Mac System Administrator

Nsight Health• US,

2d•$95,000 - $125,000•Remote

About The Position

Nsight Health is transforming how care is delivered through Remote Patient Monitoring (RPM), Chronic Care Management (CCM), and Behavioral Health Integration (BHI). We empower healthcare providers to manage chronic conditions using real-time data, AI-enabled technology, and 24/7 clinical support. Our HIPAA-compliant platform connects patients and care teams nationwide—improving outcomes, adherence, and peace of mind. Join a fast-growing, mission-driven team that blends healthcare and technology to make a measurable difference in people’s lives. Nsight Health — Where Technology Meets Compassion. POSITION SUMMARY AT NSIGHT HEALTH, THE MAC SYSTEMS ADMINISTRATOR IS THE ENGINE OF INTERNAL IT. YOU WILL OWN THE MACOS ENDPOINT PLATFORM, OPERATE THE IDENTITY PROVIDER AND GOOGLE WORKSPACE DAY-TO-DAY, AND LEAD THE TECHNICAL PROJECT WORK THAT KEEPS A FULLY REMOTE, FAST-GROWING HEALTHCARE TECHNOLOGY COMPANY RUNNING AT ITS BEST. YOU WILL WORK ALONGSIDE A MANAGED SERVICE PARTNER IN A CO-MANAGED MODEL WHERE THE MSP HANDLES HIGH-VOLUME SUPPORT AND YOU OWN THE PLATFORM THEY RUN ON. THIS IS NOT A HELP DESK ROLE. IT IS NOT A TICKET-TAKER ROLE. IT IS A PLATFORM OWNERSHIP ROLE FOR SOMEONE WHO WRITES RUNBOOKS, AUTOMATES REPETITION, DOCUMENTS EVERYTHING, AND TAKES GENUINE PRIDE IN BUILDING AN IT ENVIRONMENT THAT JUST WORKS. REPORTING TO THE DIRECTOR OF IT, YOU WILL BE A TRUSTED TECHNICAL RESOURCE FOR THE TEAM, THE MSP, AND THE SECURITY ORGANIZATION. AI FLUENCY REQUIREMENT - NON-NEGOTIABLE NSIGHT HEALTH IS AN AI-FIRST ORGANIZATION. EVERY MEMBER OF OUR LEADERSHIP AND OPERATIONS TEAM IS EXPECTED TO ACTIVELY USE AI TOOLS IN THEIR DAY-TO-DAY WORK - NOT AS A NOVELTY, BUT AS A CORE PRODUCTIVITY MULTIPLIER. THIS ROLE REQUIRES GENUINE CURIOSITY ABOUT AI, COMFORT EXPERIMENTING WITH TOOLS LIKE CLAUDE, CHATGPT, AND WORKFLOW AUTOMATION PLATFORMS, AND THE JUDGMENT TO KNOW WHEN AI HELPS AND WHEN IT DOESN'T. IF AI MAKES YOU UNCOMFORTABLE, THIS IS NOT THE RIGHT ROLE.

Requirements

4 or more years of hands-on systems administration experience with at least 2 years in a macOS-first environment
Strong working knowledge of macOS internals, command line, scripting in Bash and Python, and deep troubleshooting ability
Production experience with an enterprise MDM; Iru (formerly Kandji) is strongly preferred and comparable depth in another MDM is acceptable
Deep Google Workspace administration experience across users, groups, DLP, security center, Vault, OU design, and application access policies; surface-level admin is not enough for this role
Working knowledge of a modern identity provider with Okta strongly preferred; SSO, MFA, SCIM provisioning, and lifecycle workflows should be part of your daily vocabulary
Working knowledge of endpoint detection and response using SentinelOne or equivalent
A genuine documentation habit; we will look for evidence of it in the interview

Nice To Haves

Direct production experience with Iru (formerly Kandji), Okta Workforce Identity Cloud, and SentinelOne Singularity
Apple certifications such as ACSP or ACMT
Experience in healthcare or another regulated environment
Comfort working in a co-managed model alongside a managed service partner

Responsibilities

Endpoint Platform Ownership: Own the Iru (formerly Kandji) environment from top to bottom including blueprints, configuration profiles, patch management, vulnerability response, and fleet health. Manage the full macOS lifecycle from imaging and deployment through refresh and retirement. Triage endpoint detection and response alerts in partnership with the CISO and the MSP.
Identity and Access Management: Operate the identity provider (Okta strongly preferred) day-to-day across groups, applications, SCIM provisioning, lifecycle workflows, and MFA policies. Own the platform that makes joiner, mover, and leaver workflows effortless for the business. Maintain access reviews and audit-ready records in partnership with the Security team.
Google Workspace Administration: Administer Google Workspace at depth across users, groups, organizational unit design, DLP rules, security center monitoring, Vault retention, and application access policies. Build and maintain automations using GAM, Apps Script, or equivalent.
Project and Platform Work: Lead technical projects including identity provider rollouts, MDM migrations, integrations, and automation initiatives. Write scripts and tooling in Bash, Python, AppleScript, the Iru API, Okta Workflows, and GAM that reduce ticket volume and make the environment easier to operate for everyone.
Co-Managed Partnership and Escalation: Serve as Tier 3 escalation for the managed service partner, solving what they cannot. Participate in a light on-call rotation for genuine emergencies and work alongside the Director to set clear expectations, provide accurate documentation, and give the MSP the feedback they need to perform.
Documentation and Compliance: Document everything. If it is not in a runbook, it does not exist. Operate inside an active HIPAA, SOC 2, and HiTrust environment and partner with Security and Engineering to support audit evidence and control attestation.