Desktop Engineer, Lead JAMF

Location: Rockville, MD

Work Type: Hybrid Work (Minimum 2 days Onsite)

Required Clearance: Ability to Obtain Public Trust

Job Title: Desktop Engineer, Lead JAMF

Job Summary: The Desktop Engineer, Lead is responsible for designing, maintaining, and enhancing the macOS endpoint environment using Jamf Pro and related tools, while also providing strategic oversight of patching, compliance, and lifecycle planning across the Apple device ecosystem. The role includes limited backup support for Windows environments and collaboration with Service Desk teams

Key Responsibilities

Endpoint Configuration & Imaging

Design, manage, and enhance macOS imaging services using Jamf Pro, ensuring compliance with standards.

Build and manage Jamf Pro configuration profiles and policies to enforce CIS benchmarks, disk encryption, and endpoint security controls.

Collaborate with MECM engineers to ensure endpoint management coverage across both macOS and Windows, with backup responsibilities for the Windows Desktop Engineer.

Security & Compliance

Proactively identify, plan, and remediate Critical, High, and Medium vulnerabilities across macOS workstations in alignment with policies and IRT thresholds.

Develop preventive controls, remediation plans, and reporting procedures to ensure continuous endpoint compliance.

Enforce encryption at rest and in transit, and manage secure key escrow within NIH-approved systems.

Patching & Software Management

Lead monthly patching cycles for macOS devices and third-party applications (e.g., Adobe, Chrome, Cisco VPN, Office 365, Safari).

Utilize Jamf to deploy updates, enforce software compliance, and automate deployment workflows for NIAMS-managed Apple devices.

Monitor patch progress and produce monthly compliance and vulnerability remediation reports.

Workstation Lifecycle Management

Evaluate endpoint performance and hardware requirements based on usage data.

Recommend and test complete Apple workstation packages to ensure seamless integration into the enterprise environment.

Track and report on end-of-life or end-of-service timelines for OS, tools, and hardware; provide advanced notifications and coordinate EOL planning.

Automation & Reporting

Implement automation and self-service solutions to improve efficiency in macOS management and reduce manual intervention.

Maintain comprehensive asset inventories for software and hardware, and fulfill federal data calls for IT reporting and audits.

Documentation & SOP Development

Author and maintain standard operating procedures (SOPs), RFCs, and system design documents for macOS endpoint management and compliance.

Contribute to documentation for security hardening, patching workflows, and configuration baselines.

Collaboration & Support

Provide backup coverage for Windows desktop engineering and participate in cross-platform coordination as needed.

Assist the Service Desk during downtime from engineering duties by resolving support tickets.

Deliver presentations or demos on macOS tools, compliance, and endpoint processes to stakeholders and leadership.

Required Qualifications

Minimum of five (5) years of hands-on experience in troubleshooting end-user hardware and peripherals, operating systems, device imaging, software applications, network connectivity, system configuration, security compliance, Active Directory administration, and endpoint management in enterprise environments.

Must have a minimum of five (5) years of direct experience managing Jamf Pro, including but not limited to macOS system imaging, third-party patch management, system security enforcement, and Apple device configuration.

Proven proficiency in configuring, supporting, and troubleshooting Apple macOS and iOS operating systems, with the ability to address user inquiries and technical issues effectively.

Strong experience in configuring, deploying, and supporting Apple iOS mobile devices, including troubleshooting devices and user-related questions.

Demonstrated expertise in supporting Microsoft Office 365 applications, including (but not limited to) Outlook, Word, Excel, PowerPoint, OneNote, Skype, Teams, OneDrive, and Zoom.

Ability to troubleshoot end-user incidents and service requests remotely via phone, email, or through tools such as Bomgar, Microsoft Remote Desktop Services, and/or SolarWinds Dameware.

Hands-on experience using incident logging and ticketing systems, with preference for ServiceNow, though Remedy or Cherwell are also acceptable. Should demonstrate familiarity with IT Service Management (ITSM) practices, strong customer service orientation, and a solid understanding of Service Level Agreements (SLAs).

Proven ability to develop and maintain clear, concise, and technically accurate documentation, including Standard Operating Procedures (SOPs) and end-user support guides.

Demonstrated competence in identifying, diagnosing, and remediating security vulnerabilities across desktop and mobile platforms.

Experience in creating technical training materials and delivering training sessions for users with varying levels of technical knowledge and expertise.

Broad and current knowledge of IT hardware, software, and services, with the ability to advise end-users and stakeholders on appropriate solutions and configurations.

Experience designing, configuring, and maintaining federally mandated security and compliance settings for Windows Server and macOS systems, including alignment with CIS benchmarks and government IT standards.

Strong proficiency in Active Directory (AD) account management, including user and group administration, access control, and GPO management.

Certification Required : Jamf Pro Certified Administrator Certification and ITIL 4 Certification

Preferred Qualifications

Education: Bachelor's degree from an accredited institute, (preferably in Mathematics, Information Technology, Computer Science, Engineering, Business Administration, or Project Management).

Desired (1 or more): CompTIA Security+; Microsoft Office Specialist: Microsoft Office 2016; Microsoft Office Specialist: Associate (Office 365 and Office 2019); Apple Certified Support Professional (ACSP); Apple Certified MacOS Technician (ACMT); Apple CertifiediOS Technician (ACiT); HDI-CSR; HDI-SCA; HDI-DAST; HDI-TSPS; or other industry-recognized certifications appropriate to NIAMS requirement are desirable.

Compensation and Benefits

The projected compensation range for this position is $113,000 to $127,000 per year benchmarked in the Washington, D.C. metropolitan area. Salary at LCG is determined by various factors, including but not limited to role, location, the combination of education/training, knowledge, skills, competencies, certifications, and work experience.

LCG offers a competitive, comprehensive benefits package which includes health insurance options (medical, dental, vision), life and disability insurance, retirement plan contributions, as well as paid leave, federal holidays, professional development, and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position, contact our Human Resources department by email at hr@lcginc.com.

Securing Your Data

Beware of fraudulent job offers using LCG's name. LCG will never request payment-related details or advancement of money during the application process. Legitimate communication will only come from lcginc.com or system@hirebridgemail.com emails, not free commercial services like Gmail or WhatsApp. If you receive suspicious emails asking for payment or personal information, contact us immediately at hr@lcginc.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.