environment: administer vaults, shared folders, role-based permissions, and enforce enterprise password policies.
• Serve as Tier 2/3 helpdesk escalation for macOS and Windows issues; build self-service documentation to reduce repeat tickets.
• Compliance & Policy
• Contribute to SOC 2, HIPAA, and internal audit readiness by maintaining accurate records of access, configurations, and security controls.
• Develop and maintain IT policies, acceptable use agreements, and onboarding/offboarding checklists.
• Conduct periodic access reviews and user entitlement audits across M365, AWS, Keeper, and SaaS applications.
• Support security awareness training initiatives and phishing simulation programs.
• Security Operations & Monitoring
• Monitor and triage security alerts in Datadog (logs, APM, infrastructure metrics) and Sophos Central (endpoint protection, firewall, XDR).
• Investigate and respond to endpoint threats, phishing attempts, and anomalous behavior; document incidents and escalate appropriately.
• Tune Sophos policies (web filtering, application control, device encryption, threat intelligence rules) to balance security with productivity.
• Build and maintain Datadog dashboards and monitors for infrastructure health, authentication events, and security KPIs.
• Participate in on-call rotation for critical security incidents; conduct post-incident reviews and implement remediations.
• Support vulnerability management: track CVEs, coordinate patching windows, and validate remediation closure.