Jamf Nation Community

Position Overview

We’re seeking an experienced Identity & Access Engineer to lead the strategic transition of our enterprise authentication systems from Kerberos to Okta Single Sign-On (SSO), specifically within our Jamf-managed Apple fleet, spanning over 30,000 users globally. This is a critical role within our Security Engineering organization that blends system architecture, hands-on implementation, and cross-functional collaboration to deliver modern, scalable authentication infrastructure.

You’ll work with our Security, IT, and Platform teams to design, implement, and support identity solutions that ensure seamless, secure access across our endpoints, applications, and services.

Key Responsibilities

• Architect and lead the migration of Kerberos-based authentication in Jamf to Okta SSO, ensuring minimal disruption across a global user base.
• Design identity and access management workflows that align with Zero Trust principles and modern endpoint management practices.
• Serve as a primary engineer and subject matter expert for Okta integrations with macOS devices and associated tooling (e.g., Jamf Connect, Jamf Pro).
• Collaborate with cross-functional teams (Security, IT, Compliance, Platform Engineering) to assist with project scope, milestones, risk mitigation, and testing strategies.
• Develop and maintain comprehensive documentation, including architecture diagrams, technical runbooks, and transition playbooks.
• Ensure adherence to enterprise security policies, compliance requirements, and audit controls related to identity access.

Qualifications

Required:

• 5+ years of experience in identity and access management (IAM), infrastructure engineering, or enterprise security.
• Demonstrable experience deploying and managing Okta SSO, with at least one major enterprise-wide rollout.
• Deep understanding of Kerberos, SAML, OAuth, SCIM, and OIDC protocols.
• Extensive hands-on experience with Jamf Pro and Jamf Connect in macOS environments.
• Proven ability to contribute to complex technical projects across large user bases (10,000+ users).
• Strong scripting and automation skills (e.g., Python, or Bash).
• Excellent communication and collaboration skills across technical and non-technical stakeholders.

Preferred:

• Okta Certified Professional or higher-level certifications (e.g., Okta Certified Consultant).
• Jamf Certified Expert (Jamf 400) certification.
• Familiarity with Microsoft Entra ID (formerly Azure AD), Apple Business Manager, and MDM best practices.
• Background in Zero Trust architecture design and deployment.
• Experience supporting hybrid or fully remote workforces.