IT Security Engineer L3 - Synthesis Health

IT Security Engineer

Synthesis Health

Who We Are

We’re a mission- and values-driven company with tremendous dedication to our customers. Our 100% remote team is dedicated to a common goal – to revolutionize healthcare through innovation, collaboration, and commitment to our core values and behaviors.

About the Opportunity

This is a high-impact, high-autonomy role at the center of our IT and security operations. As our IT Security Engineer, you'll own the day-to-day administration and ongoing maturation of a modern Microsoft 365 E5/E7 environment supporting a fully remote healthcare SaaS company. You'll be the primary technical hand across identity, endpoints, security tooling, and compliance evidence generation, working directly on the systems that keep our clinical AI platform secure and our five compliance frameworks audit-ready. This is a small-team environment where you'll have real ownership and the latitude to improve, automate, and architect rather than just maintain. If you want your decisions to matter and your work to be visible, this is the role you have been searching for.

Key Responsibilities

• End-user IT support: first point of contact for the company across Microsoft 365, identity, devices, SaaS access, and general technology issues, with ownership of the internal support queue
• Endpoint administration across macOS and Windows: Intune compliance and configuration policies, application deployment, endpoint DLP, OS update management
• Entra ID operational ownership: Conditional Access lifecycle, group and license hygiene, access reviews, PIM
• Microsoft Purview, Sentinel, Defender, and Global Secure Access: ongoing tuning, alert triage workflows, evidence pipelines, secure access policy management
• Automation and integration: building and maintaining workflows across our SaaS estate using APIs, webhooks, and appropriate tooling
• Joiner-mover-leaver execution and the tooling that supports it
• Compliance evidence generation and audit support across our compliance frameworks
• SaaS administration hygiene: Vanta posture, app registrations, license reconciliation
• Identifying opportunities to improve, replace, or consolidate our existing tooling

What We’re Looking For

• Microsoft Sentinel: KQL, data connectors, analytics rules, workbook authoring, cost management
• Microsoft Purview hands-on: DLP, sensitivity labels, retention, eDiscovery
• Microsoft Defender XDR: Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps
• macOS administration: configuration profiles, shell scripting (bash, zsh)Experience operating in a one-person or small-team IT environment, with the prioritization judgment that comes from it.

Preferred Qualifications

• Microsoft