Join the Tech Orchard Team

At Tech Orchard, we’re committed to putting people first and office politics aside. We believe in doing our best to help one another thrive while underscoring our commitment to ensuring clients have the tools and technology they need to leverage meaningful mobility.

Our team is small but mighty, nimble yet purposeful. We are constantly looking for talented self-starters who are also a combination of tech oriented, task driven and time-management masters. If you think you have what it takes to join the Tech Orchard team, review our open positions and email your resume with cover letter to sales@techorchard.com.

Tech Orchard is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Tech Orchard participates in the E-Verify program as required by law.

Open Positions

THE ROLE

We are looking for a hands-on Workspace ONE UEM Engineer to own the full delivery lifecycle across our managed service and professional services customer base: design, deployment, troubleshooting, upgrades and documentation. You will be a named technical resource for enterprise customers, working alongside a small team of experienced architects with direct Omnissa SE relationships.

This is a senior individual contributor position. You will not need to manage people. You will manage technically complex problems across iOS, Android, Windows and macOS endpoints with deep integrations into enterprise identity, certificate infrastructure, security policy and cloud management platforms.

The right candidate thrives in ambiguity, owns problems end-to-end without being told what to do next and brings intellectual curiosity to every engagement. If you have written blog articles, authored sensors or debugged a SCEP chain at midnight, you will fit here immediately.

CORE RESPONSIBILITIES

Platform Delivery & Architecture

  • Design, deploy and configure Workspace ONE UEM environments — SaaS and on-premises ModStack — for enterprise and public sector customers
  • Manage enrollment workflows across all platforms: Apple ADE/DEP/ADUE (Account-Driven User Enrollment), Android Enterprise (fully managed, work profile, COPE), Windows Autopilot (user-driven and pre-provisioning) and macOS MDM
  • Configure and maintain WS1 Tunnel per-app VPN: gateway profiles, network traffic rules, certificate-based authand split-tunnel policy
  • Build and maintain certificate infrastructure integrations: SCEP templates, ADCS connector, ECDSA/RSA profile constraints and CA-signed device identity certificates
  • Configure OAuth2-based and EAS managed email profiles for M365/Exchange Online; troubleshoot modern auth flows and EAS policy conflicts
  • Deploy Workspace ONE Intelligence: sensor authoring (PowerShell, Bash, Python), custom dashboards, automation workflows and Freestyle Orchestrator
  • Implement Conditional Access Compliance Partner enrollment flows with Microsoft Entra ID, including CA policy design, compliance token service configuration and hybrid Entra Join scenarios
  • Manage application lifecycle: VPP, Managed Google Play, Windows WinGet/MSIX packaging and line-of-business app deployment

Troubleshooting & Escalation

  • Own complex break-fix scenarios across the full WS1 stack: enrollment loops, compromised device detection false positives, profile delivery failures, Tunnel connectivity issues and certificate chain validation errors
  • Interpret MDM enrollment logs, Workspace ONE Hub diagnostics, Apple MDM protocol responses, Android Debug Bridge output and Windows Event Log to isolate root cause
  • Document troubleshooting findings, workarounds and resolution steps in structured knowledge base articles for customer and internal use

Content Creation & Enablement

  • Author technical guides, deployment playbooks and reference architecture documents for customer self-enablement and team knowledge transfer
  • Create structured troubleshooting runbooks for common enrollment, certificate and identity integration failure patterns
  • Contribute to internal knowledge base and, where appropriate, publish technical content to the broader Omnissa partner community
  • Support internal onboarding and skills development as the team grows

Customer Engagement & Project Administration

  • Maintain weekly status communications with open project owners; track tasks and follow-ups accurately in Accelo or equivalent CRM
  • Scope and estimate effort for new WS1 deployments including resource requirements, platform dependencies and migration complexity
  • Represent Tech Orchard in customer working sessions, scoping calls, onboarding planning and vendor escalation meetings
  • Work with Tech Orchard team and principal architects on cross-platform and cross-product implementations

Continuous Learning & Partner Engagement

  • Track Omnissa release notes, Tech Zone publications and community content; surface relevant platform changes to the delivery team
  • Maintain and advance Omnissa certifications; participate in partner enablement sessions and early-access programs
  • Engage vendor SE contacts for product escalations, roadmap context and technical previews relevant to customer environments
REQUIRED SKILLS & QUALIFICATIONS

We define seniority by depth, not by years on a resume. The bar below reflects what Omnissa itself looks for in senior field-facing WS1 roles, adapted for a delivery and implementation context.

