chambercardio - IT Systems & Security Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• 3–6 years of combined experience in IT administration and/or security operations in a corporate or startup environment. • Hands-on experience managing macOS and Windows endpoints at scale; familiarity with Apple Business Manager and Intune or similar MDM. • Strong understanding of SSO and oAuth and general IAAA access control. • Proficiency with Microsoft 365 administration: Exchange Online, Teams, SharePoint, Azure AD, Conditional Access, and Defender for Business. • Working knowledge of Sophos Central — endpoint protection, XDR, firewall management, and policy configuration. • Experience with Datadog for infrastructure monitoring, log management, and alerting; ability to write log queries (QLDB / Datadog query language). • AWS fundamentals: IAM, EC2, S3, VPC, CloudTrail, and security group management; AWS Solutions Architect Associate (SAA-C03) or equivalent experience preferred. • Experience administering an enterprise password manager (Keeper, 1Password, or similar). • Understanding security frameworks and best practices: Zero Trust, NIST CSF, CIS Controls, and/or HIPAA technical safeguards. • Certifications: CompTIA Security+, AWS SAA-C03, Microsoft MS-102 or SC-300. • Experience in a healthcare or health-tech startup environment with exposure to HIPAA compliance. • Scripting skills in Python, PowerShell, or Bash for automation of routine IT/security tasks. • Familiarity with SIEM concepts, threat hunting, or cloud-native security tooling (AWS Security Hub, Guard Duty, Macie). • Experience with endpoint detection and response (EDR) platforms beyond Sophos. • Prior exposure to SOC 2 Type II audits and evidence collection workflows. • Our values guide how we lead, collaborate, and care: • Low Ego: We stay grounded, curious, and open to feedback. • Empathy: We build trust through compassion and thoughtful communication. • Courage: We take action, think critically, and challenge ideas respectfully. • Ownership: We follow through with integrity and hold ourselves to high standards. • Grit: We push through ambiguity, move with urgency, and solve problems with horsepower and heart. • Remote or hybrid options available in Nashville or DC. Periodic travel to practice sites or Chamber offices may be required.
Responsibilities
• IT Administration & Endpoint Management • Provision, configure, and maintain Apple (macOS/iOS) and Windows 11 endpoints using MDM solutions (Intune, NinjaOne, Apple Business or equivalent). • Manage the full device lifecycle: imaging, enrollment, patching, retirement, and asset tracking. • Administer Okta IdP & Microsoft 365 (Exchange Online, SharePoint, Teams, OneDrive, Azure AD) including user provisioning, licensing, and policy enforcement. • Maintain identity and access controls — enforce MFA, Conditional Access policies, and least-privilege principles across all platforms. • Own the Keeper Password Manager environment: administer vaults, shared folders, role-based permissions, and enforce enterprise password policies. • Serve as Tier 2/3 helpdesk escalation for macOS and Windows issues; build self-service documentation to reduce repeat tickets. • Compliance & Policy • Contribute to SOC 2, HIPAA, and internal audit readiness by maintaining accurate records of access, configurations, and security controls. • Develop and maintain IT policies, acceptable use agreements, and onboarding/offboarding checklists. • Conduct periodic access reviews and user entitlement audits across M365, AWS, Keeper, and SaaS applications. • Support security awareness training initiatives and phishing simulation programs. • Security Operations & Monitoring • Monitor and triage security alerts in Datadog (logs, APM, infrastructure metrics) and Sophos Central (endpoint protection, firewall, XDR). • Investigate and respond to endpoint threats, phishing attempts, and anomalous behavior; document incidents and escalate appropriately. • Tune Sophos policies (web filtering, application control, device encryption, threat intelligence rules) to balance security with productivity. • Build and maintain Datadog dashboards and monitors for infrastructure health, authentication events, and security KPIs. • Participate in on-call rotation for critical security incidents; conduct post-incident reviews and implement remediations. • Support vulnerability management: track CVEs, coordinate patching windows, and validate remediation closure. • What You’ll Achieve in Your First 90 Days: • Deploy and configure Mobile Device Management across all endpoints • Evaluate, select, and implement a Data Loss Prevention solution • Stand up a scalable IT support desk — ticketing system, documentation, and initial playbooks
No credit card. Takes 10 seconds.