Mac Endpoint Engineer Jobs (NOW HIRING)

Postman is the world's leading API platform, used by more than 45 million developers and 500,000 organizations. Behind that platform is a fleet of macOS endpoints, and behind that fleet is the small team that keeps Postman engineers productive, secure, and unblocked. We're hiring a Senior Mac Systems Engineer to lead how we manage, automate, and evolve that fleet.

This is not a ticket-closing role. We want someone who treats endpoint management as a platform engineering problem: declarative, version-controlled, reproducible, and continuously improved. You will own our Mac fleet end to end, from the moment a device is forecasted and procured through provisioning, daily operation, and eventual retirement. You will partner closely with Security and GRC on CMMC Level 2 readiness, and you'll have a real mandate to evaluate, evolve, and re-architect our endpoint stack where it makes sense.

You will also help decide where AI belongs in IT at Postman, and where it doesn't. Agentic systems are changing how IT teams work, and we want a senior engineer who can apply them thoughtfully, build with them safely, and tell the difference between genuinely useful automation and hype.

If you spend time in the MacAdmins Slack, have opinions about MDM vendors, and have ever caught yourself thinking "I could replace this with a few hundred lines of Go and a Git repo," you are exactly who we want to talk to.

• A real mandate to modernize. We're not looking for someone to maintain the status quo; we want someone with a point of view about where endpoint management and IT operations are going.
• Direct partnership with Security Engineering, GRC, and IT Operations leadership on initiatives that matter to the business.
• Budget and authority to evaluate, pilot, and adopt the right tools, not just the incumbent ones.
• An organization that is investing seriously in AI and how it can augment the real work humans do, and a team that wants you to push that investment into IT operations.

• Own Postman's macOS fleet management strategy and execution: provisioning, configuration, patching, telemetry, and lifecycle.
• Treat infrastructure as code. Manage endpoint configuration, automation, and integrations through version-controlled, peer-reviewed code rather than clicking through admin consoles.
• Lead automation as a first-class engineering discipline. Identify the highest-leverage manual workflows in IT and replace them with reliable, observable, testable automation.
• Apply AI and agentic systems pragmatically across IT operations: triage, remediation, knowledge surfacing, vendor analysis, and developer self-service. Decide where these tools belong, build the guardrails, and measure the outcomes.
• Own the macOS hardware lifecycle end to end: demand forecasting, procurement strategy, depot and inventory operations, refresh cycles, warranty and AppleCare programs, and responsible end-of-life and sustainability practices.
• Continuously evaluate our endpoint stack. Identify where current tooling is holding us back, prototype alternatives, and lead migrations when the data supports it.
• Build internal tooling where vendors fall short: inventory pipelines, compliance reporting, automated remediation, and self-service workflows for engineers.
• Partner with Security, GRC, and IT Operations to deliver controls that satisfy CMMC Level 2 and other compliance frameworks without slowing developers down.
• Design and operate the telemetry layer for endpoint visibility: osquery, Fleet, Kolide, or whatever combination best fits the problem.
• Mentor IT Systems Administrators and partner with adjacent teams (Security Engineering, DART, Procurement) on cross-functional initiatives.
• Be the senior technical voice in vendor evaluations, contract negotiations, and architecture decisions for anything touching the Mac fleet.

• 7+ years managing macOS at scale in a fast-moving engineering organization, including deep production experience with at least one major MDM (Jamf, Kandji, Mosyle, SimpleMDM, Workspace ONE, or similar).
• A strong automation instinct. You see manual work as a bug, you reach for code before consoles, and you've built the kind of automation other people on your team rely on daily.
• Practical experience applying AI and LLM-based tooling to real IT and operations problems. You've used Claude Code, Cursor, or similar agentic tools in your own workflow, and ideally you've built or deployed agentic workflows that other people use.
• Strong scripting and software development skills. You're comfortable in Python, Go, Bash, or Swift, and you write code that other engineers would be willing to review.
• Hands-on experience with infrastructure as code and modern DevOps practices: Terraform, Git-based workflows, CI/CD, code review, and treating production changes as software changes.
• Working knowledge of endpoint telemetry and device trust tooling: osquery, Fleet, Kolide, Munki, AutoPkg, or comparable open-source ecosystems.
• Deep understanding of Apple's management surface area: declarative device management, MDM protocol, configuration profiles, FileVault, Gatekeeper, system extensions, and the ongoing implications of Apple Silicon.
• Experience running a macOS hardware lifecycle program at scale: forecasting, procurement, asset management, refresh planning, and end-of-life logistics.
• Identity and access fluency: Okta, SSO, SCIM, certificate-based authentication, and how identity intersects with device posture.
• A track record of replacing manual or vendor-locked workflows with automated, observable, and testable systems.
• Excellent written communication. You can write a clear RFC, a vendor evaluation, or a runbook that someone three years from now will still understand.

• Active participant in the MacAdmins community, Penn State Slack, MacDevOpsYVR, MacSysAdmin, or similar.
• Open-source contributions to projects like Munki, Nudge, AutoPkg, osquery, Fleet, swiftDialog, or your own published tooling.
• Experience building or deploying agentic AI workflows in a production IT or operations context, including the unglamorous parts: evaluation, guardrails, cost control, and failure modes.
• Experience standing up or significantly improving a Zero Trust device-trust program.
• Background supporting compliance frameworks such as CMMC, SOC 2, ISO 27001, or FedRAMP.
• Familiarity with managing Windows or Linux endpoints alongside Mac (Intune, Jamf Pro for iOS, Fleet on Linux).
• Experience integrating endpoint data into a broader security data lake or SIEM.

The reasonably estimated base salary for this role ranges from $200,000 to $250,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.