What you'd actually do

Contribute to the ongoing management and improvement of our macOS endpoint program: provisioning, enrollment, configuration, compliance, patching, troubleshooting, and deprovisioning

Build and maintain software deployment and update workflows with safe rollout patterns (pilot → staged → broad), measurable success criteria, and clear rollback plans

Develop automation using Bash/Python, APIs, and Git-based workflows to reduce repetitive work and improve reliability (e.g., lifecycle tasks, reporting, drift detection/remediation, self-service enablement)

Implement and operationalize endpoint security controls in partnership with Security (secure configuration baselines, permissions/PPPC/TCC strategy, posture validation concepts, response playbooks)

Improve operational rigor: documentation, runbooks, change management, and incident follow-through/retrospectives

Skills

Required

macOS endpoint management
MDM / endpoint management platform administration
Bash
Python
APIs
GitOps/configuration-as-code workflows
Meraki and cloud-managed networking concepts

Nice to have

identity-adjacent endpoint controls
endpoint visibility/telemetry tooling
fleet reporting
managing configurations for Chrome and Android through Google Workspace

What the JD emphasized

Significant hands-on experience managing macOS endpoints in an enterprise environment (typically 5+ years, or equivalent depth of responsibility)

Strong experience administering a modern MDM / endpoint management platform

Solid understanding of macOS security and management fundamentals

Proficiency in Bash and/or Python, plus comfort working with APIs, logs, and structured data

Comfortable with GitOps/configuration-as-code workflows

Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us!

As a member of the IT Engineering team, you’ll collaborate closely with IT Operations, Security, and cross-functional partners to develop, manage, and secure Figma’s internal IT services and employee device experience. This role is primarily focused on endpoint management and security posture—especially for macOS—with a strong emphasis on automation, reliable software delivery, and configuration-as-code practices.

You’ll partner across IT and Security to design and run repeatable endpoint workflows that keep devices secure, compliant, and easy to support.

What you'll do at Figma:

Contribute to the ongoing management and improvement of our macOS endpoint program: provisioning, enrollment, configuration, compliance, patching, troubleshooting, and deprovisioning
Build and maintain software deployment and update workflows with safe rollout patterns (pilot → staged → broad), measurable success criteria, and clear rollback plans
Develop automation using Bash/Python, APIs, and Git-based workflows to reduce repetitive work and improve reliability (e.g., lifecycle tasks, reporting, drift detection/remediation, self-service enablement)
Implement and operationalize endpoint security controls in partnership with Security (secure configuration baselines, permissions/PPPC/TCC strategy, posture validation concepts, response playbooks)
Improve operational rigor: documentation, runbooks, change management, and incident follow-through/retrospectives
Communicate endpoint changes clearly to impacted audiences (what’s changing, why, what users might see, and how to get help)
Work in a “configuration as code” mindset where applicable: PR-based changes, peer review, and traceable deployments using tools like GitHub, Terraform, YAML, or similar
Collaborate effectively on office connectivity initiatives by providing working familiarity with Meraki (cloud-managed networking concepts and dashboard fundamentals) and coordinating with internal partners and external providers when needed

We’d love to hear from you if you have:

Significant hands-on experience managing macOS endpoints in an enterprise environment (typically 5+ years, or equivalent depth of responsibility)
Strong experience administering a modern MDM / endpoint management platform (policies/profiles, packaging/software deployment, enrollment flows, scoping strategies, troubleshooting). Experience with tools such as Jamf Pro, Fleet, Kandji, Intune, Workspace ONE, or similar. Solid understanding of macOS security and management fundamentals (MDM concepts, certificates, PPPC/TCC, OS updates, compliance posture, IDE management)
Proficiency in Bash and/or Python, plus comfort working with APIs, logs, and structured data
Comfortable with GitOps/configuration-as-code workflows (GitHub, Terraform/YAML, CI-friendly change management)
Working familiarity with Meraki and cloud-managed networking concepts (enough to partner effectively with specialists/vendors, not to be the dedicated network owner)

