Information Technology System Engineer

Information Technology System Engineer

About Ceiba Healthcare

Ceiba Healthcare is an AI-powered virtual care platform transforming how hospitals deliver care remotely. Our platform connects clinicians, medical devices, and patients in real-time—enabling Tele-ICU, Telemetry, and Tele-Neurology across a global network. We operate at the intersection of real-time clinical data, cloud infrastructure at scale, and AI-driven healthcare workflows.

Role Overview

We are looking for a sharp, self-sufficient IT Systems Engineer to serve as the operational backbone of Ceiba's internal IT environment. Reporting to the Director of Cloud Infrastructure & Security, you will own Microsoft 365, Active Directory, and network security operations.

This is a high-ownership role that demands both technical depth and operational discipline. The right candidate is hands-on across M365 administration, firewall management, and identity operations—and takes genuine pride in keeping systems secure, compliant, and running smoothly. 

Core Responsibilities

1. Microsoft 365 & Productivity Stack

• Administer the full Microsoft 365 tenant: Exchange Online, Teams, SharePoint, OneDrive, and Intune (MDM/MAM for remote endpoints).
• Manage licensing, user provisioning/deprovisioning, and conditional access policies across the organization.
• Own M365 security baselines, audit logging, and alerting in alignment with HIPAA and SOC 2 requirements.
• Manage email security: anti-phishing, anti-spam, DKIM/DMARC/SPF configuration, and mail flow rules.

2. Active Directory & Identity Management

• Own Entra ID (Azure AD) and on-prem AD environments: user/group/OU management, GPOs, and hybrid identity configuration.
• Administer and enforce MFA, Single Sign-On (SSO), and RBAC policies across all internal systems.
• Support access reviews and identity governance reporting for security audits and certifications.

3. Firewall & Network Security

• Configure, maintain, and monitor perimeter and internal firewalls (Sophos and Fortinet).
• Manage firewall rule sets, security policies, NAT configurations, and change request workflows.
• Support troubleshooting of Site-to-Site VPN tunnels and Client VPN configurations in hybrid-cloud and hospital-connected environments.
• Monitor network traffic and security events; triage and escalate anomalies as needed.
• Maintain network segmentation standards and keep firewall architecture documentation and change history up to date.

4. Endpoint & Device Management

• Own endpoint management for all company devices (Windows, macOS) via Microsoft Intune and/or JAMF.
• Manage device enrollment, configuration profiles, patch management, and compliance baselines.
• Administer endpoint security tooling: EDR, AV, disk encryption, and software deployment.
• Serve as the primary escalation point for endpoint and access issues across the organization.

5. Incident Response & Critical Support

• Serve as the first responder for critical IT and security incidents—available to jump in, diagnose, and drive resolution with a sense of urgency.
• Triage and resolve high-priority issues spanning identity, endpoints, network connectivity, and M365 services.
• Communicate clearly and promptly with stakeholders during active incidents, providing status updates and resolution timelines.
• Participate in post-incident reviews and implement remediations to prevent recurrence.

6. IT Operations & Security Compliance

• Own internal IT documentation: runbooks, asset inventory, access logs, and configuration records.
• Support HIPAA and SOC 2 Type 2 audit preparations with audit-ready logs and evidence packages.
• Manage third-party SaaS application integrations: SSO, SCIM provisioning, and access policies.
• Identify and remediate vulnerabilities surfaced through patch cycles and periodic internal security reviews.
• Own the employee onboarding/offboarding IT workflow: account setup, device provisioning, and access configuration.

Required Qualifications

• Experience:  3+ years in IT Systems, Systems Administration, or IT Security roles with increasing ownership.
• Hands-on Microsoft 365 administration expertise across Exchange, Teams, SharePoint, and Intune.
• Deep experience with Active Directory and Entra ID (Azure AD): hybrid identity, GPO management, SSO, and MFA enforcement.
• Practical experience configuring and managing enterprise firewalls—specifically Sophos and/or Fortinet—including rule management and security policy review.
• Familiarity with VPN technologies (IPSec Site-to-Site, Client VPN) and network security concepts.
• Working knowledge of HIPAA and SOC 2 requirements as they apply to endpoint and identity security.
• Proven ability to respond to and resolve critical incidents quickly and calmly under pressure.
• Fluent English communication skills, both written and verbal—essential for clear stakeholder communication during incidents and day-to-day collaboration.
• Comfortable operating independently with a high degree of ownership and accountability.
• Strong documentation habits and a process-oriented mindset.

Nice to Have

• Experience with SIEM/SOAR tools (Microsoft Sentinel, Splunk) and security event analysis.
• Scripting ability in PowerShell or Python for automation and compliance reporting.
• Exposure to AWS networking concepts and cloud security practices.
• Experience supporting a healthcare or other regulated-industry environment.