Largeton Group
Mac Endpoint Engineer (macOS + Intune)
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Mac Endpoint Engineer (macOS + Intune) with a contract length of 6+ months, onsite. Pay rate is competitive. Requires 3–5+ years in enterprise macOS MDM (Intune preferred) and strong scripting skills (bash/zsh/Python).
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
480
-
🗓️ - Date
March 14, 2026
🕒 - Duration
More than 6 months
-
🏝️ - Location
On-site
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
Downers Grove, IL
-
🧠 - Skills detailed
#Deployment #Compliance #iOS #Bash #Documentation #Scripting #Defender #Security #Python #MDM (Master Data Management) #Automation #Scala
Role description
Position: Mac Endpoint Engineer (macOS + Intune)
Overview
Onsite contract role (6+ months, possible extension) for a proactive engineer ready to shape macOS in a Microsoft-centric enterprise. Client is elevating macOS to first-class status and needs a hands-on Mac Endpoint Engineer to build and harden a modern Intune-managed macOS environment. You will deliver zero-touch enrollment, seamless Platform SSO (PSSO) first sign-in, large-scale macOS app packaging, configuration, compliance, automation, and a strong security posture with a goal of achieving 1:1 parity with Windows devices.
Key Responsibilities
• Design/operate zero-touch enrollment with ABM + ADE (PreStage through post-enrollment fixes).
• Build a consistent first sign-in experience using PSSO + Intune.
• Improve enrollment flows, bootstrap content, and post-enrollment automations.
• Lead macOS app packaging for Intune (PKG/DMG + pre/post scripts, detection rules, dependencies, retries, uninstall logic).
• Create a scalable third-party app deployment model with staged rings, rollback plans, and change control.
• Collaborate with Packaging/QA on versioning, testing, and release notes.
• Manage Intune baseline configs & compliance policies; suggest UX/reliability improvements.
• Enforce CIS macOS benchmark controls (macOS 26+); own configuration/enforcement, partner with InfoSec.
• Integrate/support: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, GlobalProtect ZTNA.
• Automate via scripting (bash/zsh/Python; PowerShell for Graph) – provisioning, remediations, health checks, reporting.
• Deliver actionable Intune dashboard metrics (enrollment success, sign-in time, compliance drift, packaging SLAs).
• Write KB articles/how-tos; transfer knowledge to Support; provide occasional Tier 3 guidance (no on-call).
• Partner with Identity, Security, Networking, and Support to prepare for go-live and scale across US users.
• Contribute to standards, guardrails, and SOPs for long-term stability.
Environment
MDM: Microsoft Intune only (no Jamf/Kandji).
Minimum: macOS 26 (Tahoe).
Stack: Entra ID, Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
Standards: CIS macOS benchmark (InfoSec sets policy; you implement/operate).
Tools: ABM + ADE in place; Intune for compliance & reporting.
Required Qualifications
• 3–5+ years enterprise macOS MDM (Intune preferred).
• Strong Intune macOS packaging expertise (PKG/DMG, scripts, detection, rings, rollback).
• Hands-on ADE zero-touch + PSSO implementation.
• Scripting: bash/zsh/Python (PowerShell/Graph as needed).
• Experience enforcing CIS controls via Intune profiles/policies.
• Familiarity with Defender, CrowdStrike, CyberArk EPM, Qualys, and GlobalProtect.
• Excellent documentation & knowledge-transfer skills.
Preferred
• Self-healing remediations / drift correction.
• iOS/iPadOS in Intune (bonus).
• Entra ID Conditional Access for macOS.
• Current Apple management trends (PSSO, macOS security/privacy).
Success Looks Like
• Reliable zero-touch from unbox to desktop.
• Fast, frictionless PSSO sign-in.
• Scalable packaging/patching with SLAs, rings, and rollback.
• Trusted CIS-aligned posture with clear Intune dashboards.
Position: Mac Endpoint Engineer (macOS + Intune)
Overview
Onsite contract role (6+ months, possible extension) for a proactive engineer ready to shape macOS in a Microsoft-centric enterprise. Client is elevating macOS to first-class status and needs a hands-on Mac Endpoint Engineer to build and harden a modern Intune-managed macOS environment. You will deliver zero-touch enrollment, seamless Platform SSO (PSSO) first sign-in, large-scale macOS app packaging, configuration, compliance, automation, and a strong security posture with a goal of achieving 1:1 parity with Windows devices.
Key Responsibilities
• Design/operate zero-touch enrollment with ABM + ADE (PreStage through post-enrollment fixes).
• Build a consistent first sign-in experience using PSSO + Intune.
• Improve enrollment flows, bootstrap content, and post-enrollment automations.
• Lead macOS app packaging for Intune (PKG/DMG + pre/post scripts, detection rules, dependencies, retries, uninstall logic).
• Create a scalable third-party app deployment model with staged rings, rollback plans, and change control.
• Collaborate with Packaging/QA on versioning, testing, and release notes.
• Manage Intune baseline configs & compliance policies; suggest UX/reliability improvements.
• Enforce CIS macOS benchmark controls (macOS 26+); own configuration/enforcement, partner with InfoSec.
• Integrate/support: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, GlobalProtect ZTNA.
• Automate via scripting (bash/zsh/Python; PowerShell for Graph) – provisioning, remediations, health checks, reporting.
• Deliver actionable Intune dashboard metrics (enrollment success, sign-in time, compliance drift, packaging SLAs).
• Write KB articles/how-tos; transfer knowledge to Support; provide occasional Tier 3 guidance (no on-call).
• Partner with Identity, Security, Networking, and Support to prepare for go-live and scale across US users.
• Contribute to standards, guardrails, and SOPs for long-term stability.
Environment
MDM: Microsoft Intune only (no Jamf/Kandji).
Minimum: macOS 26 (Tahoe).
Stack: Entra ID, Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
Standards: CIS macOS benchmark (InfoSec sets policy; you implement/operate).
Tools: ABM + ADE in place; Intune for compliance & reporting.
Required Qualifications
• 3–5+ years enterprise macOS MDM (Intune preferred).
• Strong Intune macOS packaging expertise (PKG/DMG, scripts, detection, rings, rollback).
• Hands-on ADE zero-touch + PSSO implementation.
• Scripting: bash/zsh/Python (PowerShell/Graph as needed).
• Experience enforcing CIS controls via Intune profiles/policies.
• Familiarity with Defender, CrowdStrike, CyberArk EPM, Qualys, and GlobalProtect.
• Excellent documentation & knowledge-transfer skills.
Preferred
• Self-healing remediations / drift correction.
• iOS/iPadOS in Intune (bonus).
• Entra ID Conditional Access for macOS.
• Current Apple management trends (PSSO, macOS security/privacy).
Success Looks Like
• Reliable zero-touch from unbox to desktop.
• Fast, frictionless PSSO sign-in.
• Scalable packaging/patching with SLAs, rings, and rollback.
• Trusted CIS-aligned posture with clear Intune dashboards.