While it’s not required, it’s an added plus if you also have:

Experience with identity-adjacent endpoint controls (device posture/device trust concepts; integrations with IdPs such as Okta)
Familiarity with endpoint visibility/telemetry tooling and fleet reporting (query-based inventory, EDR/SIEM integrations)
Demonstrated proficiency in improving or modernizing endpoint management programs (tooling evaluation, rollout strategy, change management) with minimal end-user disruption
Experience operating in a global environment with distributed offices and vendor-supported onsite infrastructure
Exposure to managing configurations for Chrome and Android through Google Workspace.

At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status**, **or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities.

Examples of accommodations include but are not limited to:

Holding interviews in an accessible location
Enabling closed captioning on video conferencing
Ensuring all written communication be compatible with screen readers
Changing the mode or format of interviews

To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding.

By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.

You’ll partner across IT and Security to design and run repeatable endpoint workflows that keep devices secure, compliant, and easy to support.

What you'll do at Figma:

Contribute to the ongoing management and improvement of our macOS endpoint program: provisioning, enrollment, configuration, compliance, patching, troubleshooting, and deprovisioning
Build and maintain software deployment and update workflows with safe rollout patterns (pilot → staged → broad), measurable success criteria, and clear rollback plans
Develop automation using Bash/Python, APIs, and Git-based workflows to reduce repetitive work and improve reliability (e.g., lifecycle tasks, reporting, drift detection/remediation, self-service enablement)
Implement and operationalize endpoint security controls in partnership with Security (secure configuration baselines, permissions/PPPC/TCC strategy, posture validation concepts, response playbooks)
Improve operational rigor: documentation, runbooks, change management, and incident follow-through/retrospectives
Communicate endpoint changes clearly to impacted audiences (what’s changing, why, what users might see, and how to get help)
Work in a “configuration as code” mindset where applicable: PR-based changes, peer review, and traceable deployments using tools like GitHub, Terraform, YAML, or similar
Collaborate effectively on office connectivity initiatives by providing working familiarity with Meraki (cloud-managed networking concepts and dashboard fundamentals) and coordinating with internal partners and external providers when needed

We’d love to hear from you if you have:

Significant hands-on experience managing macOS endpoints in an enterprise environment (typically 5+ years, or equivalent depth of responsibility)
Strong experience administering a modern MDM / endpoint management platform (policies/profiles, packaging/software deployment, enrollment flows, scoping strategies, troubleshooting). Experience with tools such as Jamf Pro, Fleet, Kandji, Intune, Workspace ONE, or similar. Solid understanding of macOS security and management fundamentals (MDM concepts, certificates, PPPC/TCC, OS updates, compliance posture, IDE management)
Proficiency in Bash and/or Python, plus comfort working with APIs, logs, and structured data
Comfortable with GitOps/configuration-as-code workflows (GitHub, Terraform/YAML, CI-friendly change management)
Working familiarity with Meraki and cloud-managed networking concepts (enough to partner effectively with specialists/vendors, not to be the dedicated network owner)

While it’s not required, it’s an added plus if you also have:

Experience with identity-adjacent endpoint controls (device posture/device trust concepts; integrations with IdPs such as Okta)
Familiarity with endpoint visibility/telemetry tooling and fleet reporting (query-based inventory, EDR/SIEM integrations)
Demonstrated proficiency in improving or modernizing endpoint management programs (tooling evaluation, rollout strategy, change management) with minimal end-user disruption
Experience operating in a global environment with distributed offices and vendor-supported onsite infrastructure
Exposure to managing configurations for Chrome and Android through Google Workspace.

Examples of accommodations include but are not limited to:

Holding interviews in an accessible location
Enabling closed captioning on video conferencing
Ensuring all written communication be compatible with screen readers
Changing the mode or format of interviews