Senior Endpoint Engineer – Jamf

This is a fully remote position, open to applicants in India.

📋 Description

• Design, configure, and enhance endpoint environments across Windows, macOS, Ubuntu, iOS, and Android platforms.

• Oversee enterprise MDM platforms including JAMF Pro, Microsoft Intune, Autopilot, Entra ID, and Active Directory.

• Spearhead endpoint patching strategies for OS and third-party applications, minimizing downtime while ensuring adherence to compliance standards.

• Advocate for ITIL-aligned process enhancements, incorporating AI and agentic automation to promote ongoing operational efficiency.

• Act as a subject matter expert during audits, incident responses, and vulnerability remediation efforts.

• Design, implement, and manage JAMF Pro across a complex enterprise environment with over 3,000 macOS endpoints.

• Create automated workflows for device provisioning, application deployment, patch management, and compliance reporting.

• Develop and sustain scripts in Bash, Python, AppleScript, and PowerShell to extend and automate JAMF capabilities.

• Oversee JAMF configuration profiles, policies, smart groups, and operational dashboards.

• Collaborate with Security to enforce FileVault encryption, implement CIS benchmark hardening, and apply Zero Trust policy controls.

• Maintain Apple Business Manager (ABM/DEP), VPP licensing, APNs certificates, and MDM enrollment processes.

• Design and implement AI-assisted endpoint automation pipelines to minimize manual operational tasks and enhance response times.

• Build and maintain autonomous agents (LangChain, AutoGen, or custom LLM integrations) to manage routine endpoint tasks including compliance checks, self-healing workflows, and incident triage.

• Integrate LLM APIs into endpoint tools for natural-language policy creation, log analysis, and intelligent alert summarization.

• Develop event-driven automation utilizing JAMF Pro webhooks, Microsoft Power Automate, or custom Python/API pipelines to initiate remediation workflows without manual input.

• Assess and adopt AIOps platforms to forecast device health issues, proactively identify compliance drift, and optimize patch scheduling.

• Establish an AI automation roadmap for endpoint operations, setting governance, testing, and rollback standards for agentic workflows.

• Regularly evaluate emerging AI tools and agent frameworks for relevance to endpoint management scenarios.

• Integrate endpoint tools with SIEM and SOAR platforms for proactive threat surveillance and automated incident response.

• Design and implement Conditional Access policies, identity frameworks, and data loss prevention measures.

• Ensure endpoint posture complies with regulations including GDPR, HIPAA, and PCI-DSS.

• Engage in Zero Trust architecture evaluations, risk assessments, and compliance audits.

• Implement and verify encryption standards across platforms (BitLocker for Windows, FileVault for macOS).

• Mentor junior engineers through knowledge sharing, code evaluations, and coaching, including enhancing the team's skills on AI-assisted and agentic operations.

• Serve as the point of escalation for complex endpoint and macOS challenges across global teams.

• Collaborate with Security, Networking, and Identity teams to integrate MDM platforms with tools like Okta and AWS VDI.

• Produce and maintain technical documentation, architecture decision records, and end-user manuals.

• Exhibit strong communication abilities for both technical and non-technical audiences, effectively conveying complex concepts to stakeholders at all levels.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent professional experience.

• Over 5 years of IT experience, including at least 3 years in endpoint engineering or EUC roles.

• Proven expertise in managing large-scale endpoint environments (10,000+ devices).

• JAMF 400 Certification (JAMF Certified Expert) or equivalent expert-level practical experience.

• Proficient in scripting languages: Bash, Python, AppleScript, and PowerShell.

• Extensive knowledge of the Apple ecosystem: ABM/DEP, VPP, MDM protocol, APNs.

• Strong understanding of endpoint compliance, encryption (BitLocker, FileVault), and Zero Trust frameworks.

• Experience with vulnerability remediation, patch lifecycle management, and endpoint security tools.

• Exceptional written and verbal communication abilities and skills in cross-team collaboration.

• Available to work until 1:00 PM EST.

🏝️ Benefits

• Attractive benefits and perks akin to larger tech companies.

• Autonomy to make a significant impact on the organization and take ownership of your work.