Holistic Partners, Inc
Mac OS Engineer
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Mac OS Engineer in Downers Grove, IL, for 6+ months at a W2 pay rate. Requires 3–5 years of macOS MDM management, app packaging expertise, scripting skills, and familiarity with enterprise security tools.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
Unknown
-
🗓️ - Date
February 10, 2026
🕒 - Duration
More than 6 months
-
🏝️ - Location
On-site
-
📄 - Contract
W2 Contractor
-
🔒 - Security
Unknown
-
📍 - Location detailed
Downers Grove, IL
-
🧠 - Skills detailed
#Base #Automation #Scripting #Defender #Observability #Compliance #Python #iOS #Documentation #Security #MDM (Master Data Management) #Bash
Role description
Job Title: Mac OS Engineer (MDM/Intune/ADE)(1)
Location: Downers Grove, IL (onsite)
Duration: 6+ Months
Interview Process: Video
Tax Terms: W2 Only,Own Corp Applicants,Open to Sub Vendors,
Visa: U.S. Citizens, Green Card Holders, and those authorized to work in the U.S. for any employer will be considered
Job Description:
Required Qualifications:
• 3–5 years of enterprise macOS MDM management (e.g., Intune, Jamf, or other Apple focused MDMs).
• Demonstrated expertise in macOS app packaging for Intune (PKG/DMG, scripts, detection/uninstall logic, rings, rollback).
• Strong zero touch/ADE experience and hands on PSSO implementation for first sign in.
• Practical scripting for macOS engineering (bash/zsh/Python/PowerShell for Graph as applicable).
• Proven experience enforcing controls aligned to CIS macOS with Intune configuration/compliance policies.
• Familiarity with enterprise security agents and posture tooling: Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
• Excellent documentation skills; ability to produce KB/how tos and perform knowledge transfer to Support.
Preferred Qualifications:
• Experience building repeatable, self healing remediations (post enrollment, drift correction, telemetry driven fixes).
• iOS/iPadOS management exposure (Intune/ABM/VPP)—bonus only; role remains macOS focused.
• Familiarity with Conditional Access integrations for macOS via Entra ID.
• Awareness of Apple management trends (e.g., evolving PSSO support, modern macOS security/privacy controls).
JD:
We’re expanding macOS as a first class platform and looking for a Mac Endpoint Engineer to build and harden a modern, Intune managed Mac environment. You’ll deliver zero touch enrollment and a consistent, repeatable first sign in experience with Platform SSO (PSSO), and lead macOS application packaging for Intune at scale. This is a hands on engineering role focused on stability, repeatability, and future ready automation.
What you’ll do (Key Responsibilities):
Zero touch onboarding & first sign in
• Design, standardize, and operate zero touch enrollment with Apple Business Manager (ABM) + Automated Device Enrollment (ADE)—from PreStage to post enrollment remediations.
• Establish a predictable first sign in flow leveraging PSSO and Intune so every new Mac enrolls, configures, and signs in the same way every time.
• Continuously identify improvements to enrollment flows, bootstrap content, and post enrollment automations.
macOS application packaging for Intune:
• Lead macOS packaging for Intune (PKG/DMG with pre/post install scripts), including detection rules, dependencies, retries, and uninstallers.
• Build a sustainable approach for third party apps at scale (staged rings, rollback plans, and change control).
• Partner with App Packaging and QA to standardize versioning, testing, and release notes.
Configuration, compliance & security posture:
• Operate within established baseline configuration and compliance policies in Intune; propose optimizations where they improve reliability or user experience.
• Implement and maintain controls aligned to the CIS benchmark for macOS; partner with InfoSec (policy owners) while owning configuration and enforcement.
• Integrate and support endpoint/security agents and posture: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, and GlobalProtect ZTNA.
Automation, observability & documentation:
• Use scripting (choose the right tool for macOS—e.g., bash/zsh/Python/PowerShell for Graph) to automate provisioning, remediations, health checks, and reporting.
• Leverage Intune compliance dashboards to publish actionable metrics (enrollment success, first sign in duration, compliance drift, packaging SLA).
