Mac Endpoint Engineer

Position

Mac Endpoint Engineer (macOS + Intune)

6+ Month Contract

$70 to $80 C2C ($60 to $70 W2 DOE)

Onsite contract role (6+ months, possible extension) for a proactive engineer ready to shape macOS in a Microsoft-centric enterprise. Client is elevating macOS to first‑class status and needs a hands‑on Mac Endpoint Engineer to build and harden a modern Intune‑managed macOS environment. You will deliver zero‑touch enrollment, seamless Platform SSO (PSSO) first sign‑in, large‑scale macOS app packaging, configuration, compliance, automation, and a strong security posture with a goal of achieving 1:1 parity with Windows devices.

• Design/operate zero‑touch enrollment with ABM + ADE (Pre Stage through post‑enrollment fixes).
• Build a consistent first sign‑in experience using PSSO + Intune.
• Improve enrollment flows, bootstrap content, and post‑enrollment automations.
• Lead macOS app packaging for Intune (PKG/DMG + pre/post scripts, detection rules, dependencies, retries, uninstall logic).
• Create a scalable third‑party app deployment model with staged rings, rollback plans, and change control.
• Collaborate with Packaging/QA on versioning, testing, and release notes.
• Manage Intune baseline configs & compliance policies; suggest UX/reliability improvements.
• Enforce CIS macOS benchmark controls (macOS 26+); own configuration/enforcement, partner with Info Sec.
• Integrate/support:
  Entra , Defender for Endpoint (DLP), Crowd Strike, Cyber Ark EPM, Qualys, Global Protect ZTNA.
• Automate via scripting (bash/zsh/Python; Power Shell for Graph) – provisioning, remediations, health checks, reporting.
• Write KB articles/how‑tos; transfer knowledge to Support; provide occasional Tier 3 guidance (no on‑call).
• Partner with Identity, Security, Networking, and Support to prepare for go‑live and scale across US users.
• Contribute to standards, guardrails, and SOPs for long‑term stability.

Microsoft Intune only (no Jamf/Kandji).

CIS macOS benchmark (Info Sec sets policy; you implement/operate).

ABM + ADE in place;
Intune for compliance & reporting.

• 3–5+ years enterprise macOS MDM (Intune preferred).
• Strong Intune macOS packaging expertise (PKG/DMG, scripts, detection, rings, rollback).
• Scripting: bash/zsh/Python (Power Shell/Graph as needed).
• Familiarity with Defender, Crowd Strike, Cyber Ark EPM, Qualys, and Global Protect.

• Self‑healing remediations / drift correction.
• iOS/iPadOS in Intune (bonus).
• Entra l Access for macOS.
• Current Apple management trends (PSSO, macOS security/privacy).

• Reliable zero‑touch from unbox to desktop.
• Fast, frictionless PSSO sign‑in.
• Scalable packaging/patching with SLAs, rings, and rollback.
• Trusted CIS‑aligned posture with clear Intune dashboards.