Gilbert J. Palau

Gilbert J. Palau

macOS // JAMF Cloud Engineer

gilbertp@duck.com Rockwall, TX 817.564.4731 tempusthales LinkedIn

Skills

MDM: Subject Matter Expert with JAMF 11.20.x.
Scripting: AppleScript, bash/shell; Python, Swift UI (macOS).
OS: macOS (12, 13, 14, 15, 26), Linux (Ubuntu & Debian), iOS/iPadOS
IAM: Microsoft SSO, Okta, Duo, JAMF Connect 3.2.0
Endpoint Security: CrowdStrike, Sentinel One.
ITIL: JIRA, ServiceNow.
LLM: Claude, Ollama, LM Studio.
Automation: n8n, Zapier (workflow orchestration).
Encryption: FileVault2, BitLocker.
Hypervisors: Proxmox, VMware Fusion.
Collaboration: MS Teams, Slack, Mattermost.
Git: GitHub, GitLab, Bitbucket, Forgejo.

Leadership

Team building, mentoring, coaching, training, decision-making.

Communication

Bilingual (English/Spanish — written/spoken).

Analysis

Root cause analysis, critical thinking, research-driven troubleshooting.

Initiative

Self-motivated, detail-oriented multitasker who thrives under pressure.

Process Improvement

Adaptable, strategic approach to continuous optimization.

