NEWPosted 4 hours ago

Job ID: JOB_ID_4188

Job Description:

Client is elevating macOS to first-class status and needs a hands-on Mac Endpoint Engineer to build and harden a modern Intune-managed macOS environment. You will deliver zero-touch enrollment, seamless Platform SSO (PSSO) first sign-in, large-scale macOS app packaging, configuration, compliance, automation, and a strong security posture with a goal of achieving 1:1 parity with Windows devices.

Key Responsibilities:

  • Design/operate zero-touch enrollment with ABM + ADE (PreStage through post-enrollment fixes).
  • Build a consistent first sign-in experience using PSSO + Intune.
  • Improve enrollment flows, bootstrap content, and post-enrollment automations.
  • Lead macOS app packaging for Intune (PKG/DMG + pre/post scripts, detection rules, dependencies, retries, uninstall logic).
  • Create a scalable third-party app deployment model with staged rings, rollback plans, and change control.
  • Collaborate with Packaging/QA on versioning, testing, and release notes.
  • Manage Intune baseline configs & compliance policies; suggest UX/reliability improvements.
  • Enforce CIS macOS benchmark controls (macOS 26+); own configuration/enforcement, partner with InfoSec.
  • Integrate/support: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, GlobalProtect ZTNA.
  • Automate via scripting (bash/zsh/Python; PowerShell for Graph) provisioning, remediations, health checks, reporting.
  • Deliver actionable Intune dashboard metrics (enrollment success, sign-in time, compliance drift, packaging SLAs).
  • Write KB articles/how-tos; transfer knowledge to Support; provide occasional Tier 3 guidance (no on-call).
  • Partner with Identity, Security, Networking, and Support to prepare for go-live and scale across US users.
  • Contribute to standards, guardrails, and SOPs for long-term stability.

Environment:

  • MDM: Microsoft Intune only (no Jamf/Kandji).
  • Minimum: macOS 26 (Tahoe).
  • Stack: Entra ID, Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
  • Standards: CIS macOS benchmark (InfoSec sets policy; you implement/operate).
  • Tools: ABM + ADE in place; Intune for compliance & reporting.

Required Qualifications:

  • 3+ years enterprise macOS MDM (Intune preferred).
  • Strong Intune macOS packaging expertise (PKG/DMG, scripts, detection, rings, rollback).
  • Hands-on ADE zero-touch + PSSO implementation.
  • Scripting: bash/zsh/Python (PowerShell/Graph as needed).
  • Experience enforcing CIS controls via Intune profiles/policies.
  • Familiarity with Defender, CrowdStrike, CyberArk EPM, Qualys, and GlobalProtect.
  • Excellent documentation & knowledge-transfer skills.

Preferred Qualifications:

  • Self-healing remediations / drift correction.
  • iOS/iPadOS in Intune (bonus).
  • Entra ID Conditional Access for macOS.
  • Current Apple management trends (PSSO, macOS security/privacy).

Success Looks Like:

  • Reliable zero-touch from unbox to desktop.
  • Fast, frictionless PSSO sign-in.
  • Scalable packaging/patching with SLAs, rings, and rollback.
  • Trusted CIS-aligned posture with clear Intune dashboards.

Special Requirements

Onsite Role, USC preferred, Mother's maiden name required, Date of birth required, 3 references required

Compensation & Location

Salary: $60 – $80 per year (Estimated)

Location: Downers Grove, IL

Recruiter / Company – Contact Information

Recruiter / Employer: Convextech

Email: hek@convextech.com

Interested in this position?
Apply via Email

Recruiter Notice:
To remove this job posting, please send an email from
hek@convextech.com with the subject:

DELETE_JOB_ID_4188

to delete@join-this.com.