Apple/macOS Subject Matter Expert (SME)Position SummarySofttek Government Solutions is seeking highly cleared, experienced IT engineering professionals to support the Congressional Budget Office (CBO) Service Desk Engineering task order. This initiative focuses on fundamentally hardening the CBO's enterprise environment to reduce the risk of unauthorized lateral movement, credential misuse, and persistence techniques.
Note: This is an advanced engineering scope focused on resolving complex escalations, implementing security architecture, and developing automated workflows. It does not involve routine Tier 1 end-user help desk support.
The engineering team will be responsible for designing, deploying, and maintaining the technical controls necessary to secure endpoint, identity, and device lifecycle operations.
Responsibilities- Design and maintain standardized, division-specific macOS workstation images for on-site and remote/VDI access.
- Implement macOS-specific configuration baselines, security policies, and compliance enforcement.
- Manage macOS device enrollment and provisioning via JAMF Pro and Apple Business Manager.
- Configure and maintain macOS Unified Logs for SIEM ingestion and forensic readiness.
- Support FileVault recovery key escrow, custody records, and secure device lifecycle operations (provisioning, reassignment, decommission, secure wipe).
- Coordinate macOS patching and version control with Ivanti/KACE-based patch management processes.
- Produce runbooks, remediation plans, and conduct knowledge transfer sessions with Service Desk and Incident Response teams.
Education- Bachelor's degree in Information Technology, Cybersecurity, or a related field. Formal education requirements may be waived based on relevant professional experience
Qualifications- Must be a US Citizen
- Minimum 8 years of experience in IT, Endpoint Engineering, or Cybersecurity, with at least 6 years in engineering (not help desk) roles in enterprise environments.
- Expertise building and maintaining macOS workstation images.
- Extensive experience using JAMF Pro for macOS endpoint management.
- In-depth knowledge of macOS security architectures, FileVault key escrow, and macOS Unified Logging telemetry.
- Experience working under formal change control, audit, and security governance processes.
Required Clearance - Active Top Secret (TS) security clearance.
