IT Security Engineer (L3)
IT Security Engineer
Synthesis Health
Who We Are
We’re a mission- and values-driven company with tremendous dedication to our customers. Our 100% remote team is dedicated to a common goal – to revolutionize healthcare through innovation, collaboration, and commitment to our core values and behaviors.
About the Opportunity
This is a high-impact, high-autonomy role at the center of our IT and security operations. As our IT Security Engineer, you'll own the day-to-day administration and ongoing maturation of a modern Microsoft 365 E5/E7 environment supporting a fully remote healthcare SaaS company. You'll be the primary technical hand across identity, endpoints, security tooling, and compliance evidence generation, working directly on the systems that keep our clinical AI platform secure and our five compliance frameworks audit-ready. This is a small-team environment where you'll have real ownership and the latitude to improve, automate, and architect rather than just maintain. If you want your decisions to matter and your work to be visible, this is the role you have been searching for.
Key Responsibilities
End-user IT support: first point of contact for the company across Microsoft 365, identity, devices, SaaS access, and general technology issues, with ownership of the internal support queue
Endpoint administration across macOS and Windows: Intune compliance and configuration policies, application deployment, endpoint DLP, OS update management
Entra ID operational ownership: Conditional Access lifecycle, group and license hygiene, access reviews, PIM
Microsoft Purview, Sentinel, Defender, and Global Secure Access: ongoing tuning, alert triage workflows, evidence pipelines, secure access policy management
Automation and integration: building and maintaining workflows across our SaaS estate using APIs, webhooks, and appropriate tooling
Joiner-mover-leaver execution and the tooling that supports it
Compliance evidence generation and audit support across our compliance frameworks
SaaS administration hygiene: Vanta posture, app registrations, license reconciliation
Identifying opportunities to improve, replace, or consolidate our existing tooling
What We’re Looking For
Microsoft Sentinel: KQL, data connectors, analytics rules, workbook authoring, cost management
Microsoft Purview hands-on: DLP, sensitivity labels, retention, eDiscovery
Microsoft Defender XDR: Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps
macOS administration: configuration profiles, shell scripting (bash, zsh)Experience operating in a one-person or small-team IT environment, with the prioritization judgment that comes from it.
Preferred Qualifications
Microsoft 365 E5 or E7 license tier experience specifically
Microsoft Security Copilot exposure
Microsoft Global Secure Access: Internet Access, Private Access, traffic forwarding profiles
macOS administration at depth: declarative device management, Platform Single Sign-On
GCP IAM exposure: Workload Identity Federation, org policies, IAM roles and bindings
Vanta or comparable GRC automation tooling
Enterprise password management administration
HITRUST CSF i1 or r2 familiarity
ISO 27017 and ISO 27018 cloud-specific control familiarity
SCIM provisioning experience across multiple SaaS applications
Self-hosted automation platform experience including deployment, upgrades, and monitoring
Microsoft Graph PowerShell SDK at an advanced level: app-only authentication, custom Entra app registrations
Conditional Access policy design at scale, including structured policy taxonomies
Azure VM and Docker Compose administration
SharePoint Online administration and Viva Connections
Apple Business Manager and Automated Device Enrollment workflows
Windows Autopilot deployment experience
Experience supporting a SOC 2 Type II or ISO 27001 Stage 2 audit as the named technical owner.
Why You Should Join Us
Solve Our Toughest Puzzles: This is a high-leverage role. You will be working on the most impactful technical challenges that are critical to the company's success.
Define the Architecture: You won't just be maintaining a system; you will be a primary author of its future state, with the autonomy to make it happen.
Lead from the Front: This is a chance to establish yourself as a key technical voice in a rapidly growing company.
Competitive Compensation & Benefits: We offer a strong salary, a 100% remote culture, and significant opportunities for growth.
We are a values-driven company. Our values:
Clinical service first.
Collaborate with our customers.
Listen, respect, learn.
Innovate to excel.
The behaviors we look for:
Be nice.
Be creative.
Be honest.
Be helpful.
Compensation and Benefits
Typical salary range for this position is $105,000 - $125,000. However, Synthesis participates in location based hiring and salary ranges can be adjusted based on candidate's residence.
Other benefits include, but are not limited to: Medical, Dental, Vision, “Use as needed” vacation policy, and participation in our employee option program.
Synthesis Health is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by federal, state, or local law.