macOS Device Engineer

RGP is a global consulting firm helping recognized companies work differently. The successful candidate will lead the design, deployment, and lifecycle management of an Apple fleet, focusing on automation, scalability, and security in an enterprise environment.

Responsibilities:

• Design and manage zero-touch macOS deployments using Automated Device Enrollment (ADE)
• Architect and maintain MDM Blueprints / policies for different business units
• Participate in the deployment of large-scale device onboarding (1,000+ devices)
• Develop and maintain deployment documentation and runbooks
• Oversee device lifecycle (procurement → deployment → support → retirement)
• Troubleshoot enrollment failures and compliance issues at scale
• Create dashboards and metrics to track fleet health
• Automate software deployment (PKG, scripts, managed apps)
• Create and maintain configuration profiles and compliance policies
• Enforce FileVault, escrow keys, OS update policies, and security baselines
• Implement content caching and update optimization strategies
• Integrate macOS enrollment with SSO providers (Okta, Azure AD, Google Workspace)
• Manage local admin rights and privilege elevation workflows
• Support conditional access and compliance reporting
• Partner with Security to implement CIS benchmarks and endpoint protection tools

Requirements:

• 7+ years managing macOS in enterprise environments
• Experience deploying and managing 500+ macOS devices (1,000+ preferred)
• Deep knowledge of: Apple Business Manager & Automated Device Enrollment, macOS security model (FileVault, SecureToken, bootstrap token) and MDM platforms (Iru/Kandji, Jamf Pro, Mosyle, Intune)
• Scripting skills (bash, zsh, Python) would be an advantage
• Experience integrating macOS with enterprise identity providers
• Experience in regulated environments (SOC 2, HIPAA, ISO 27001)
• Familiarity with EDR tools and compliance frameworks
• Apple certifications (ACSP, ACTC) or equivalent practical experience