Senior Endpoint Engineer - Jamf

Senior Endpoint Engineer — JAMF

Endpoint Management | IT End User Services

We are seeking a highly skilled Senior Endpoint & JAMF Engineer to join our global Endpoint Management / End User Services team. This role combines broad expertise in managing cross-platform endpoints (macOS, Windows, Ubuntu, iOS, Android) with deep specialization in JAMF and Apple macOS device management.

You will design, deploy, and maintain enterprise-scale endpoint solutions, ensuring optimal performance, security, and user experience across 10,000+ devices worldwide. As a trusted subject matter expert, you will drive automation, AI-powered workflows, compliance, and integration initiatives, collaborating with Security, Identity, and Infrastructure teams to deliver secure, scalable, and user-centric endpoint environments at global scale.

Key Responsibilities

• Endpoint Engineering & Management
• Manage enterprise MDM platforms including JAMF Pro, Microsoft Intune, Autopilot, Entra ID, and Active Directory.
• Lead endpoint patching strategies for OS and third-party applications, minimizing downtime while ensuring compliance.
• Champion ITIL-aligned process improvement, embedding AI and agentic automation to drive continuous operational efficiency.
• Serve as a subject matter expert during audits, incident response, and vulnerability remediation exercises.
• JAMF & Apple Ecosystem
• Architect, deploy, and administer JAMF Pro across a complex enterprise environment of 3,000+ macOS endpoints.
• Build automated workflows for device provisioning, application deployment, patch management, and compliance reporting.
• Develop and maintain scripts in Bash, Python, AppleScript, and PowerShell to extend and automate JAMF functionality.
• Manage JAMF configuration profiles, policies, smart groups, and operational dashboards.
• Partner with Security to enforce FileVault encryption, CIS benchmark hardening, and Zero Trust policy controls.
• Maintain Apple Business Manager (ABM/DEP), VPP licensing, APNs certificates, and MDM enrollment pipelines.
• AI, Agents & Endpoint Automation
• Design and deploy AI-assisted endpoint automation pipelines to reduce manual operational overhead and accelerate response times.
• Build and maintain autonomous agents (LangChain, AutoGen, or custom LLM integrations) to handle routine endpoint tasks including compliance checks, self-healing workflows, and incident triage.
• Integrate LLM APIs into endpoint tooling for natural-language policy authoring, log analysis, and intelligent alert summarization.
• Develop event-driven automation using JAMF Pro webhooks, Microsoft Power Automate, or custom Python/API pipelines to trigger remediation workflows without manual intervention.
• Evaluate and adopt AIOps platforms to predict device health issues, proactively surface compliance drift, and optimize patch scheduling.
• Define an AI automation roadmap for endpoint operations, establishing governance, testing, and rollback standards for agentic workflows.
• Continuously assess emerging AI tooling and agent frameworks for applicability to endpoint management use cases.
• Security & Compliance
• Integrate endpoint tooling with SIEM and SOAR platforms for proactive threat monitoring and automated incident response.
• Design and enforce Conditional Access policies, identity frameworks, and data loss prevention controls.
• Ensure endpoint posture meets regulatory requirements including GDPR, HIPAA, and PCI-DSS.
• Participate in Zero Trust architecture reviews, risk assessments, and compliance audits.
• Implement and validate encryption standards across platforms (BitLocker for Windows, FileVault for macOS).
• Collaboration & Leadership
• Mentor junior engineers through knowledge sharing, code reviews, and coaching, including upskilling the team on AI-assisted and agentic operations.
• Serve as the escalation point for complex endpoint and macOS issues across global teams.
• Partner with Security, Networking, and Identity teams to integrate MDM platforms with tools such as Okta and AWS VDI.
• Produce and maintain technical documentation, architecture decision records, and end-user guides.
• Strong communication skills for both technical and non-technical audiences; able to clearly convey complex concepts to stakeholders at all levels.

Expected Outcomes

• Maintain endpoint compliance of 95%+ across all managed platforms.
• Reduce provisioning and onboarding time through streamlined automation and self-service workflows.
• Deliver measurable improvements in endpoint security posture and end-user satisfaction scores.
• Reduce manual endpoint management tasks through scripting, automation, and agentic AI workflows.
• Align endpoint strategies with organizational goals and evolving industry best practices.

Required Qualifications & Experience

• Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent professional experience.
• 5+ years of IT experience with at least 3 years in endpoint engineering or EUC roles.
• Demonstrated expertise managing large-scale endpoint environments (10,000+ devices).
• JAMF 400 Certification (JAMF Certified Expert) or equivalent expert-level hands-on experience.
• Proficiency in scripting: Bash, Python, AppleScript, and PowerShell.
• Deep knowledge of the Apple ecosystem: ABM/DEP, VPP, MDM protocol, APNs.
• Strong understanding of endpoint compliance, encryption (BitLocker, FileVault), and Zero Trust frameworks.
• Experience with vulnerability remediation, patch lifecycle management, and endpoint security tooling.
• Excellent written and verbal communication and cross-team collaboration skills.
• Available to work until 1:00 PM EST.

Preferred Qualifications

• Experience working in regulated industries such as finance, healthcare, or government.
• Hands-on experience with AWS VDI image creation and deployment pipelines.
• Familiarity with modern identity and access management frameworks (Zero Trust, Conditional Access, Okta).
• Practical experience building AI agents or LLM-integrated workflows (LangChain, AutoGen, Claude, OpenAI API, or similar).
• Understanding of prompt engineering, retrieval-augmented generation (RAG), or fine-tuning for IT operations use cases.