IT Security Engineer

Synthesis Health
About the Opportunity

This is a high-impact, high-autonomy role at the center of our IT and security operations. As our IT Security Engineer, you'll own the day-to-day administration and ongoing maturation of a modern Microsoft 365 E5/E7 environment supporting a fully remote healthcare SaaS company. You'll be the primary technical hand across identity, endpoints, security tooling, and compliance evidence generation, working directly on the systems that keep our clinical AI platform secure and our five compliance frameworks audit-ready. This is a small-team environment where you'll have real ownership and the latitude to improve, automate, and architect rather than just maintain. If you want your decisions to matter and your work to be visible, this is the role you have been searching for.

Key Responsibilities

• End-user IT support: first point of contact for the company across Microsoft 365, identity, devices, SaaS access, and general technology issues, with ownership of the internal support queue
• Endpoint administration across macOS and Windows: Intune compliance and configuration policies, application deployment, endpoint DLP, OS update management
• Entra ID operational ownership: Conditional Access lifecycle, group and license hygiene, access reviews, PIM
• Microsoft Purview, Sentinel, Defender, and Global Secure Access: ongoing tuning, alert triage workflows, evidence pipelines, secure access policy management
• Automation and integration: building and maintaining workflows across our SaaS estate using APIs, webhooks, and appropriate tooling
• Joiner-mover-leaver execution and the tooling that supports it
• Compliance evidence generation and audit support across our compliance frameworks
• SaaS administration hygiene: Vanta posture, app registrations, license reconciliation
• Identifying opportunities to improve, replace, or consolidate our existing tooling

What We're Looking For

• Microsoft Sentinel: KQL, data connectors, analytics rules, workbook authoring, cost management
• Microsoft Purview hands-on: DLP, sensitivity labels, retention, eDiscovery
• Microsoft Defender XDR: Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps
• macOS administration: configuration profiles, shell scripting (bash, zsh)Experience operating in a one-person or small-team IT environment, with the prioritization judgment that comes from it.

Preferred Qualifications

• Microsoft 365 E5 or E7 license tier experience specifically
• Microsoft Security Copilot exposure
• Microsoft Global Secure Access: Internet Access, Private Access, traffic forwarding profiles
• macOS administration at depth: declarative device management, Platform Single Sign-On
• GCP IAM exposure: Workload Identity Federation, org policies, IAM roles and bindings
• Vanta or comparable GRC automation tooling
• Enterprise password management administration
• HITRUST CSF i1 or r2 familiarity
• ISO 27017 and ISO 27018 cloud-specific control familiarity
• SCIM provisioning experience across multiple SaaS applications
• Self-hosted automation platform experience including deployment, upgrades, and monitoring
• Microsoft Graph PowerShell SDK at an advanced level: app-only authentication, custom Entra app registrations
• Conditional Access policy design at scale, including structured policy taxonomies
• Azure VM and Docker Compose administration
• SharePoint Online administration and Viva Connections
• Apple Business Manager and Automated Device Enrollment workflows
• Windows Autopilot deployment experience
• Experience supporting a SOC 2 Type II or ISO 27001 Stage 2 audit as the named technical owner.

Why You Should Join Us

• Solve Our Toughest Puzzles: This is a high-leverage role. You will be working on the most impactful technical challenges that are critical to the company's success.
• Define the Architecture: You won't just be maintaining a system; you will be a primary author of its future state, with the autonomy to make it happen.
• Lead from the Front: This is a chance to establish yourself as a key technical voice in a rapidly growing company.
• Competitive Compensation & Benefits: We offer a strong salary, a 100% remote culture, and significant opportunities for growth.

We are a values-driven company. Our values:

• Clinical service first.
• Collaborate with our customers.
• Listen, respect, learn.
• Innovate to excel.

The behaviors we look for:

• Be nice.
• Be creative.
• Be honest.
• Be helpful.

Compensation and Benefits

Typical salary range for this position is $105,000 - $125,000. However, Synthesis participates in location based hiring and salary ranges can be adjusted based on candidate's residence.

Other benefits include, but are not limited to: Medical, Dental, Vision, "Use as needed" vacation policy, and participation in our employee option program.