IT Systems Engineer

IT Systems Engineer About Ceiba Healthcare Ceiba Healthcare is an AI-powered virtual care platform transforming how hospitals deliver care remotely. Our platform connects clinicians, medical devices, and patients in real-time—enabling Tele-ICU, Telemetry, and Tele-Neurology across a global network. We operate at the intersection of real-time clinical data, cloud infrastructure at scale, and AI-driven healthcare workflows. Role Overview We are looking for a sharp, self-sufficient IT Systems Engineer to serve as the operational backbone of Ceiba's internal IT environment. Reporting to the Director of Cloud Infrastructure & Security, you will own Microsoft 365, Active Directory, and network security operations. This is a high-ownership role that demands both technical depth and operational discipline. The right candidate is hands-on across M365 administration, firewall management, and identity operations—and takes genuine pride in keeping systems secure, compliant, and running smoothly. Core Responsibilities 1. Microsoft 365 & Productivity Stack - Administer the full Microsoft 365 tenant: Exchange Online, Teams, SharePoint, OneDrive, and Intune (MDM/MAM for remote endpoints). - Manage licensing, user provisioning/deprovisioning, and conditional access policies across the organization. - Own M365 security baselines, audit logging, and alerting in alignment with HIPAA and SOC 2 requirements. - Manage email security: anti-phishing, anti-spam, DKIM/DMARC/SPF configuration, and mail flow rules. 2. Active Directory & Identity Management - Own Entra ID (Azure AD) and on-prem AD environments: user/group/OU management, GPOs, and hybrid identity configuration. - Administer and enforce MFA, Single Sign-On (SSO), and RBAC policies across all internal systems. - Support access reviews and identity governance reporting for security audits and certifications. 3. Firewall & Network Security - Configure, maintain, and monitor perimeter and internal firewalls (Sophos and Fortinet). - Manage firewall rule sets, security policies, NAT configurations, and change request workflows. - Support troubleshooting of Site-to-Site VPN tunnels and Client VPN configurations in hybrid-cloud and hospital-connected environments. - Monitor network traffic and security events; triage and escalate anomalies as needed. - Maintain network segmentation standards and keep firewall architecture documentation and change history up to date. 4. Endpoint & Device Management - Own endpoint management for all company devices (Windows, macOS) via Microsoft Intune and/or JAMF. - Manage device enrollment, configuration profiles, patch management, and compliance baselines. - Administer endpoint security tooling: EDR, AV, disk encryption, and software deployment. - Serve as the primary escalation point for endpoint and access issues across the organization. 5. Incident Response & Critical Support - Serve as the first responder for critical IT and security incidents—available to jump in, diagnose, and drive resolution with a sense of urgency. - Triage and resolve high-priority issues spanning identity, endpoints, network connectivity, and M365 services. - Communicate clearly and promptly with stakeholders during active incidents, providing status updates and resolution timelines. - Participate in post-incident reviews and implement remediations to prevent recurrence. 6. IT Operations & Security Compliance - Own internal IT documentation: runbooks, asset inventory, access logs, and configuration records. - Support HIPAA and SOC 2 Type 2 audit preparations with audit-ready logs and evidence packages. - Manage third-party SaaS application integrations: SSO, SCIM provisioning, and access policies. - Identify and remediate vulnerabilities surfaced through patch cycles and periodic internal security reviews. - Own the employee onboarding/offboarding IT workflow: account setup, device provisioning, and access configuration. Required Qualifications - Experience: 3+ years in IT Systems, Systems Administration, or IT Security roles with increasing ownership. - Hands-on Microsoft 365 administration expertise across Exchange, Teams, SharePoint, and Intune. - Deep experience with Active Directory and Entra ID (Azure AD): hybrid identity, GPO management, SSO, and MFA enforcement. - Practical experience configuring and managing enterprise firewalls—specifically Sophos and/or Fortinet—including rule management and security policy review. - Familiarity with VPN technologies (IPSec Site-to-Site, Client VPN) and network security concepts. - Working knowledge of HIPAA and SOC 2 requirements as they apply to endpoint and identity security. - Proven ability to respond to and resolve critical incidents quickly and calmly under pressure. - Fluent English communication skills, both written and verbal—essential for clear stakeholder communication during incidents and day-to-day collaboration. - Comfortable operating independently with a high degree of ownership and accountability. - Strong documentation habits and a process-oriented mindset. Nice to Have - Experience with SIEM/SOAR tools (Microsoft Sentinel, Splunk) and security event analysis. - Scripting ability in PowerShell or Python for automation and compliance reporting. - Exposure to AWS networking concepts and cloud security practices. - Experience supporting a healthcare or other regulated-industry environment.