IT Systems Engineer
Chamber · Washington, DC · 5 days ago
RemoteRemoteInformation TechnologyFull-time
About the Role
Chamber is hiring its first IT & Security Engineer — a foundational hire who will report directly to the Head of Security and IT. You're not walking into an established playbook; you're helping write it. From endpoint management to security operations, you'll build and own the infrastructure that keeps Chamber's team secure and running as we scale across the cardiology value-based care space. This role sits at the intersection of IT administration and security operations. You'll need to be equally comfortable provisioning a MacBook and triaging a security alert — and know when each one needs your full attention.
Key Responsibilities
- IT Administration & Endpoint Management
- Provision, configure, and maintain Apple (macOS/iOS) and Windows 11 endpoints using MDM solutions (Intune, NinjaOne, Apple Business or equivalent).
- Manage the full device lifecycle: imaging, enrollment, patching, retirement, and asset tracking.
- Administer Okta IdP & Microsoft 365 (Exchange Online, SharePoint, Teams, OneDrive, Azure AD) including user provisioning, licensing, and policy enforcement.
- Maintain identity and access controls — enforce MFA, Conditional Access policies, and least-privilege principles across all platforms.
- Own the Keeper Password Manager environment: administer vaults, shared folders, role-based permissions, and enforce enterprise password policies.
- Serve as Tier 2/3 helpdesk escalation for macOS and Windows issues; build self-service documentation to reduce repeat tickets.
- Compliance & Policy
- Contribute to SOC 2, HIPAA, and internal audit readiness by maintaining accurate records of access, configurations, and security controls.
- Develop and maintain IT policies, acceptable use agreements, and onboarding/offboarding checklists.
- Conduct periodic access reviews and user entitlement audits across M365, AWS, Keeper, and SaaS applications.
- Support security awareness training initiatives and phishing simulation programs.
- Security Operations & Monitoring
- Monitor and triage security alerts in Datadog (logs, APM, infrastructure metrics) and Sophos Central (endpoint protection, firewall, XDR).
- Investigate and respond to endpoint threats, phishing attempts, and anomalous behavior; document incidents and escalate appropriately.
- Tune Sophos policies (web filtering, application control, device encryption, threat intelligence rules) to balance security with productivity.
- Build and maintain Datadog dashboards and monitors for infrastructure health, authentication events, and security KPIs.
- Support vulnerability management: track CVEs, coordinate patching windows, and validate remediation closure.
What You’ll Achieve in Your First 90 Days
- Deploy and configure Mobile Device Management across all endpoints
- Evaluate, select, and implement a Data Loss Prevention solution
- Stand up a scalable IT support desk — ticketing system, documentation, and initial playbooks
Requirements
- 3–6 years of combined experience in IT administration and/or security operations in a corporate or startup environment.
- Hands-on experience managing macOS and Windows endpoints at scale; familiarity with Apple Business Manager and Intune or similar MDM.
- Strong understanding of SSO and oAuth and general IAAA access control.
- Proficiency with Microsoft 365 administration: Exchange Online, Teams, SharePoint, Azure AD, Conditional Access, and Defender for Business.
- Working knowledge of Sophos Central — endpoint protection, XDR, firewall management, and policy configuration.
- Experience with Datadog for infrastructure monitoring, log management, and alerting; ability to write log queries (QLDB / Datadog query language).
- AWS fundamentals: IAM, EC2, S3, VPC, CloudTrail, and security group management; AWS Solutions Architect Associate (SAA-C03) or equivalent experience preferred.
- Experience administering an enterprise password manager (Keeper, 1Password, or similar).
- Understanding security frameworks and best practices: Zero Trust, NIST CSF, CIS Controls, and/or HIPAA technical safeguards.
Preferred Qualifications
- Experience in a healthcare or health-tech startup environment with exposure to HIPAA compliance.
- Scripting skills in Python, PowerShell, or Bash for automation of routine IT/security tasks.
- Experience with endpoint detection and response (EDR) platforms beyond Sophos.
- Prior exposure to SOC 2 Type II audits and evidence collection workflows.