// IT Systems & Automation Engineer
Jaime
Guerrero_
I automate the enterprise. Cloud infrastructure, device management, compliance tooling, workflow systems — built to reduce toil, enforce consistency, and scale across any stack.
// 01 — about
IT engineer who thinks in systems.
I specialize in IT systems engineering and automation — turning repetitive, error-prone processes into reliable, auditable workflows that run without babysitting.
My background spans multi-cloud infrastructure (AWS, Azure), cross-platform device management (Kandji, Jamf, Mosyle, Intune), compliance tooling, employee lifecycle automation, and internal workflow systems. I'm not tied to any one vendor — I use whatever fits the problem.
Available for contract engagements focused on automation, cloud infrastructure, device management, and internal tooling.
Jaime Guerrero
IT Systems & Automation Engineer
// tech stack & tools
// 02 — services
What I can build for you.
$ run automation --scope org
IT Automation & Scripting
End-to-end workflow automation across the full employee lifecycle — provisioning, offboarding, access management, and everything in between. Turn multi-hour manual processes into zero-touch pipelines using PowerShell, Python, or whatever fits your stack.
$ deploy --cloud any
Cloud & Infrastructure
Multi-cloud infrastructure design, deployment, and management across AWS and Azure. Experience with Kubernetes, serverless, Terraform, and IaC-driven workflows — built to be repeatable, auditable, and not dependent on one provider.
$ generate --report compliance
Compliance & Audit Tooling
Custom tools for change evidence collection, audit lookbacks, and compliance reporting. Integrates with your existing ITSM and CI/CD systems to produce audit-ready documentation on demand — no more manual evidence gathering.
$ enroll --fleet all-platforms
Device Management & MDM
Cross-platform device management across macOS, iOS, and Windows. Hands-on with Kandji, Jamf, Mosyle, and Intune — from zero-touch enrollment and policy configuration to fleet migrations and compliance reporting.
// 03 — work
Selected projects.
~/mcp-remote-id
MCP OAuth Bridge via Okta + AgentGateway
Most MCP servers that integrate with Okta only support local stdio (uv/Docker), device code auth, or browserless key pairs — no OAuth flow. And without an Okta enterprise license, you can't create a custom authorization server to add custom claims to access_tokens. Forked mcp-remote to support id_tokens, which carry group membership and custom claims via standard OIDC app config. Deployed the Okta MCP server behind AgentGateway — which translates stdio → HTTPS and acts as the auth middleware — then wrote CEL expressions against JWT claims to gate which users get access to which tools.
~/it-scripts
IT Automation Script Library
Public collection of production-grade automation scripts covering Okta user lifecycle management, SentinelOne security integrations, Slack ops workflows, and general sysadmin tooling. Written in Python, PowerShell, and Bash — the same patterns used in enterprise environments, open for review.
~/offboarding-automation
Employee Offboarding Automation
A 3-day manual offboarding process created an access risk window every time someone left the company. Built a zero-touch pipeline that handles account deprovisioning, license reclamation, and access revocation across cloud and on-prem systems — with a full audit trail generated automatically. Offboarding time dropped from days to under an hour.
~/compliance-lookback
Compliance Lookback Tool
Quarterly audits required weeks of manual evidence gathering — correlating change tickets, deployment logs, and approvals by hand. Built a tool that pulls from ITSM and CI/CD systems, auto-correlates changes to tickets, and produces audit-ready documentation on demand. What took a team weeks now runs in minutes.
~/workflow-as-code
Internal Workflow Engine
Approval processes lived in email threads — no SLA enforcement, no audit trail, no escalation logic. Replaced them with a version-controlled workflow engine that codifies approvals, escalations, and notifications. SLA violations dropped to zero; every action is tracked and replayable.
~/ad-to-entra-migration
Active Directory → Entra ID Migration
Led a zero-downtime migration of 500+ identities and a cross-platform device fleet from on-prem Active Directory to Microsoft Entra ID. Designed identity policy from scratch, ran phased device enrollment across Windows and macOS, and coordinated end-user communication — no disruption to a 200-person org.
// 04 — contact
Let's work together.
Available for contract engagements. Reach out to discuss your project and I'll get back to you as soon as I can.
jguerrero@jjg-online.com
linkedin.com/in/jaime-j-guerrero
github
github.com/ja-guerrero
// Preferred contact for new projects is email.