Engineer secure-by-default endpoint baselines for macOS and Windows Endpoints, including encryption, firewall, application controls, device compliance, and configuration standards.
Automate and scale identity and access controls in Entra ID and Google Workspace (SSO, SCIM, conditional access, privileged access workflows, access reviews, joiner/mover/leaver).
Codify security controls as code (Terraform/configuration profiles/policy-as-code), with peer review, change history, testing/rollback, and measurable outcomes.
Build and maintain automations and integrations (e.g., n8n/SlackOps/APIs/scripts) that reduce manual access grants, speed up control changes, and eliminate repetitive workflows.
Harden SaaS and collaboration platforms by reducing unmanaged apps and enforcing strong authentication, least privilege, sharing controls, and data protection guardrails.
Improve visibility and detection by ensuring logging coverage and telemetry for endpoint, identity, and key SaaS applications (e.g., Defender/Sentinel and vendor logs where relevant).
Drive vulnerability and configuration drift reduction through patch compliance targets, remediation pipelines, and reporting that leadership can act on.
Partner with compliance and risk stakeholders to produce evidence, document controls, and operationalize requirements without creating brittle, manual processes.
Participate in an on-call rotation (every ~3 weeks) for escalations related to identity, endpoint security, and critical enterprise systems.

Requirements

Demonstrated experience engineering and scaling endpoint management (Jamf and/or Intune) and endpoint security controls for macOS and Windows.
Strong IAM foundation: hands-on experience with Entra ID (conditional access, SSO, access governance) and Google Workspace and/or Microsoft 365 administration.
Proven ability to automate real operational workflows using scripting and APIs (Bash, PowerShell, Python, etc.).
Strong troubleshooting and systems thinking: able to diagnose issues across identity, endpoint, network controls, and SaaS integrations.
Comfort balancing security and usability using a risk-based approach, communicating tradeoffs clearly to technical and non-technical stakeholders.

Benefits

TRM’s equity plan may be available

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

endpoint managementendpoint security controlsidentity and access managementautomationscriptingAPIsconfiguration managementvulnerability managementpatch compliancetelemetry

Soft Skills

troubleshootingsystems thinkingcommunicationrisk-based approachcollaboration