Key skills
IT administrationSecurity operationsmacOS endpoint managementWindows endpoint managementMobile Device Management (MDM)Apple Business ManagerMicrosoft IntuneSingle Sign-On (SSO)OAuthIdentityAccess Management (IAM)Microsoft 365 administrationExchange OnlineMicrosoft TeamsSharePointAzure Active Directory (Azure AD)Conditional AccessMicrosoft Defender for BusinessSophos CentralEndpoint protectionExtended DetectionResponse (XDR)Firewall managementDatadog monitoringLog managementDatadog query language (QLDB)Amazon Web Services (AWS) fundamentalsAWS IAMAWS EC2AWS S3AWS VPCAWS CloudTrailAWS security groupsEnterprise password manager administrationKeeper Password ManagerSecurity frameworksZero TrustNIST Cybersecurity Framework (NIST CSF)CIS ControlsHIPAA technical safeguardsPythonBashPowerShellAWSAzureEC2S3IAMAzure ADOktaSSODatadogiOSSaaSFirewall
About this role
Chamber is a company focused on transforming cardiology through technology and data. They are seeking an IT Systems & Security Engineer to manage IT administration and security operations, ensuring the security and functionality of their infrastructure as they scale in the healthcare space.
Responsibilities:
- Provision, configure, and maintain Apple (macOS/iOS) and Windows 11 endpoints using MDM solutions (Intune, NinjaOne, Apple Business or equivalent)
- Manage the full device lifecycle: imaging, enrollment, patching, retirement, and asset tracking
- Administer Okta IdP & Microsoft 365 (Exchange Online, SharePoint, Teams, OneDrive, Azure AD) including user provisioning, licensing, and policy enforcement
- Maintain identity and access controls — enforce MFA, Conditional Access policies, and least-privilege principles across all platforms
- Own the Keeper Password Manager environment: administer vaults, shared folders, role-based permissions, and enforce enterprise password policies
- Serve as Tier 2/3 helpdesk escalation for macOS and Windows issues; build self-service documentation to reduce repeat tickets
- Contribute to SOC 2, HIPAA, and internal audit readiness by maintaining accurate records of access, configurations, and security controls
- Develop and maintain IT policies, acceptable use agreements, and onboarding/offboarding checklists
- Conduct periodic access reviews and user entitlement audits across M365, AWS, Keeper, and SaaS applications
- Support security awareness training initiatives and phishing simulation programs
- Monitor and triage security alerts in Datadog (logs, APM, infrastructure metrics) and Sophos Central (endpoint protection, firewall, XDR)
- Investigate and respond to endpoint threats, phishing attempts, and anomalous behavior; document incidents and escalate appropriately
- Tune Sophos policies (web filtering, application control, device encryption, threat intelligence rules) to balance security with productivity
- Build and maintain Datadog dashboards and monitors for infrastructure health, authentication events, and security KPIs
- Participate in on-call rotation for critical security incidents; conduct post-incident reviews and implement remediations
- Support vulnerability management: track CVEs, coordinate patching windows, and validate remediation closure
- Deploy and configure Mobile Device Management across all endpoints
- Evaluate, select, and implement a Data Loss Prevention solution
- Stand up a scalable IT support desk — ticketing system, documentation, and initial playbooks
Requirements:
- 3–6 years of combined experience in IT administration and/or security operations in a corporate or startup environment
- Hands-on experience managing macOS and Windows endpoints at scale; familiarity with Apple Business Manager and Intune or similar MDM
- Strong understanding of SSO and oAuth and general IAAA access control
- Proficiency with Microsoft 365 administration: Exchange Online, Teams, SharePoint, Azure AD, Conditional Access, and Defender for Business
- Working knowledge of Sophos Central — endpoint protection, XDR, firewall management, and policy configuration
- Experience with Datadog for infrastructure monitoring, log management, and alerting; ability to write log queries (QLDB / Datadog query language)
- AWS fundamentals: IAM, EC2, S3, VPC, CloudTrail, and security group management; AWS Solutions Architect Associate (SAA-C03) or equivalent experience preferred
- Experience administering an enterprise password manager (Keeper, 1Password, or similar)
- Understanding security frameworks and best practices: Zero Trust, NIST CSF, CIS Controls, and/or HIPAA technical safeguards
- Certifications: CompTIA Security+, AWS SAA-C03, Microsoft MS-102 or SC-300
- Experience in a healthcare or health-tech startup environment with exposure to HIPAA compliance
- Scripting skills in Python, PowerShell, or Bash for automation of routine IT/security tasks
- Familiarity with SIEM concepts, threat hunting, or cloud-native security tooling (AWS Security Hub, Guard Duty, Macie)
- Experience with endpoint detection and response (EDR) platforms beyond Sophos
- Prior exposure to SOC 2 Type II audits and evidence collection workflows