Experience

Senior macOS JAMF Engineer Nov 2022 – Nov 2025
Tesla Giga Factory · Austin, TX
  • macOS & JAMF Pro Subject Matter Expert with expertise in MDM architecture, DEP/ADE enrollment, configuration profiles, and enterprise policy management.
  • macOS Hardware & Systems Engineering Subject Matter Expert covering Apple Silicon/Intel transitions, firmware management, and hardware lifecycle automation.
  • Tier 3 Escalation Engineer providing final resolution for complex macOS and JAMF Pro issues.
  • Package Engineering & Software Deployment using custom bash/Python scripts to build and deploy .pkg and .dmg installers for macOS.
  • JAMF Pro Automation & Scripting developing bash, Python, and Ruby scripts for policies, extension attributes, Smart Groups, and Self-Service workflows.
  • Extension Attribute Development creating custom inventory collection scripts for hardware attributes, application versions, security compliance, and reporting metrics.
  • API Integration & Automation leveraging JAMF Pro API and webhooks to integrate with ticketing systems, identity providers, and business platforms.
  • JAMF Environment Health & Remediation conducting formal audits of policies, Smart Groups, scripts, configuration profiles, API roles, certificates, and token hygiene — delivering prioritized remediation plans with documented before/after baselines to IT and security leadership.
  • OS Patching Pipeline Engineering building automated macOS update pipelines with configurable deferral windows, deadline enforcement triggers, and real-time compliance dashboards surfacing patch posture across the managed fleet.
  • Vulnerability Remediation & CVE Tracking integrating CrowdStrike and Sentinel One telemetry with JAMF Pro Smart Groups and API-triggered policies to automate CVE remediation, track time-to-remediate (TTR), and report compliance status to security stakeholders.
  • FileVault Encryption Governance enforcing FileVault 2 fleet-wide across Apple Silicon and Intel endpoints with automated PRK escrow verification, compliance tracking via extension attributes, and recovery key rotation workflows.
  • CIS Benchmark Hardening & Local Admin Lockdown implementing CIS-aligned macOS security controls via JAMF configuration profiles and bash remediation scripts, enforcing local admin account restrictions, audit logging, and Gatekeeper/SIP compliance across all managed devices.
  • Scripting Standards & Environment Hygiene establishing JAMF Pro-wide naming conventions for policies, Smart Groups, scripts, and profiles; enforcing Git-based version control, inline documentation requirements, and structured error handling as the baseline scripting standard.
  • Identity Federation & JAMF Connect OIDC deploying and managing JAMF Connect 3.2.0 with OIDC and Platform SSO, integrated with Okta and Microsoft SSO for zero-touch identity-bound enrollment and consistent post-setup authentication.
  • Apple Business Manager & Device Lifecycle managing ABM device assignments, VPP license distribution, and Managed Apple ID workflows; standardizing ADE enrollment profiles and automated offboarding procedures for clean, auditable device turnover.
  • Inventory Reconciliation via API & ABM querying JAMF Pro API and Apple Business Manager to identify stale check-ins (30/60/90 day thresholds), duplicate records, unassigned devices, and ghost inventory — categorizing every device with a recommended action (keep, reassign, remove, investigate) and delivering an inventory health report to IT leadership.
  • ABM/VPP Token Audit & Hygiene auditing all Apple Business Manager server tokens and VPP location tokens for expiration dates, assignment accuracy, and misconfiguration — delivering a token health report with corrected assignments and documented renewal dates to prevent silent breakage of enrollment and app deployment.
  • Offboarding Workflow Engineering engineering the full device offboarding lifecycle: remote wipe or unenrollment based on device ownership, VPP license recovery, ABM device release, inventory record cleanup, and ghost record remediation from past departures — eliminating license leakage and ensuring accurate compliance denominators.
  • Policy Trigger Remediation & Standards identifying and remediating JAMF Pro policy trigger misuse across the environment — correcting policies incorrectly set to Recurring Check-in that should fire on Enrollment Complete or Once per Computer — eliminating unnecessary endpoint resource consumption, reducing JAMF Pro log noise, and establishing trigger selection standards as part of the environment hygiene baseline.
  • Workflow Orchestration & Script Testing Automation standing up a local n8n instance to chain script validation workflows, automating test execution during script updates to catch errors before production deployment, a self-initiated improvement that compressed testing cycles and reduced manual validation steps.
  • Executive & Security Stakeholder Communication briefing IT Directors, CISOs, and cross-functional leaders on JAMF environment health, patch compliance posture, and MDM architectural decisions — translating technical complexity into clear, actionable reporting.
  • Team Training & Operational Handoff developing recorded training sessions, operational runbooks, and architecture documentation enabling internal teams to independently manage JAMF Pro policies, scripts, and enrollment workflows without escalation dependency.
Client Platform Engineer Jun 2022 – Oct 2022
Peloton Interactive · Plano, TX (Remote)
  • macOS Platform SME serving as the primary technical authority on macOS Client Platform Engineering across all enterprise endpoints.
  • Infrastructure Reliability maintaining client endpoint infrastructure with redundancy, scalability, and security as core design principles.
  • Multi-Platform Enterprise Management owning enterprise client services for macOS, Windows, Chrome OS, and iOS/iPadOS across the organization.
  • MDM Administration managing endpoints via JAMF Pro Cloud and Microsoft Endpoint Manager (Intune) across all managed platforms.
  • Policy & Application Distribution deploying configuration profiles, policies, and applications to macOS and Windows endpoints at scale.
  • Systems Optimization leveraging tooling and implementing targeted solutions to optimize existing client infrastructure and reduce friction.
  • Identity Integration supporting Okta SSO client integration across macOS and Windows managed endpoints.
