MDM Engineer

The macOS Device Management Engineer ensures Macs operate securely, reliably, and seamlessly across the organization. They architect and manage the enterprise macOS platform—designing the tools, workflows, and automations that support the full device lifecycle from deployment through retirement. Success in this role means a high‑quality user experience, strong security posture, and scalable, automated Mac operations.

This is a fully remote project

• Build and administer the organization’s enterprise macOS management platform—using tools such as Iru (formerly Kandji) or Jamf Pro to ensure all devices meet security, compliance, and operational standards.
• Design, implement, and maintain automated policies and workflows for application deployment, system configuration, OS updates, and remediation, ensuring a consistent, secure, and easily managed Mac environment at scale.
• Ensure seamless Microsoft 365 access on macOS environments, even when Intune is not the primary MDM. Integrate macOS with Entra  provide secure authentication, meet Conditional Access requirements, and leverage Intune compliance signals where appropriate.
• Deploy, update, and support Office applications through Iru (Kandji) or Jamf, maintaining a smooth, low‑friction experience for end users.
• Create secure, standardized enrollment workflows for both company‑owned and vendor‑owned Macs using Apple Business Manager and Automated Device Enrollment, ensuring full compliance and organizational control across all ownership scenarios.
• Implement risk‑based security policies to protect the organization from unmanaged or third‑party device exposure while still enabling business flexibility.
• Integrate macOS login experiences with identity platforms such as Entra  Okta using Kandji Passport or Jamf Connect to maintain seamless credential sync and platform SSO functionality.
• Establish controlled privilege‑elevation workflows, including approval‑based, time‑limited admin access with full activity logging and automated privilege removal.
• Package and deploy applications efficiently, including notarization, code signing, Auto Pkg workflows, testing rings, phased rollouts, and rollback procedures. Maintain SLAs and turnaround times for standard and advanced packages, publishing them via Self Service with complete metadata and documentation.
• Engineer and manage enterprise‑wide print infrastructure, including drivers, Air Print/IPP support, print queue configuration, and location‑based assignment, resolving complex compatibility issues across diverse hardware fleets.
• Align macOS security posture to enterprise and industry standards, including File Vault with key escrow, Gatekeeper, system/kernel extension governance, and CIS‑aligned configuration baselines. Implement telemetry, compliance checks, and automated remediation while coordinating with Security Operations for detection and response activities.
• Lead L3 macOS platform escalations, troubleshoot complex OS, hardware, identity, or configuration issues, and oversee OS upgrades, patching, and the full device lifecycle from onboarding to offboarding.
• Maintain accurate documentation, including runbooks, knowledge articles, and operational workflows to support scalable, consistent macOS platform management.

• Apple certifications (Device Support / Deployment) and/or CompTIA Security+.
• Experience with identity integrations (Entra /Okta) and Kandji Passport or Jamf Connect for login/Platform SSO style experiences.
• macOS security hardening (e.g., CIS benchmarks, zero trust alignment) and cross platform policy parity with Windows/Intune.
• Familiarity with Auto Pkg, CI/CD for packaging, and phased deployment practices.
• 8+ years of experience managing macOS at scale within enterprise environments.
• Advanced, hands on expertise with Iru (formerly Kandji) and/or Jamf Pro, including proven use of Apple Business Manager and Automated Device Enrollment for zero touch provisioning.
• Demonstrated ability to deliver an exceptional Microsoft 365 experience on macOS without relying on Intune as the primary MDM, coordinating Entra l Access, app controls, and compliance requirements.
• Strong proficiency…