Provision and manage macOS endpoints (Jamf or equivalent), including configuration profiles, patching, and fleet-wide security controls.
Own full device lifecycle: procurement, inventory, deployment, recovery, and secure decommissioning.
Administer identity and access management across SaaS platforms (SAML, OIDC, SCIM), including automated onboarding/offboarding.
Design and enforce role-based access controls and least-privilege policies.
Own Zero-Trust Network Access (Cloudflare preferred), including posture checks and secure access policies.
Troubleshoot cross-layer issues spanning device → identity provider → network → SaaS application.
Deploy and support lightweight office networking, firewalls, and AV/Zoom infrastructure for distributed and off-site environments.
Build automations using APIs and scripting to eliminate manual IT workflows.
Partner with Security and Infrastructure on endpoint hardening, monitoring, and incident response.
Maintain audit-ready controls and documentation to support SOC 2 / PCI compliance.

Requirements

5+ years in IT, internal infrastructure, or security roles within a cloud-first or SaaS environment.
Deep, hands‑on expertise with modern endpoint‑management solutions for macOS/iOS.
Proven administration experience with leading identity‑provider platforms, including SAML/OIDC integrations and advanced workflow automations.
Experience administering multiple business-critical SaaS platforms (Google Workspace, Slack, GitHub, etc.).
Hands-on experience deploying and operating Zero-Trust access platforms (Cloudflare preferred).
Strong understanding of networking fundamentals (DNS, TLS, TCP/IP, HTTP proxies) and ability to troubleshoot across device, identity, and network layers.
Experience building scalable onboarding/offboarding processes in high-growth environments.
Scripting proficiency (Python or Bash).
Experience implementing security controls aligned to organizational policies and standards.
Excellent written and verbal communication skills—able to translate technical detail into clear guidance for stakeholders.
Candidates must be legally authorized to work in the United States and must live in the United States.

Benefits

Employer paid group health insurance for you and your dependents
401(k) plan with employer match (or equivalent for non US-based roles)
Flexible paid time off
Regular company-wide in-person events
Home office stipend, and more!

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

macOS managementendpoint managementidentity and access managementSAMLOIDCSCIMZero-Trust Network Accessnetworking fundamentalsscriptingsecurity controls

Soft Skills

communicationtroubleshootingcollaborationdocumentationprocess improvement