  • Agile Project Management managing workstreams via JIRA sprint cycles to maintain prioritization and delivery cadence.
  • Inherited Environment Remediation assessed and remediated an inherited JAMF Pro environment; identified and resolved orphaned policies, redundant Smart Groups, and trigger misuse; established naming and documentation standards as the foundation for a maintainable MDM architecture.
macOS Endpoint Engineer Jun 2021 – May 2022
REEF Technology · Miami, FL (Remote)
  • macOS Platform SME serving as the primary technical authority on macOS Client Platform Engineering across all enterprise endpoints.
  • Automated Build Engineering designing and engineering the automated macOS build process for consistent, repeatable provisioning at scale.
  • Enrollment & Provisioning Architecture developing the full macOS enrollment and zero-touch provisioning workflow from scratch.
  • Hardware Standards & Certification defining supported hardware models and peripheral compatibility standards for the managed macOS fleet.
  • Application Packaging & Distribution packaging and distributing macOS applications via JAMF Pro for reliable, consistent software delivery.
  • Scripting & Automation developing task automation scripts in Bash, AppleScript, Python, and Swift to eliminate manual endpoint workflows.
  • Compliance Management managing macOS device compliance posture via Azure AD and Microsoft Endpoint Manager.
  • Hardware Certification certifying macOS hardware and peripheral compatibility within the managed environment.
Engineering Lead (macOS SME) Feb 2019 – Feb 2020
Citigroup · Irving, TX
  • macOS & JAMF SME serving as the authoritative technical resource for macOS platform engineering and JAMF Pro management at the enterprise level.
  • Automated Build Engineering designing and engineering automated macOS deployment processes for standardized, repeatable builds across the enterprise.
  • Convergence Build Development contributing to convergence builds incorporating core application suites and OS-level customizations for standardized endpoints.
  • Task Automation developing Bash/shell and AppleScript solutions to automate repetitive endpoint management workflows.
  • Application Packaging building and distributing application packages to managed endpoints via JAMF Pro.
  • Hardware Certification certifying macOS hardware compatibility against corporate standards and deployment requirements.
  • CIS Benchmark Hardening applied CIS-aligned macOS security hardening to enterprise endpoints via JAMF configuration profiles, enforcing local admin controls, encryption policy, and audit logging to meet financial-sector compliance requirements.
Senior Desktop Engineer — Univision Communications, Inc. · Dallas, TX  Jun 2013 – May 2018
  • Multi-Platform MDM Administration managing macOS endpoints with Filewave and Windows endpoints with Dell KACE across the enterprise.
  • Application Packaging & Deployment packaging and deploying applications and updates for macOS and Windows endpoints at scale.
  • macOS Platform SME serving as the authoritative resource for macOS hardware, software, and automation across the organization.
  • Image Engineering & Deployment building and deploying macOS images through Filewave for standardized endpoint provisioning.
  • FileVault 2 Encryption Fleet-Wide designing and enforcing FileVault 2 encryption fleet-wide with recovery key escrow, compliance verification workflows, and automated remediation for non-compliant devices — driving encryption posture to 100% across the managed fleet.
  • Zero-Touch Provisioning developing automated DEP-based macOS enrollment with Nomad for identity-bound, hands-free provisioning.
  • Automated Patch Management automating third-party macOS application updates via AutoPKGr to maintain currency without manual intervention.
  • Profile Management designing and optimizing macOS configuration profile workflows for consistent policy enforcement.
  • Self-Service Implementation reducing Help Desk ticket volume by ~40% through strategic deployment of self-service tooling and automation.
  • Process Automation ROI saving the company ~$100k monthly by identifying and automating high-volume manual workflows.
Systems Engineering Consultant — Freelance · Dallas, TX  Jul 2011 – Jun 2013
  • Multi-Client Systems Consulting analyzing, planning, designing, and delivering system platform deployment automation across a diverse client portfolio including T-Mobile, GameStop, and Mission Foods.
    • T-Mobile: OS reimaging, SCCM/Ghost imaging, Active Directory management, Ingenico/HTG hardware support.
    • Mission Foods: developed on- and off-boarding process; level 1–2 support across network, server, software, telephony.
    • Rapp Collins: hybrid environment support; Deploy Studio image deployment; Munki software distribution.
    • Built local Apple Software Update Server with Reposado and Margarita web UI.
    • GameStop: automated deployment of new PoS system to 10,000 retail outlets.
    • QBE: desktop deployment coordination; SCCM imaging line management.
    • Joerns Healthcare: desktop access configuration and C-level executive technical support.
Support Engineer (Level III) — Rent-A-Center · Plano, TX  Feb 2009 – Jun 2011
  • Windows Deployment Engineering building Windows endpoint deployments via Altiris with Active Directory integration for centralized identity management.
  • macOS Image Architecture designing and building the OS X image deployment architecture for standardized endpoint provisioning.
  • Unified Endpoint Management managing both macOS and Windows endpoints through a single Altiris-based management framework.
  • MDM Platform Migration migrating macOS endpoint management from Altiris to Deploy Studio for improved imaging capabilities and workflow efficiency.
  • Image & Application Management creating and deploying macOS images via Deploy Studio and distributing applications with Munki for reliable software delivery.

Projects

GDN – Discord Server Directory

Designed and architected a community of 100+ SA-affiliated Discord servers. Developed a Discord bot for membership verification, enabling 13,000+ verified members across enrolled servers for secure, members-only access.

Public Speaking

Independently deliver technical talks at MacAdmins.org Slack and Dallas macOS Admin's Group.

Downloads & Links

Download Resume
.DOCX .PDF
Additional Links