Sr Systems Engineer (Mac)

The Enterprise Endpoint Engineering team is seeking a highly skilled Senior Mac Endpoint Engineer with deep expertise in Apple device management, modern MDM platforms (Jamf Pro and Microsoft Intune), and enterprise-scale macOS lifecycle engineering. This role is responsible for architecting, automating, and continuously improving the management, security, and user experience of macOS devices across a large global enterprise.

This is a highly technical engineering role focused on building scalable, automated, and secure endpoint management solutions. The ideal candidate will combine strong macOS systems engineering, automation, and troubleshooting skills with a proactive mindset to eliminate manual processes, improve platform reliability, and enhance the overall endpoint experience. You will partner closely with Security, Infrastructure, Workplace Operations, and Identity teams to deliver a modern, resilient, and secure Apple ecosystem., * Architect, implement, and maintain enterprise macOS management solutions using Jamf Pro ensuring scalability and reliability.

• Engineer fully automated, zero-touch macOS lifecycle workflows, including provisioning, enrollment, configuration, patching, compliance enforcement, and secure decommissioning.
• Build automation frameworks and tooling using Bash, Python, zsh, and APIs to eliminate manual operations and enable scalable fleet management.
• Design and implement configuration profiles, policies, and controls that enforce security standards while preserving an exceptional end-user experience.
• Lead integration of macOS endpoints with identity, security, and enterprise infrastructure platforms, including Apple Business Manager, Entra ID, and endpoint security tooling.
• Proactively identify platform gaps, performance bottlenecks, and reliability risks, and implement durable engineering solutions.
• Develop scalable software packaging and deployment pipelines to ensure reliable, secure, and seamless application delivery.
• Establish and maintain endpoint security posture aligned with modern enterprise security standards, including CIS benchmarks and Zero Trust principles.
• Drive continuous improvement of endpoint management through automation, telemetry, monitoring, and engineering best practices.
• Serve as a technical leader and subject matter expert for macOS endpoint engineering, influencing platform strategy, standards, and roadmap.
• Partner with Security, Infrastructure, and Workplace Engineering teams to build cohesive, secure, and scalable endpoint solutions.
• Produce high-quality technical documentation, system designs, and engineering standards.
• Lead root cause analysis of complex platform issues and implement systemic fixes that improve platform resilience and operational maturity.

• 8+ years of experience engineering and managing macOS endpoints in a large-scale enterprise environment (10,000+ devices preferred)
• Expert-level Jamf Pro experience, including policies, smart groups, configuration profiles, scripting, and automation

• Required: Jamf 200 certification
• Preferred: Jamf 300 certification or higher

• Strong experience with Apple Business Manager, Automated Device Enrollment (ADE), and modern Apple deployment workflows
• Proficient in scripting languages such as Bash, Python, AppleScript, Perl or zsh for automation and custom workflows
• Deep understanding of macOS internals, security frameworks, and MDM protocols
• Experience managing macOS lifecycle, including provisioning, patching, compliance, and decommissioning
• Strong troubleshooting skills across OS, application, and management layers
• Experience creating technical documentation, operational standards, and automation workflows
• Excellent communication skills and ability to operate independently in a fast-paced enterprise environment
• Hands-on experience configuring and managing Microsoft Intune for macOS
• Experience with identity and access management systems (Active Directory, Entra AD, PingFederate, etc.)
• Familiarity with CIS benchmarks and compliance frameworks like ISO, SOC2, or SOX
• Experience with endpoint detection & response (EDR) tools such as CrowdStrike
• Knowledge of networking fundamentals, including TCP/IP, DNS, firewalls, and routing protocols

• Required On-Site: This position is required to be performed full-time from an NBCUniversal-designated worksite.

This position is eligible for company-sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website.

Salary range: $145,000 - $170,000

NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our global theme park destinations, consumer products, and experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, NBC Sports, Telemundo, NBC Local Stations, Bravo, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through our powerhouse film and television studios, including Universal Pictures, DreamWorks Animation, and Focus Features, and the four global television studios under the Universal Studio Group banner, and operate industry-leading theme parks and experiences around the world through Universal Destinations & Experiences, including Universal Orlando Resort, home to Universal Epic Universe, and Universal Studios Hollywood. NBCUniversal is a subsidiary of Comcast Corporation. Visit www.nbcuniversal.com for more information. Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.