IT Security Operations Engineer

What You'll Do

• Implement and tune PHI Data Loss Prevention. Deploy and tune DLP policies across our SaaS estate (Google Workspace, Slack, GitHub, Jira/Confluence) and managed Mac endpoints. Build detections that catch real PHI exposure with minimal false positives, and partner with stakeholders to remediate findings.
• Operate AI-powered email security. Stand up and tune an AI email security layer on top of Google Workspace covering phishing, BEC, payload analysis, and vendor impersonation. Run investigations end-to-end.
• Configure MDR/EDR for endpoint posture. Tune detection coverage, response automation, and alert routing across the Mac fleet to maximize endpoint security posture, and integrate findings into our incident response workflow.
• Harden Okta and Google Workspace. Maintain Okta (OIE policies, MFA, device trust, geo controls, lifecycle, SCIM/group push) and Google Workspace (context-aware access, DLP, alert center, drive sharing, admin hygiene) against documented baselines. Codify in Terraform where practical.
• Automate security testing, reporting, and training. Automate phishing simulations, access reviews, configuration drift checks, and vulnerability rescans. Build reporting that produces the metrics leadership and auditors actually need, and run role-based security awareness training.
• Lead incident response. Maintain runbooks, join the on-call rotation, and lead investigations involving SaaS account compromise and PHI exposure.
• Support compliance at the source. Automate HITRUST, HIPAA, and SOC 2 evidence collection at the tool level rather than collecting screenshots after the fact.
• Maintain living documentation. Keep configurations, runbooks, and procedures current so a teammate can operate the system without you.

What We're Looking For

• 4+ years in security operations, IT security, or a closely related role
• Production experience reviewing and configuring security settings in Okta (or an equivalent IdP) and Google Workspace at meaningful scale
• Hands-on experience deploying or operating a DLP product across SaaS and endpoints
• Experience with AI/ML-driven email security tooling or modern SEGs (Abnormal, Material, Sublime, Proofpoint, Mimecast)
• Comfort writing scripts and small services (Python, Go, or TypeScript) to automate repetitive work and integrate APIs
• Working knowledge of at least one compliance framework relevant to our environment: HIPAA, HITRUST, SOC 2, or ISO 27001
• Strong written communication. You can document a system clearly enough that a teammate can operate it without you.
• Ownership mindset. You see something broken and fix it. You don't wait for a ticket to act on a problem you can solve, and you take a project from "idea" to "in production" without needing to be project-managed through it.

Bonus Points

• Prior experience in healthcare or another regulated industry handling sensitive data
• Familiarity with Terraform, especially for identity and SaaS configuration
• Experience with Mac fleet management (Kandji, Jamf) and modern device trust (Okta Device Trust, SecureW2, EAP-TLS)
• Background running phishing simulation and security awareness programs (KnowBe4, Hoxhunt, Living Security)
• Experience integrating LLM or AI tooling into a security workflow (triage, summarization, evidence collection)
• Incident response experience, including investigations involving SaaS account compromise

What We Offer

• Flexible paid time off (PTO)
• Expansive coverage for health, dental, and vision
• Employer contribution to Health Savings Accounts (HSA)
• Generous parental leave policy
• Full employee coverage for life insurance
• Home office stipend
• Cell phone/internet reimbursement
• Commuting benefits
• Company-paid holidays
• 401(K) plan

Compensation

• $150,000 - $190,000 + Equity