Key skills
PythonBashEntra IDOktaSSOCI/CDZero Trust
About this role
RGP is a global network of experts providing innovative solutions to businesses. The macOS Device Management Engineer is responsible for ensuring the secure and reliable operation of Macs across the organization, managing the enterprise macOS platform, and implementing automated workflows for device lifecycle management.
Responsibilities:
- Build and administer the organization’s enterprise macOS management platform—using tools such as Iru (formerly Kandji) or Jamf Pro to ensure all devices meet security, compliance, and operational standards
- Design, implement, and maintain automated policies and workflows for application deployment, system configuration, OS updates, and remediation, ensuring a consistent, secure, and easily managed Mac environment at scale
- Ensure seamless Microsoft 365 access on macOS environments, even when Intune is not the primary MDM. Integrate macOS with Entra ID to provide secure authentication, meet Conditional Access requirements, and leverage Intune compliance signals where appropriate
- Deploy, update, and support Office applications through Iru (Kandji) or Jamf, maintaining a smooth, low‑friction experience for end users
- Create secure, standardized enrollment workflows for both company‑owned and vendor‑owned Macs using Apple Business Manager and Automated Device Enrollment, ensuring full compliance and organizational control across all ownership scenarios
- Implement risk‑based security policies to protect the organization from unmanaged or third‑party device exposure while still enabling business flexibility
- Integrate macOS login experiences with identity platforms such as Entra ID or Okta using Kandji Passport or Jamf Connect to maintain seamless credential sync and platform SSO functionality
- Establish controlled privilege‑elevation workflows, including approval-based, time‑limited admin access with full activity logging and automated privilege removal
- Package and deploy applications efficiently, including notarization, code signing, AutoPkg workflows, testing rings, phased rollouts, and rollback procedures. Maintain SLAs and turnaround times for standard and advanced packages, publishing them via Self Service with complete metadata and documentation
- Engineer and manage enterprise-wide print infrastructure, including drivers, AirPrint/IPP support, print queue configuration, and location-based assignment, resolving complex compatibility issues across diverse hardware fleets
- Align macOS security posture to enterprise and industry standards, including FileVault with key escrow, Gatekeeper, system/kernel extension governance, and CIS-aligned configuration baselines. Implement telemetry, compliance checks, and automated remediation while coordinating with Security Operations for detection and response activities
- Lead L3 macOS platform escalations, troubleshoot complex OS, hardware, identity, or configuration issues, and oversee OS upgrades, patching, and the full device lifecycle from onboarding to offboarding
- Maintain accurate documentation, including runbooks, knowledge articles, and operational workflows to support scalable, consistent macOS platform management
Requirements:
- Apple certifications (Device Support / Deployment) and/or CompTIA Security+
- Experience with identity integrations (Entra ID/Okta) and Kandji Passport or Jamf Connect for login/Platform SSO style experiences
- macOS security hardening (e.g., CIS benchmarks, zero trust alignment) and cross platform policy parity with Windows/Intune
- Familiarity with AutoPkg, CI/CD for packaging, and phased deployment practices
- 8+ years of experience managing macOS at scale within enterprise environments
- Advanced, hands on expertise with Iru (formerly Kandji) and/or Jamf Pro, including proven use of Apple Business Manager and Automated Device Enrollment for zero touch provisioning
- Demonstrated ability to deliver an exceptional Microsoft 365 experience on macOS without relying on Intune as the primary MDM, coordinating Entra ID Conditional Access, app controls, and compliance requirements
- Strong proficiency with dynamic group logic, policy enforcement, and automated configuration/remediation workflows
- Experience designing vendor and third party device enrollment flows that maintain corporate governance and minimize security risk
- Scripting capability with bash/zsh and basic Python, including packaging and deployment automation
- Expertise in enterprise printer fleet management (drivers, AirPrint/IPP, queue architecture) and resolving complex driver/compatibility issues
- Strong troubleshooting skills across identity, networking, profiles, application layers, and platform level macOS issues