Together with the Zoolatech team, our partner, a leading construction management company, is at the forefront of developing a cloud-based software solution. This innovative platform is instrumental in the successful completion of major projects including skyscrapers, hospitals, data centers, stadiums, and schools. It streamlines the management of finances, quality, teams, and risks, making these processes transparent, convenient, and regulation-compliant. Our partner is not only an expert in construction management but also a significant technology innovator, actively developing web and mobile solutions.

You'll be joining the IT Engineering team currently undergoing a significant security transformation. The team sits at the intersection of IT and Security Engineering, and this engagement is happening during an active organizational restructuring where security responsibilities are being consolidated and matured.

The project has three interconnected workstreams:

Endpoint compliance for a certification. The company is pursuing Cyber Essentials Plus certification. The macOS fleet needs to be audited, hardened, and documented against CIS/NIST baselines.

Zscaler ZTNA rollout via Jamf. The company recently purchased Zscaler (ZIA/ZPA) and is in an accelerated rollout. The engineer will own the Jamf side of that deployment and integrate device compliance signals into Zero Trust access policy decisions.

Jamf environment remediation. The existing Jamf environment has accumulated technical debt — policy hygiene, naming conventions, smart group logic — and needs to be cleaned up and made auditable before the compliance assessment.

• Audit the macOS fleet against CIS Benchmark (Level 1 & 2) and NIST 800-179 baselines; identify and remediate deviations at scale via Jamf configuration profiles and scripts

• Develop and maintain hardening scripts (bash/zsh/Python) deployed via Jamf policies

• Enforce software update and patch compliance aligned to Cyber Essentials Plus and SOC 2 requirements

• Rebuild and organize the Jamf environment: smart/static groups, scoping logic, naming conventions, policy hygiene, extension attributes

• Deploy Zscaler Client Connector through Jamf and configure device trust signals to feed ZPA/ZIA conditional access decisions

• Integrate Jamf with the identity provider (Okta) and Google Workspace for conditional access enforcement

• Support certificate-based authentication and MDM enrollment workflows

• Produce compliance documentation: runbooks, architecture decision records, and audit evidence artifacts

• Map Jamf configurations to compliance controls across CIS, NIST, Cyber Essentials Plus, and SOC2

• 5+ years of hands-on Jamf Pro administration in an enterprise environment (500+ managed devices)

• Deep expertise in macOS security hardening — CIS Benchmarks, configuration profiles, kernel

  extensions, and SIP/PPPC/TCC management

• Proficiency in scripting for Jamf deployment: bash, zsh, and/or Python

• Demonstrated experience implementing or auditing against a recognized security framework (CIS,

  NIST, SOC 2, or equivalent)

• Ability to work autonomously, prioritize effectively, and deliver within a defined scope

• Strong verbal communication skills in English to be able to work with international team

• Strong written communication — documentation is treated as a first-class deliverable here

• Practical experience using AI tools in day-to-day work — whether for scripting assistance, documentation, troubleshooting, or research

Nice to have:

• Jamf certifications

• Experience with enterprise-scale Mac environments

• Zscaler exposure (not required)

• MDM strategy and governance experience

• Documentation and roadmap creation