Mac Endpoint Engineer - Grant Thornton
Description:
Position: Mac Endpoint Engineer ( macOS + Intune)
Duration: 6+ Month Contract (PTE)
Visa : No H1B and CPT
Need 2 references
Description:
We are elevating macOS to first-class status and need a hands- on Mac Endpoint Engineer to build and harden a modern Intune-managed macOS environment. You will deliver zero-touch enrollment, seamless Platform SSO (PSSO) first sign-in, large-scale macOS pp packaging, configuration, compliance, automation, and strong security posture. Goal: achieve 1:1 parity with Windows devices.
Key Responsibilities
Design/operate zero-touch enrollment with ABM + ADE (PreStage through post-enrollment fixes).
Build consistent first sign-in experience using PSSO + Intune.
Improve enrollment flows, bootstrap content, and post-enrollment automations.
Lead macOS pp packaging for Intune (PKG/DMG + pre/post scripts, detection rules, dependencies, retries, uninstall logic).
Create scalable third-party app deployment model with staged rings, rollback plans, change control.
Collaborate with Packaging/Q on versioning, testing, release notes.
Manage Intune baseline configs & compliance policies; suggest UX/reliability improvements.
Enforce CIS macOS benchmark controls ( macOS 26+); own configuration/enforcement, partner with InfoSec.
Integrate/support: Entra ID, Defender for Endpoint (DLP), CrowdStrike, CyberArk EPM, Qualys, GlobalProtect ZTNA.
Automate via scripting (bash/zsh/Python; PowerShell for Graph) - provisioning, remediations, health checks, reporting.
Deliver actionable Intune dashboard metrics (enrollment success, sign-in time, compliance drift, packaging SLAs).
Write KB articles/how-tos; transfer knowledge to Support; provide occasional Tier 3 guidance (no on -call).
Partner with Identity, Security, Networking, Support to prepare for go-live and scale across US users.
Contribute to standards, guardrails, SOPs for long-term stability. Environment
MDM: Microsoft Intune only (no Jamf/Kandji).
Minimum: macOS 26 (Tahoe).
Stack: Entra ID, Defender for Endpoint, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
Standards: CIS macOS benchmark (InfoSec sets policy; you implement/operate).
Tools: ABM + ADE in place; Intune for compliance & reporting.Required
Qualifications
3-5+ years enterprise macOS MDM (Intune preferred).
Strong Intune macOS packaging expertise (PKG/DMG, scripts, detection, rings, rollback).
Hands- on DE zero-touch + PSSO implementation.
Scripting: bash/zsh/Python (PowerShell/Graph as needed).
Experience enforcing CIS controls via Intune profiles/policies.
Familiarity with Defender, CrowdStrike, CyberArk EPM, Qualys, GlobalProtect.
Excellent documentation & knowledge-transfer skills. Preferred
Self-healing remediations / drift correction.
iOS/iPadOS in Intune (bonus).
Entra ID Conditional Access for macOS .
Current Apple management trends (PSSO, macOS security/privacy). Success Looks Like
Reliable zero-touch from unbox to desktop.
Fast, frictionless PSSO sign-in.
Scalable packaging/patching with SLAs, rings, rollback.
Trusted CIS-aligned posture with clear Intune dashboards. for a proactive engineer ready to shape macOS in a Microsoft-centric enterprise