Together with the Zoolatech team, our partner, a leading construction management company, is at the forefront of developing a cloud-based software solution. This innovative platform is instrumental in the successful completion of major projects including skyscrapers, hospitals, data centers, stadiums, and schools. It streamlines the management of finances, quality, teams, and risks, making these processes transparent, convenient, and regulation-compliant. Our partner is not only an expert in construction management but also a significant technology innovator, actively developing web and mobile solutions.

You'll be joining the IT Engineering team currently undergoing a significant security transformation. The team sits at the intersection of IT and Security Engineering, and this engagement is happening during an active organizational restructuring where security responsibilities are being consolidated and matured.

The project has three interconnected workstreams:

Endpoint compliance for a certification. The company is pursuing Cyber Essentials Plus certification. The macOS fleet needs to be audited, hardened, and documented against CIS/NIST baselines.

Zscaler ZTNA rollout via Jamf. The company recently purchased Zscaler (ZIA/ZPA) and is in an accelerated rollout. The engineer will own the Jamf side of that deployment and integrate device compliance signals into Zero Trust access policy decisions.

Jamf environment remediation. The existing Jamf environment has accumulated technical debt — policy hygiene, naming conventions, smart group logic — and needs to be cleaned up and made auditable before the compliance assessment.

• Audit the macOS fleet against CIS Benchmark (Level 1 & 2) and NIST 800-179 baselines; identify and remediate deviations at scale via Jamf configuration profiles and scripts

• Develop and maintain hardening scripts (bash/zsh/Python) deployed via Jamf policies

• Enforce software update and patch compliance aligned to Cyber Essentials Plus and SOC 2 requirements

• Rebuild and organize the Jamf environment: smart/static groups, scoping logic, naming conventions, policy hygiene, extension attributes

• Deploy Zscaler Client Connector through Jamf and configure device trust signals to feed ZPA/ZIA conditional access decisions

• Integrate Jamf with the identity provider (Okta) and Google Workspace for conditional access enforcement

• Support certificate-based authentication and MDM enrollment workflows

• Produce compliance documentation: runbooks, architecture decision records, and audit evidence artifacts

• Map Jamf configurations to compliance controls across CIS, NIST, Cyber Essentials Plus, and SOC2

• 5+ years of hands-on Jamf Pro administration in enterprise environments

• Deep macOS security hardening expertise

• Scripting proficiency in bash, zsh, and/or Python for Jamf deployment

• Demonstrated experience implementing or auditing against CIS, NIST, SOC 2, or equivalent frameworks

• Zscaler ZPA/ZIA integration experience — deploying Client Connector and configuring device posture checks

• Okta integration for conditional access and MDM enrolment

• Experience working in large, distributed international teams with asynchronous communication — comfortable with written-first collaboration across time zones, proactive in status updates, and able to move work forward without real-time check-ins

• Strong written communication — documentation is treated as a first-class deliverable here

• Practical experience using AI tools in day-to-day work — whether for scripting assistance, documentation, troubleshooting, or research