GE AerospaceRemote
Staff Endpoint Lifecycle Operations Engineer
United States
Full Time
2 hours ago
$112,000 - $165,000 USD
No H1B
Key skills
macOS validationapplication packagingMDM policy orchestrationmacOS security configurationendpoint managementstakeholder managementtroubleshooting skillsoperational excellenceinnovationITSM expertiseSSOiOSAndroidServiceNowStakeholder ManagementZero TrustFirewall
About this role
GE Aerospace is seeking a Staff Endpoint Lifecycle Operations Engineer to join their Digital Workplace team. In this role, you will design, build, and implement macOS-based end-user devices while ensuring compliance and operational excellence in a regulated environment.
Responsibilities:
- Configure and manage Mac firmware/security settings (FileVault, Secure Boot, Activation Lock, Startup Security Utility) across supported Apple hardware
- Create, maintain, and optimize standard macOS baselines and configuration profiles (golden baseline via MDM, declarative management where applicable)
- Ensure hardware and macOS version compatibility across supported Mac models and Apple silicon/Intel platforms
- Plan and execute validation for new macOS releases, point updates, Rapid Security Responses, and security patches
- Perform compatibility testing for kernel/system extensions, login items, security tools, network agents, and core enterprise apps
- Document known issues, provide mitigations/workarounds, and record validation results and release decisions
- Package, notarize, and validate Mac applications for enterprise deployment (PKG/DMG), including pre/postinstall scripts and configuration profiles
- Maintain and update app packages, dependencies, entitlement considerations, and uninstall/remediation scripts
- Collaborate with stakeholders to define packaging standards, code-signing requirements, and phased deployment schedules
- Plan and implement macOS and application patching cycles using MDM policies, software update deferrals, and smart targeting
- Monitor patch compliance, investigate failures (update deferrals, disk space, power/state issues), and remediate at scale
- Partner with security teams to address CVEs, hardening baselines, and meet compliance targets and SLAs
- Serve as an escalation point for complex macOS endpoint incidents (network stack, kernel panics, FileVault, SSO, identity, certificates)
- Perform root cause analysis using system logs, profiles, and telemetry; implement durable fixes and prevention
- Provide technical guidance and runbooks to service desk and field support teams
- Create and maintain technical documentation, standard operating procedures, and knowledge base articles specific to macOS
- Identify automation opportunities (policy-as-code, packaging pipelines, remediation scripts) to streamline build, deployment, and patching
- Drive continuous improvement of Mac standards, tools, and service quality; benchmark against industry best practices
- Participate in the design, build, and rollout of macOS end-user devices aligned to organizational goals and compliance standards
- Maintain strong relationships with internal teams (e.g., Cyber and Security, Network, Identity) and external vendors to ensure effective, high-quality deployments
- Collaborate with Cyber and Security to develop and enforce robust macOS policies in regulated environments (e.g., GCC High-adjacent constraints, CMMC-aligned controls)
- Identify, maintain, and optimize the Mac endpoint service catalog; ensure accurate representation across ITSM toolsets
- Evolve the internal Mac product portfolio to deliver increased value to a global user base of 60,000+ employees
- Improve quality, delivery, and cost-effectiveness of macOS endpoint lifecycle operations in line with SQDC priorities
- Act as macOS SME to troubleshoot and resolve complex endpoint issues and service interactions (identity, certificates, SSO, VPN, security agents)
- Ensure macOS lifecycle operations meet regulatory requirements and GE Aerospace security standards (hardening baselines, encryption, identity posture)
- Maintain detailed documentation of macOS processes, policies, catalog items; report on operational metrics and performance
Requirements:
- Bachelor's degree from an accredited university or college with a minimum of 4 years of professional experience OR Associate's degree with a minimum of 7 years OR High School Diploma with a minimum of 9 years
- Minimum 2 years hands-on experience operating in regulated or restricted environments (e.g., GCC High-adjacent requirements) for endpoint devices, including macOS, with policy build and management tooling
- Strong understanding of CMMC-aligned compliance structures and the ability to build/deploy appropriate macOS policies and controls
- Minimum 3 years experience deploying enterprise endpoint management features at global scale (e.g., MDM policy orchestration, compliance, reporting)
- Practical hands-on experience integrating zero trust and security tooling (e.g., secure web gateways, identity, EDR) with macOS endpoints
- Minimum 2 years hands-on experience managing macOS and mobile devices via enterprise MDM
- Experience maintaining endpoint catalog attributes and device compliance/reporting in regulated environments
- Minimum 3 years professional experience in asset and catalog management
- Excellent understanding of end-user device technologies and operating systems (macOS, iOS, Windows, Android), and enterprise applications
- Experience with device management, configuration, and deployment in an enterprise environment
- Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
- Proven experience as a Mac Engineer, Desktop Engineer, Endpoint Engineer, or similar role in an enterprise environment
- Strong hands-on experience with: macOS deployment and validation (major/minor releases, Rapid Security Responses, feature updates)
- Application packaging for macOS (PKG/DMG), code signing, notarization, and deployment via MDM
- macOS patching strategies and compliance reporting; software update deferrals and enforcement
- macOS security configuration (FileVault, firewall, privacy/PPPC, system/logon items, system/kext/driver transitions)
- Good understanding of: macOS core components, Apple silicon considerations, and hardware/model compatibility
- Enterprise endpoint management concepts (device inventory, policy-based configuration, declarative management, automated remediation)
- Network and identity integration for macOS (802.1X, certificates, SSO, Kerberos/modern auth, VPN)
- Strong troubleshooting skills and ability to analyze logs, profiles, and performance issues (Console, sysdiagnose, MDM logs)
- Stakeholder Management: Ability to maintain strong relationships with internal teams and external vendors to ensure effective deployments
- Problem-Solving Skills: Expertise in troubleshooting and resolving complex macOS endpoint issues and service interactions
- Operational Excellence: Commitment to improving quality, delivery, and cost-effectiveness in alignment with SQDC
- Innovation and Continuous Improvement: Ability to identify and drive automation and process improvements across the macOS lifecycle
- Documentation and Reporting Skills: Ability to maintain detailed macOS documentation, policies, and service catalogs; provide regular metric reporting
- ITSM Expertise: Experience managing Digital Workplace services within ServiceNow or comparable ITSM platforms