Remote Jamf Engineer Jobs (NOW HIRING)

About Otelier
Otelier is a hospitality technology SaaS company serving hotel operators with the data and automation tools that make their back-office run. We are PE-backed, just under 250 employees, fully remote, and operate across the US, India, and Sri Lanka. We are at the stage where the systems and security foundation a company runs on have to scale faster than headcount - and that is the job we are hiring for.
The role
This is the senior IT seat at Otelier. You will own the corporate IT and security function end-to-end: the infrastructure that the company works on every day, the identity layer that protects our customer and company data, and the SOC 2 program that our enterprise hotel customers expect us to run cleanly. You will manage one IT Engineer and partner closely with Engineering, Security, and People Ops.
This role suits someone who has already owned an IT and security function at a company of similar scale and is looking to do it again. You will report to the Director of FP&A, who runs IT alongside Finance and Business Operations. Your manager is technically fluent and owns IT's budget and executive representation, but the IT roadmap, technical direction, and operating model are yours to define. We are hiring this role specifically because we need someone who knows what good looks like and can build toward it without being told.
Why this role is worth your time
• Real ownership. You are the senior IT decision-maker at the company. SOC 2, identity, endpoint, vendor strategy, automation - your call, your roadmap.
• A manager who removes friction. You report into a Director who is technically fluent, owns IT's budget, and represents the function to executive leadership - so you spend your time on IT, not on internal politics. The technical roadmap is yours to drive.
• A real team to grow. You start with one IT Engineer and a defined headcount path as the company scales. People management is a stated part of the role, not a side responsibility.
• PE-backed operating cadence. Hospitality SaaS at ~245 people with the rigor and accountability of a PE-backed environment. Clear ownership, real budgets, and the expectation that IT and security run as a managed function - not an afterthought.
• Modern stack, no legacy debt. Microsoft 365, Intune, Jamf, Okta (incl. PAM), Defender, SentinelOne, Drata, Jira Service Management. No data center to babysit, no on-prem AD to migrate.
What you will own
The role has three pillars. All three are real - this is not a job where one of them is theoretical.
1. IT infrastructure & end-user experience
• The Microsoft 365 tenant: Exchange, SharePoint, OneDrive, Teams, licensing, and our CSP relationship.
• Endpoint management for the full fleet: Intune for Windows (the majority of devices), Jamf for macOS, including Autopilot, configuration profiles, app packaging, and compliance baselines.
• The full device lifecycle for a globally distributed workforce - procurement, imaging, deployment, recovery, and disposition - with no central office to lean on.
• The IT helpdesk: Jira Service Management, SLA framework, ticket prioritization, and the runbook discipline that keeps response times predictable.
• Onboarding and offboarding automation. Today this runs on Power Automate and JSM webhooks; you will own it and make it better.
2. Identity & access
• Okta as the primary IdP - SSO integrations, SCIM provisioning, lifecycle management, sign-on policies, and MFA enforcement.
• Okta Privileged Access (PAM) for Engineering and DevOps, including resource group configuration, agent deployment, and enrollment governance.
• Microsoft Entra ID - enterprise app config, conditional access, and group governance.
• End-to-end employee lifecycle: timely provisioning, license assignment, MFA enrollment, and (most importantly) clean, on-time deprovisioning across every system that matters.
• Periodic access reviews and least-privilege enforcement across our critical systems.
3. Security & compliance
• The corporate security program - endpoint protection, identity security, SaaS governance, and data security practices.
• SOC 2 Type 1 program ownership: Drata administration, evidence collection, control mapping, and audit readiness. (Type 2 is on the horizon - you will help us get there.)
• Endpoint protection: Microsoft Defender for Endpoint (Windows) and SentinelOne (macOS), including alert triage, coverage audits, and remediation tracking.
• Security awareness program via KnowBe4 - phishing simulations, training assignments, and compliance tracking.
• SaaS and AI tool governance - enumerating shadow IT, assessing data-handling risk (especially AI notetakers and transcript-storing tools), and enforcing acceptable use.
• Incident response - investigations, documentation, and remediation for stolen devices, suspicious access, and other security events.
• Acting as the IT point of contact for security audits, customer security reviews, and vendor security assessments.
People & vendor management
• Direct management of one IT Engineer: weekly 1:1s, performance management, career development, and quality bar.
• SaaS vendor strategy and procurement - sourcing, contract negotiation, renewals, license rightsizing, and ongoing spend optimization across the stack.
• Partnering with HR and People Ops on global employment, time-zone coverage, and employee experience for a remote workforce.
Requirements
Who you are
You probably have
• 7+ years in IT, with at least 3 years as the most senior IT and security practitioner at a 200-500 person company. This is not a step-up role - you have already owned an IT and security function and are looking to do it again, better.
• Demonstrated ownership of IT strategy: you have set the roadmap, made the build-vs-buy calls, defined the operating model, and been accountable for the outcomes. You can walk us through specific decisions you made and what you would do differently.
• Strong hands-on depth in the Microsoft stack - Intune, Defender, Entra, M365 - and in Okta administration (SSO, SCIM, lifecycle).
• Direct ownership of a SOC 2 program through evidence collection and audit, ideally with Drata or a comparable GRC platform. You know what auditors actually ask for and how to keep the program clean between audits.
• A track record of running and maturing IT and security at scale - not building from scratch, but taking an existing function and making it more reliable, more automated, and more defensible.
• Direct people management experience. You have managed at least one IT engineer or analyst and can speak to how you have developed them.
• The communication instincts to translate technical risk into business terms - and the judgment to push back when leadership underweights it.
Nice to have, not required
• Jamf Pro experience for macOS at scale.
• Okta PAM buildout experience or DevOps identity workflows.
• Background in hospitality tech, fintech, or another compliance-sensitive SaaS vertical.
• Atlassian / Confluence depth for IT documentation and knowledge management.
How you work
• You make decisions and own the outcome. You do not need three meetings to choose a vendor.
• You are equally comfortable writing a SOC 2 control narrative and unblocking a user with a flaky DisplayLink dock.
• You document by default. Future-you and your IT Engineer should be able to run the playbook without you in the room.
• You are honest about risk. You tell leadership when something is broken, not when it is convenient.
What We Offer (US Benefits)

• A global workforce with flexible hybrid and WFH options.
• 401k Plan (Traditional & Roth) with company match.
• Flexible PTO policy to refresh & recharge.
• Comprehensive Medical, Dental & Vision plans for you and your dependents.
• Paid parental leave when expanding your family.
• Additional company paid benefits, such as LTD, STD, and life insurance to give you peace of mind for life's unexpected moments.

This position offers a base compensation range of $100,000 to $130,000. This range represents the potential compensation for this role, with actual pay varying based on factors such as the location, skills, experience, and qualifications. Compensation may vary from the stated range. This information is provided to applicants in accordance with state and local laws.
Salary Description
$100,000 - $130,000 annually