What You'll Be Working On
- Administer and continuously improve Jamf and Microsoft Intune environments across all managed device types: macOS, Windows, iOS, and Android; maintain configuration profiles, compliance policies, app deployment packages, and OS update enforcement across all platforms.
- Build and maintain automated enrollment workflows including Apple Business Manager (ABM) and Windows Autopilot for zero-touch provisioning at scale.
- Own a structured patch management program with clear SLAs for OS and application updates across all device platforms.
- Define and enforce device compliance baselines aligned with Crusoe security standards and frameworks including CIS Benchmarks and SOC 2; integrate MDM telemetry with EDR and SIEM tooling for compliance drift visibility and proactive remediation.
- Partner with Security on device trust policies, Conditional Access enforcement, certificate-based authentication rollout (SCEP/PKCS), and network-level access control for certificate-based Wi-Fi and VPN authentication.
- Build and maintain scripts and automation in Bash, Python, or PowerShell to reduce manual IT workload; develop self-service tooling that puts routine fixes and software requests directly in employees’ hands.
- Own MDM runbooks, device policy documentation, and asset records; contribute to the standardization of enrollment workflows, naming conventions, and configuration baselines across all platforms.
- Serve as the MDM escalation point in the IT on-call rotation; partner with People Operations on seamless device provisioning and deprovisioning; mentor junior IT team members on endpoint management practices.
What You'll Bring to the Team
- Foundational Security Experience: Demonstrated experience with OSQuery and CrowdStrike (XDR/EDR) for endpoint visibility and threat detection.
- Identity & Access Management: Deep understanding of Okta (Device Trust/FastPass) and Entra ID (Conditional Access).
- MDM/Endpoint Management: 3–6 years of experience with Jamf/Kandji and Microsoft Intune (Autopilot, Compliance Policies, App Protection).
- Independent Engineering: A "Security-First" mindset and proven ability to drive R&D initiatives from planning through implementation independently, with a focus on automating security controls.
- Scripting & Automation: Proficiency in Bash, Python, or PowerShell for device policy automation, packaging, and remediation.
- Infrastructure Knowledge: Strong understanding of certificate infrastructure (SCEP, PKCS) and experience with Absolute for Windows persistence.
- Strong documentation habits, ownership mindset, and ability to communicate technical policies to non-technical stakeholders.
- Bachelor’s degree in IT, Computer Science, or equivalent practical experience.
- OSQuery and CrowdStrike expertise, demonstrable experience leveraging OSQuery for endpoint visibility and administering CrowdStrike for threat detection and response; these are foundational to our security visibility and enforcement strategy.
Bonus Points
- Jamf Pro administration experience: Smart Groups, configuration profiles, and Jamf Connect or equivalent SSO integration.
- Experience with Jamf Protect, Microsoft Defender for Endpoint, or equivalent EDR tooling.
- Familiarity with Linux endpoint management via Fleet, Puppet, or similar.
- Apple Certified Support Professional (ACSP) or equivalent MDM certification.
- Exposure to SIEM tooling and endpoint log pipelines.
- Experience at a high-growth technology company through a period of rapid headcount scaling.
Benefits
- Competitive compensation and equity packages
- Restricted Stock Units
- Paid time off, paid holidays & leave of absence programs
- Comprehensive health, dental & vision insurance
- Employer contributions to HSA account
- Paid parental leave
- Paid life insurance, short-term and long-term disability
- Professional development & tuition reimbursement
- Mental health & wellness support
- Commuter benefits (parking & transit)
- Cell phone stipend
- 401(k) Retirement plan with company match up to 4% of salary
- Volunteer time off
- Global travel insurance & emergency assistance
- Daily meals allowance
- Additional perks & programs specific to location
Compensation Range
Compensation will be paid in the range of up to $170,000 - $205,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.