macOS Security Hardening & Remediation Specialist
-
Pay Rate: $73.75 hour, depending on experience
-
Contract Length: 3 Months
-
Location: Calgary, Alberta
Raise is currently hiring a macOS Security Hardening & Remediation Specialist on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client is a market leading financial institution
Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.
Description
The specialized macOS Security Hardening & Remediation Specialist is required for a critical security initiative for our client. In this role, you will bridge the gap between corporate compliance and technical execution. Your primary mission is to perform a comprehensive gap analysis of our existing macOS fleet, collaborate with Cybersecurity Governance, and execute robust hardening policies across endpoint layers. This project spans from core OS configurations up to specialized applications and database layers, requiring a fine balance between rigid security protocols and user productivity.
Project Description
The Security Hardening Project focuses on elevating ’s endpoint security posture. The successful candidate will systematically review our current macOS environment against modern Cybersecurity Governance Hardening Standards. You will be responsible for defining the hardened baseline, writing the automation scripts and configuration profiles to enforce it, and orchestrating the mass remediation of the fleet while ensuring comprehensive documentation and knowledge transfer to our permanent Apple Engineering teams.
Responsibilities
-
Gap Analysis & Assessment: Conduct a deep-dive gap analysis of the current macOS fleet against ’s Cybersecurity Governance Hardening Standards.
-
Policy Development: Partner with subject matter experts, security, and governance teams to derive and document hardened configuration baselines aligned with the Configuration Hardening Standard.
-
Technical Implementation: Design, test, and deploy configuration profiles (.mobileconfig), configuration files, and shell scripts to enforce strict compliance across the fleet.
-
Up-the-Stack Integration: Align macOS endpoint controls with specialized software layers, ensuring secure port/protocol management and application-level hardening.
-
Remediation Execution: Manage the orchestration of security configuration updates across all macOS devices using modern, non-disruptive workflows.
-
Cross-Functional Collaboration: Work closely with the Apple Engineering team, DevOps/Developers, and Cybersecurity Governance to balance rigid security posture with a smooth developer and team-member end-user experience.
-
Knowledge Transfer: Deliver robust documentation, rigorous testing playbooks, and training sessions to operational teams for long-term sustainability..
Qualifications
-
5+ years of dedicated experience in Cybersecurity, Endpoint Engineering, or Infrastructure Security with a heavy focus on Configuration Management.
-
A proven track record of successfully participating in or leading large-scale enterprise endpoint remediation projects, compliance lifecycles, or security audits.
-
Technical Requirements
-
OS Expertise: Deep architectural understanding of macOS security mechanics, including FileVault, TCC (Transparency, Consent, and Control / Privacy Preferences Policy Control), System Extensions, Gatekeeper, and the Apple Security Bounty landscape.
-
Unified Endpoint Management (UEM): Advanced, hands-on experience with Apple-centric MDM/UEM platforms—specifically Jamf Pro—including building complex configuration profiles, custom schemas, and managing dynamic Smart Groups.
-
Automation & Scripting: Strong scripting skills in Zsh / Bash and deep familiarity with native macOS command-line tools (e.g., profiles, defaults, security, launchctl) for auditing and remediation.
-
Security Frameworks: Practical experience implementing and adapting the macOS Security Compliance Project (mSCP) guidelines or CIS Benchmarks for macOS inside an enterprise environment.
-
Key Skills & Core Competencies
-
Network Fundamentals: Solid understanding of ports, protocols, and services management to support the project's network-layer scope and endpoint firewall configurations.
-
Analytical Mindset: Ability to translate complex compliance documents (such as the Q2 Governance Standard) into technical, actionable, and testable engineering requirements.
-
Communication & Technical Writing: Strong documentation skills for creating enterprise-grade hardening standards, change management plans, user-impact assessments, and remediation playbooks.
-
Education and Certifications
-
Bachelor’s Degree or Diploma: Computer Science, Cybersecurity, Information Technology, Computer Engineering, or a related technical discipline. Or significant industry experience (7+ years) with a proven track record in enterprise macOS environments can often substitute for a formal degree.
-
Nice to have certifications Jamf Certified Expert (Jamf 400), Apple Certified Support Professional (ACSP), CISSP (Certified Information Systems Security Professional):, GIAC Certified Windows/Mac Security Administrator (GCWN or similar), CompTIA Security+ or CySA+ (Cybersecurity Analyst), ITIL Foundation (v3 or v4
Additional Information
A requirement for candidates to be considered for this role will be to complete a criminal and credit check (including Canadian Credit Risk Score)
Looking for meaningful work? We can help!
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or [email protected].
#WES
#LI-SC1
