IT Security Engineer (L3)

IT Security EngineerSynthesis HealthWho We AreWe're a mission- and values-driven company with tremendous dedication to our customers. Our 100% remote team is dedicated to a common goal – to revolutionize healthcare through innovation, collaboration, and commitment to our core values and behaviors.About the OpportunityThis is a high-impact, high-autonomy role at the center of our IT and security operations. As our IT Security Engineer, you'll own the day-to-day administration and ongoing maturation of a modern Microsoft 365 E5/E7 environment supporting a fully remote healthcare SaaS company. You'll be the primary technical hand across identity, endpoints, security tooling, and compliance evidence generation, working directly on the systems that keep our clinical AI platform secure and our five compliance frameworks audit-ready. This is a small-team environment where you'll have real ownership and the latitude to improve, automate, and architect rather than just maintain. If you want your decisions to matter and your work to be visible, this is the role you have been searching for.Key ResponsibilitiesEnd-user IT support: first point of contact for the company across Microsoft 365, identity, devices, SaaS access, and general technology issues, with ownership of the internal support queueEndpoint administration across macOS and Windows: Intune compliance and configuration policies, application deployment, endpoint DLP, OS update managementEntra ID operational ownership: Conditional Access lifecycle, group and license hygiene, access reviews, PIMMicrosoft Purview, Sentinel, Defender, and Global Secure Access: ongoing tuning, alert triage workflows, evidence pipelines, secure access policy managementAutomation and integration: building and maintaining workflows across our SaaS estate using APIs, webhooks, and appropriate toolingJoiner-mover-leaver execution and the tooling that supports itCompliance evidence generation and audit support across our compliance frameworksSaaS administration hygiene: Vanta posture, app registrations, license reconciliationIdentifying opportunities to improve, replace, or consolidate our existing toolingWhat We're Looking ForMicrosoft Sentinel: KQL, data connectors, analytics rules, workbook authoring, cost managementMicrosoft Purview hands-on: DLP, sensitivity labels, retention, eDiscoveryMicrosoft Defender XDR: Defender for Endpoint, Defender for Office 365, Defender for Cloud AppsmacOS administration: configuration profiles, shell scripting (bash, zsh)Experience operating in a one-person or small-team IT environment, with the prioritization judgment that comes from it.Preferred QualificationsMicrosoft 365 E5 or E7 license tier experience specificallyMicrosoft Security Copilot exposureMicrosoft Global Secure Access: Internet Access, Private Access, traffic forwarding profilesmacOS administration at depth: declarative device management, Platform Single Sign-OnGCP IAM exposure: Workload Identity Federation, org policies, IAM roles and bindingsVanta or comparable GRC automation toolingEnterprise password management administrationHITRUST CSF i1 or r2 familiarityISO 27017 and ISO 27018 cloud-specific control familiaritySCIM provisioning experience across multiple SaaS applicationsSelf-hosted automation platform experience including deployment, upgrades, and monitoringMicrosoft Graph PowerShell SDK at an advanced level: app-only authentication, custom Entra app registrationsConditional Access policy design at scale, including structured policy taxonomiesAzure VM and Docker Compose administrationSharePoint Online administration and Viva ConnectionsApple Business Manager and Automated Device Enrollment workflowsWindows Autopilot deployment experienceExperience supporting a SOC 2 Type II or ISO 27001 Stage 2 audit as the named technical owner.Why You Should Join UsSolve Our Toughest Puzzles: This is a high-leverage role. You will be working on the most impactful technical challenges that are critical to the company's success.Define the Architecture: You won't just be maintaining a system; you will be a primary author of its future state, with the autonomy to make it happen.Lead from the Front: This is a chance to establish yourself as a key technical voice in a rapidly growing company.Competitive Compensation & Benefits: We offer a strong salary, a 100% remote culture, and significant opportunities for growth.We are a values-driven company. Our values:Clinical service first.Collaborate with our customers.Listen, respect, learn.Innovate to excel.The behaviors we look for:Be nice.Be creative.Be honest.Be helpful.Compensation and BenefitsTypical salary range for this position is $105,000 - $125,000. However, Synthesis participates in location based hiring and salary ranges can be adjusted based on candidate's residence.Other benefits include, but are not limited to: Medical, Dental, Vision, "Use as needed" vacation policy, and participation in our employee option program.Synthesis Health is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by federal, state, or local law.