Own and administer enterprise endpoint management platforms with primary responsibility for Iru/Kandji configuration, policy design, and lifecycle management
Establish and enforce enterprise endpoint standards aligned to CIS Level 1 benchmarks
Design, implement, and maintain secure baseline configurations for macOS endpoints ensuring systems are hardened and secure by default
Ensure all endpoints remain compliant with patching policies, minimum OS requirements, and approved software versions through automated enforcement
Administer and maintain an internal approved application catalog including packaging, version control, testing and secure deployment
Ensure endpoint detection and response (EDR) tooling is properly deployed, configured and monitored (SentinalOne preferred)
Implement and enforce appropriate data loss prevention (DLP) measures across endpoints to protect corporate data and intellectual property
Develop compliance dashboards and reporting to track endpoint posture, remediation timelines and risk exposure
Partner closely with Security Operations (SecOps) to investigate, contain, and remediate endpoint-related security incidents
Participate in incident response activities including forensic coordination, containment actions and post-incident remediation
Contribute to internal and external audits, ensuring endpoint controls meet SOC 2 and ISO 27001 requirements; prepare evidence and support auditor walkthroughs
Own licensing strategy across administered platforms, ensuring appropriate license assignment, cost optimization, feature alignment, renewal management and utilization reporting
Continuously evaluate new endpoint features, security capabilities, and OS updates
Create and maintain technical documentation, configuration standards and operational runbooks
Requirements
6+ years of experience in endpoint administration, device management, and enterprise IT operations in a cloud-first environment
Hands-on expertise administering Iru/Kandji or comparable Apple-focused MDM solutions
Understanding of MDM solutions for Microsoft Windows and Linux (Jump Cloud preferred)
Strong understanding of CIS Level 1 controls and endpoint hardening principles
Experience deploying and administering EDR solutions and coordinating with security teams on alert triage and remediation
Experience managing OS patching strategies, update enforcement policies and compliance reporting
Familiarity with DLP technologies and endpoint-based data protection controls
Experience participating in compliance programs aligned to SOC 2 and ISO 27001 frameworks supporting audit evidence collection and control validation processes
Strong troubleshooting skills with the ability to diagnose complex endpoint configuration and policy conflicts
Clear documentation and communication skills with the ability to articulate technical risk and remediation strategies.