Must-Have (Non-Negotiable)

  • Workspace ONE UEM — 3+ years hands-on, production environments
  • iOS/iPadOS: ADE/DEP, supervised mode, ADUE (Account-Driven)
  • Android Enterprise: fully managed, work profile, COPE/COBO
  • Windows 10/11: Autopilot (user-driven + pre-prov), co-management
  • macOS MDM: profile delivery, PPPC, kernel/system extensions
  • Microsoft Entra ID: Conditional Access, hybrid join, compliance
  • Exchange Online / M365: EAS profiles, OAuth2, modern auth
  • SCEP / ADCS certificate integration and troubleshooting
  • PowerShell scripting — automation, reporting, sensor authoring
  • Strong written and verbal customer-facing communication
  • Ability to interpret MDM logs and enrollment diagnostics

Strongly Preferred

  • WS1 Tunnel per-app VPN — configuration and troubleshooting
  • SCEP/ECDSA/RSA certificate profile constraints
  • Workspace ONE Intelligence: sensors, automations, Freestyle
  • Entra ID Conditional Access compliance partner enrollment
  • Zebra Android: StageNow, MX framework, enterprise provisioning
  • Samsung Knox enrollment, containerization, and KME
  • Apple Business Manager: VPP, ASM, device assignment
  • Okta or other IdP federation with Workspace ONE
  • WS1 ModStack on-premises component architecture
  • Microsoft SCCM / co-management with Intune or WS1
  • Omnissa certification (any level)
  • Technical content creation: runbooks, guides, or blog articles

Nice to Have

  • Workspace ONE Horizon or App Volumes familiarity
  • Zero Trust / ZTNA architecture awareness
  • Regulated industry experience (healthcare, financial services, legal)
  • Jamf Pro for macOS management
  • Microsoft Intune — for cross-platform customer guidance
  • Linux system administration basics
  • Git / version control for script and config management
  • ConnectWise or MSP CRM experience
  • Bash or Python scripting for sensor/automation authoring
  • Virtual desktop or VDI management concepts

Certifications Valued

  • Omnissa VCP-DTM (Workspace ONE UEM)
  • Omnissa VCAP-DTM (Advanced)
  • Microsoft MD-102: Endpoint Administrator
  • Microsoft SC-300: Identity and Access Administrator
  • CompTIA Security+
  • ITIL Foundation
  • Any active Omnissa partner training completions
WHAT SETS YOU APART

We will prioritize candidates who can demonstrate any of the following:

  • Hands-on experience troubleshooting WS1 Tunnel per-app VPN failures including certificate chain validation and gateway profile misconfiguration
  • Direct experience resolving Conditional Access compliance partner enrollment issues between WS1 and Entra ID
  • Authored custom WS1 sensors (PowerShell or Bash) for custom compliance, inventory or reporting use cases
  • Published technical content — blog posts, runbooks, Tech Zone guides or community articles — covering WS1 deployment or troubleshooting
  • Experience with ModStack on-premises deployment topology including component dependencies across UEM, Tunnel and ACC
  • Experience in regulated industries (healthcare, financial services, legal, higher education) where compliance-driven MDM configuration was required
  • Ability to articulate the Omnissa platform five-pillar architecture and position WS1 UEM within a broader Zero Trust/ZTNA strategy
WHAT WE OFFER
  • Remote-first position; work from anywhere in the US
  • Monthly performance bonuses
  • Flexible work schedule with unlimited vacation days
  • Stock and ownership opportunities as the company scales
  • Paid training, certification exam fees and conference attendance — including Omnissa partner events
  • Direct collaboration with experienced Omnissa principal architects and former Omnissa SE contacts
  • A small, technically serious team where your work is visible and your expertise is respected
  • Clear growth path into senior or principal architect roles as the company expands