Andrew Arsenault

Remote

Primary Slack platform owner and service owner — governance, app security, provisioning, and AI feature rollout across an enterprise-scale workforce.

• Own the Slack platform: lead governance, app security reviews, SCIM behavior, AI feature rollout controls, and elevated-scope approval processes for enterprise-scale reliability and security.
• Eliminated 2,500+ hours of manual work through custom Slack bots, API-driven Jira workflow automations, and self-service tooling that replaced repetitive access and support operations org-wide.
• Serve as subject-matter expert (SME) for Slack, Google Workspace, SendSafely, and DocuSign — owning configuration, security, and escalation support across these platforms for the enterprise.
• Engineered IAM improvements across Okta, LDAP, and Workday→Okta→Slack provisioning; designed dynamic attribute-driven group models that replaced static LDAP groups and eliminated manual access provisioning toil org-wide.
• Helped build out integrations on a Go-based orchestration platform that drives automated LDAP group/role assignment to SaaS applications, enabling attribute-driven access provisioning at scale.
• Personally built the Google Workspace MCP server and build and maintain multiple MCP servers — owning design, OAuth flow validation, and release readiness to expose internal systems to AI agents.
• Leverage AI tooling — Claude, Vercel, Gemini, and GPT — to design, build, and ship systems quickly and at scale, accelerating automation and integration delivery across the org.
• Drove Slack Webhook Proxy deprecation using Datadog telemetry to find legacy consumers and coordinate migration to native API integrations and custom apps.
• Recognized by ESTO leadership for leading simultaneous incident responses and delivering platform solutions for partner teams under tight timelines.

Remote

Managed a global, cross-platform endpoint fleet and stood up greenfield Azure cloud-management infrastructure as code.

• Orchestrated a global endpoint fleet across macOS, Windows, ChromeOS, iOS, and Linux using Intune, JAMF Pro, WorkspaceOne, and Google Workspace MDM — with fleet-health visibility via Looker dashboards.
• Designed a custom Temporal workflow to automate device offboarding: remote lock, lock-key escrow to Oomnitza, and DynamoDB audit logging for compliance.
• Led greenfield Azure setup — Log Analytics, Key Vaults, Automation Accounts, Runbooks, and Intune/Autopilot — establishing a scalable cloud-management foundation.
• Executed MDM server upgrades via infrastructure-as-code and administered Azure groups and RBAC with Terraform, reducing downtime.
• Designed SAML/OIDC app integrations in Okta and built Okta Workflows automations triggered by Jira service requests, eliminating manual provisioning steps.

Remote

Managed a global endpoint fleet and built zero-touch enrollment and compliance reporting automation.

• Managed a global fleet across macOS, Windows, Linux, ChromeOS, iOS, and Android using Intune, JAMF, Chef, and Ansible.
• Developed complex PowerShell for zero-touch enrollment (ZTE) via Autopilot and built Azure Log Analytics dashboards for OS-version and patch-compliance metrics.
• Remediated Windows OS issues with PowerShell Proactive Remediations; managed Windows 10 / EM+S / M365 licensing and Azure AD.

Contract

Consulted on cloud device management and client migrations to Intune.

• Designed and implemented cloud device management; assisted clients migrating from WorkspaceOne and JAMF to Intune across Windows, macOS, iOS, and Android.
• Configured compliance policies, app protection, conditional access, and security baselines; ran client training on security best practices.

Nova Scotia

Led province-wide software packaging, deployment, and IT service management.

• Led the SCCM/MECM packaging team: built and deployed 100+ application packages and complex task sequences for BIOS updates, encryption, and Windows feature upgrades province-wide.
• Implemented Intune MDM and Autopilot for loaner devices; designed a college-wide Windows 10 base image via Windows Deployment Services.
• Launched the TeamDynamix IT service desk and knowledge base (500+ services, hundreds of KB articles) and led Change Management across the college.
• Performed vulnerability scanning (Nessus), rogue-device detection (NMAP), and traffic analysis (Wireshark); configured an ELK stack to monitor Windows event logs on CentOS.