Hi,
I hope you are doing well.
Please let me know if you are looking for a job change and interested in the below position
Additional Job Information: Title: Intune Admin Position Type: Contract
Location: Downers Grove, IL
Description:
Interview: Video
This is onsite from day-1
Description :
Position: Mac Endpoint Engineer (macOS + Intune) Overview: Onsite contract role (6+ months, possible extension) for a proactive engineer ready to shape macOS in a Microsoft-centric enterprise. Client is elevating macOS to first-class status and needs a hands-on Mac Endpoint Engineer to build and harden a modern Intune-managed macOS environment. You will deliver zero-touch enrollment, seamless Platform SSO (PSSO) first sign-in, large-scale macOS app packaging, configuration, compliance, automation, and a strong security posture with a goal of achieving 1:1 parity with Windows devices.
Key Responsibilities
- Design/operate zero-touch enrollment with ABM + ADE (PreStage through post-enrollment fixes).
- Build a consistent first sign-in experience using PSSO + Intune.
- Improve enrollment flows, bootstrap content, and post-enrollment automations.
- Lead macOS app packaging for Intune (PKG/DMG + pre/post scripts, detection rules, dependencies, retries, uninstall logic).
- Create a scalable third-party app deployment model with staged rings, rollback plans, and change control.
- Collaborate with Packaging/QA on versioning, testing, and release notes.
- Manage Intune baseline configs & compliance policies; suggest UX/reliability improvements.
- Enforce CIS macOS benchmark controls (macOS 26+); own configuration/enforcement, partner with InfoSec.
- Integrate/support: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, GlobalProtect ZTNA.
- Automate via scripting (bash/zsh/Python; PowerShell for Graph) provisioning, remediations, health checks, reporting.
- Deliver actionable Intune dashboard metrics (enrollment success, sign-in time, compliance drift, packaging SLAs).
- Write KB articles/how-tos; transfer knowledge to Support; provide occasional Tier 3 guidance (no on-call).
- Partner with Identity, Security, Networking, and Support to prepare for go-live and scale across US users.
- Contribute to standards, guardrails, and SOPs for long-term stability.
Environment MDM: Microsoft Intune only (no Jamf/Kandji). Minimum: macOS 26 (Tahoe). Stack: Entra ID, Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect. Standards: CIS macOS benchmark (InfoSec sets policy; you implement/operate). Tools: ABM + ADE in place; Intune for compliance & reporting.
Required Qualifications
- 3 5+ years enterprise macOS MDM (Intune preferred).
- Strong Intune macOS packaging expertise (PKG/DMG, scripts, detection, rings, rollback).
- Hands-on ADE zero-touch + PSSO implementation.
- Scripting: bash/zsh/Python (PowerShell/Graph as needed).
- Experience enforcing CIS controls via Intune profiles/policies.
- Familiarity with Defender, CrowdStrike, CyberArk EPM, Qualys, and GlobalProtect.
- Excellent documentation & knowledge-transfer skills.
Preferred
- Self-healing remediations / drift correction.
- iOS/iPadOS in Intune (bonus).
- Entra ID Conditional Access for macOS.
- Current Apple management trends (PSSO, macOS security/privacy).
Success Looks Like
- Reliable zero-touch from unbox to desktop.
- Fast, frictionless PSSO sign-in.
- Scalable packaging/patching with SLAs, rings, and rollback.
Trusted CIS-aligned posture with clear Intune dashboards
Thanks & Regards,
Anikat Kumar
Sr. Technical Recruiter
ShiftCode Analytics Inc.
Email:
Address :
Never miss an opportunity! Create an alert based on the job you applied for.
