Skip to main content
Back to jobs

Lead macOS Intune MDM/MAM Engineer

External
Evolution Cloud Services (EVOCS) logoEvolution Cloud (evocs) · Denver, CO
Full-timeOn-siteToday
AgileBashComplianceDocumentationEncryptionIncident Response
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Benefits

Vision insurance

Additional Information

EVOCS OVERVIEW EVOCS's journey began with a mission to empower businesses with advisory expertise, empowered with idealtechnologies to provide them with comprehensive solutions to grow and prosper. Founded by a team of passionate experts, EVOCS has grown into a trusted partner to a growing number of leaders across their respective industries. Our roots in employee-managed operations reflect our commitment to quality, consistency, and client success. If you enjoy working in a hyper-fast-growing company, are eager to be part of an agile team, and want to be part of our success story, then let's talk! 🎯 Role Overview We're looking for an experienced Lead macOS Intune Engineer to own Apple device management across our enterprise. You'll architect and drive the full lifecycle of macOS endpoints, from zero-touch provisioning through Apple Business Manager all the way to advanced security hardening with FileVault, Secure Enclave, and passwordless authentication. This is a high-impact individual contributor role sitting at the intersection of endpoint engineering, identity & access management, and security. You'll collaborate closely with our Identity, Security, and IT Support teams to ensure every Mac, corporate or BYOD, meets our security posture and delivers a seamless user experience. 🧩 What you will do In this role, you will: macOS Endpoint Management Architect, deploy, and manage the lifecycle of macOS devices using Microsoft Intune MDM Design and tune configuration profiles, compliance policies, and security rules that keep Mac devices secure, performant, and user-friendly Apple Business Manager & Zero-Touch Provisioning Own the integration between Microsoft Intune and Apple Business Manager (ABM) Configure Automated Device Enrollment (ADE) for zero-touch Mac provisioning - corporate devices enroll and configure themselves out of the box Mobile Application Management (MAM) Manage app deployment and updates (App Store, VPP, and enterprise apps) through Intune Enforce app protection policies to secure corporate data on both managed and BYOD macOS devices Passwordless Authentication & Single Sign-On Implement Microsoft Entra ID Platform SSO on macOS using the Enterprise SSO plug-in Enable Secure Enclave-based authentication (hardware-backed keys, Touch ID) to deliver a Windows Hello-equivalent experience on Mac Ensure cloud accounts are properly linked to local Mac accounts, eliminating repeated password prompts Device Security & Encryption Manage FileVault full-disk encryption via Intune, including key escrow and recovery workflows Leverage Apple's T2 / Apple Silicon security features and deploy Microsoft Defender for Endpoint on macOS Configure endpoint protection and compliance policies (password, screen lock, threat response) BYOD Strategy Design policies that apply MAM app protection and Conditional Access to personal Macs without intruding on personal data Define clear enrollment and access rules for non-corporate devices accessing company resources Identity & Security Best Practices Monitor and mitigate identity-related risks on Mac endpoints - password spray attacks, brute-force attempts, and unauthorized access Champion Zero Trust principles: least privilege, device compliance-gated access, and continuous verification Troubleshooting & Support Lead root-cause analysis for complex Intune enrollment, SSO, SecureToken/FileVault, and authentication failures Resolve misconfigurations quickly and provide durable fixes that prevent recurrence Documentation, Training & Continuous Improvement Develop and maintain runbooks, configuration guides, and incident response playbooks for macOS management Train and mentor IT support staff on Mac device support, Intune policy management, and security best practices Stay current with new Microsoft Endpoint Manager features and Apple platform updates; bring recommendations to the team 🧠 What you will bring 5+ years managing and securing macOS devices in an enterprise environment 3+ years hands-on with Microsoft Intune (Endpoint Manager) - deploying and managing macOS at scale Proven experience with Apple Business Manager (ABM) and Automated Device Enrollment (ADE) Strong command of Intune configuration profiles, compliance policies, and app protection policies for macOS Deep knowledge of FileVault encryption management via Intune - policy creation, key escrow, and recovery Solid understanding of Apple's Secure Enclave, SecureToken, and related macOS security primitives Experience configuring Microsoft Entra ID Platform SSO and SSO extensions on macOS Familiarity with Conditional Access policies that tie device compliance to identity access Proficiency in scripting - Bash/zsh, PowerShell, and/or Python - for automation and Microsoft Graph API integrations Understanding of identity protection mechanisms: smart lockout, risk-based sign-in, MFA Ideally you have... Microsoft certifications: Modern Desktop Administrator Assoc


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Evolution Cloud Services (EVOCS)? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect