MDM Engineer - Mountain View, California, United States - 11010 - RGP

About This Role

The macOS Device Management Engineer ensures Macs operate securely, reliably, and seamlessly across the organization. They architect and manage the enterprise macOS platform—designing the tools, workflows, and automations that support the full device lifecycle from deployment through retirement. Success in this role means a high‑quality user experience, strong security posture, and scalable, automated Mac operations.

This is a fully remote project

What You Will Work On

Build and administer the organization’s enterprise macOS management platform—using tools such as Iru (formerly Kandji) or Jamf Pro to ensure all devices meet security, compliance, and operational standards.
Design, implement, and maintain automated policies and workflows for application deployment, system configuration, OS updates, and remediation, ensuring a consistent, secure, and easily managed Mac environment at scale.
Ensure seamless Microsoft 365 access on macOS environments, even when Intune is not the primary MDM. Integrate macOS with Entra ID to provide secure authentication, meet Conditional Access requirements, and leverage Intune compliance signals where appropriate.
Deploy, update, and support Office applications through Iru (Kandji) or Jamf, maintaining a smooth, low‑friction experience for end users.
Create secure, standardized enrollment workflows for both company‑owned and vendor‑owned Macs using Apple Business Manager and Automated Device Enrollment, ensuring full compliance and organizational control across all ownership scenarios.
Implement risk‑based security policies to protect the organization from unmanaged or third‑party device exposure while still enabling business flexibility.
Integrate macOS login experiences with identity platforms such as Entra ID or Okta using Kandji Passport or Jamf Connect to maintain seamless credential sync and platform SSO functionality.
Establish controlled privilege‑elevation workflows, including approval-based, time‑limited admin access with full activity logging and automated privilege removal.
Package and deploy applications efficiently, including notarization, code signing, AutoPkg workflows, testing rings, phased rollouts, and rollback procedures. Maintain SLAs and turnaround times for standard and advanced packages, publishing them via Self Service with complete metadata and documentation.
Engineer and manage enterprise-wide print infrastructure, including drivers, AirPrint/IPP support, print queue configuration, and location-based assignment, resolving complex compatibility issues across diverse hardware fleets.
Align macOS security posture to enterprise and industry standards, including FileVault with key escrow, Gatekeeper, system/kernel extension governance, and CIS-aligned configuration baselines. Implement telemetry, compliance checks, and automated remediation while coordinating with Security Operations for detection and response activities.
Lead L3 macOS platform escalations, troubleshoot complex OS, hardware, identity, or configuration issues, and oversee OS upgrades, patching, and the full device lifecycle from onboarding to offboarding.
Maintain accurate documentation, including runbooks, knowledge articles, and operational workflows to support scalable, consistent macOS platform management.

What You Will Bring

Apple certifications (Device Support / Deployment) and/or CompTIA Security+.
Experience with identity integrations (Entra ID/Okta) and Kandji Passport or Jamf Connect for login/Platform SSO style experiences.
macOS security hardening (e.g., CIS benchmarks, zero trust alignment) and cross platform policy parity with Windows/Intune.
Familiarity with AutoPkg, CI/CD for packaging, and phased deployment practices.
8+ years of experience managing macOS at scale within enterprise environments.
• Advanced, hands on expertise with Iru (formerly Kandji) and/or Jamf Pro, including proven use of Apple Business Manager and Automated Device Enrollment for zero touch provisioning.
Demonstrated ability to deliver an exceptional Microsoft 365 experience on macOS without relying on Intune as the primary MDM, coordinating Entra ID Conditional Access, app controls, and compliance requirements.
Strong proficiency with dynamic group logic, policy enforcement, and automated configuration/remediation workflows.
Experience designing vendor and third party device enrollment flows that maintain corporate governance and minimize security risk.
Scripting capability with bash/zsh and basic Python, including packaging and deployment automation.
Expertise in enterprise printer fleet management (drivers, AirPrint/IPP, queue architecture) and resolving complex driver/compatibility issues.
Strong troubleshooting skills across identity, networking, profiles, application layers, and platform level macOS issues.

What You Can Expect

An inspirational place for you to do your best work, be engaged in meaningful ways, and continually develop the skills, competencies and qualities that set our team apart. 
Compensation commensurate with your qualifications, experience, and other factors including geographic location, market and operational factors. 
Total Rewards include: Medical, Dental, Vision, Life Insurance, Disability Insurance, 401(k) Savings Plan, Employee Stock Purchase Plan, Professional Development Program, Paid Time Off and Paid Sick Time (in geographies where legally required).

What We Do

At RGP, we're creating a future where businesses produce their best work without constraints. We've built a global network of over 2,600 experts across four regions, providing a comprehensive suite of solutions across on-demand talent, next-generation consulting, and outsourced services to support organizations at every stage of their growth journey. Trusted by Fortune 100 companies and emerging disruptors alike, we challenge conventional ways of working, drive growth, and pave the way for long-term success through bold innovation and fearless collaboration.

Our values guide everything we do and strengthen our commitment to people. By combining smart processes, human-centered design, and advanced technology, we celebrate our team's excellence and ensure we grow together. We believe in the power of continuous learning and development to drive both individual and organizational success. It’s time to rethink how work gets done. Dare to Work Differently® with RGP.

RGP is proud to be an Equal Opportunity Employer and committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, national origin, gender, pregnancy, sexual orientation, gender identity, age, physical or mental disability, genetic information, veteran status, or any other legally protected trait and encourage all applicants to apply. 