• Produce clear KB/how to articles and contribute to knowledge transfer with Support Services; provide periodic Tier 3 guidance (no on call).
Collaboration & scale up:
• Work with Identity, Security, Networking, and Support to ready the platform for go live and scale beyond the initial fleet.
• Provide feedback on standards, guardrails, and SOPs to ensure stability as adoption grows across the US user base.
Job Title: Mac OS Engineer (MDM/Intune/ADE)(1)
Location: Downers Grove, IL (onsite)
Duration: 6+ Months
Interview Process: Video
Tax Terms: W2 Only,Own Corp Applicants,Open to Sub Vendors,
Visa: U.S. Citizens, Green Card Holders, and those authorized to work in the U.S. for any employer will be considered
Job Description:
Required Qualifications:
• 3–5 years of enterprise macOS MDM management (e.g., Intune, Jamf, or other Apple focused MDMs).
• Demonstrated expertise in macOS app packaging for Intune (PKG/DMG, scripts, detection/uninstall logic, rings, rollback).
• Strong zero touch/ADE experience and hands on PSSO implementation for first sign in.
• Practical scripting for macOS engineering (bash/zsh/Python/PowerShell for Graph as applicable).
• Proven experience enforcing controls aligned to CIS macOS with Intune configuration/compliance policies.
• Familiarity with enterprise security agents and posture tooling: Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
• Excellent documentation skills; ability to produce KB/how tos and perform knowledge transfer to Support.
Preferred Qualifications:
• Experience building repeatable, self healing remediations (post enrollment, drift correction, telemetry driven fixes).
• iOS/iPadOS management exposure (Intune/ABM/VPP)—bonus only; role remains macOS focused.
• Familiarity with Conditional Access integrations for macOS via Entra ID.
• Awareness of Apple management trends (e.g., evolving PSSO support, modern macOS security/privacy controls).
JD:
We’re expanding macOS as a first class platform and looking for a Mac Endpoint Engineer to build and harden a modern, Intune managed Mac environment. You’ll deliver zero touch enrollment and a consistent, repeatable first sign in experience with Platform SSO (PSSO), and lead macOS application packaging for Intune at scale. This is a hands on engineering role focused on stability, repeatability, and future ready automation.
What you’ll do (Key Responsibilities):
Zero touch onboarding & first sign in
• Design, standardize, and operate zero touch enrollment with Apple Business Manager (ABM) + Automated Device Enrollment (ADE)—from PreStage to post enrollment remediations.
• Establish a predictable first sign in flow leveraging PSSO and Intune so every new Mac enrolls, configures, and signs in the same way every time.
• Continuously identify improvements to enrollment flows, bootstrap content, and post enrollment automations.
macOS application packaging for Intune:
• Lead macOS packaging for Intune (PKG/DMG with pre/post install scripts), including detection rules, dependencies, retries, and uninstallers.
• Build a sustainable approach for third party apps at scale (staged rings, rollback plans, and change control).
• Partner with App Packaging and QA to standardize versioning, testing, and release notes.
Configuration, compliance & security posture:
• Operate within established baseline configuration and compliance policies in Intune; propose optimizations where they improve reliability or user experience.
• Implement and maintain controls aligned to the CIS benchmark for macOS; partner with InfoSec (policy owners) while owning configuration and enforcement.
• Integrate and support endpoint/security agents and posture: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, and GlobalProtect ZTNA.
Automation, observability & documentation:
• Use scripting (choose the right tool for macOS—e.g., bash/zsh/Python/PowerShell for Graph) to automate provisioning, remediations, health checks, and reporting.
• Leverage Intune compliance dashboards to publish actionable metrics (enrollment success, first sign in duration, compliance drift, packaging SLA).
• Produce clear KB/how to articles and contribute to knowledge transfer with Support Services; provide periodic Tier 3 guidance (no on call).
Collaboration & scale up:
• Work with Identity, Security, Networking, and Support to ready the platform for go live and scale beyond the initial fleet.
• Provide feedback on standards, guardrails, and SOPs to ensure stability as adoption grows across the US user base.
