Infrastructure Engineer (Lead)-Windows

About The Position

Requirements

• 5+ years of hands-on Windows infrastructure engineering (ideally within a Managed Service Provider or multitenant environment).
• Security+ certification (required).
• Strong proficiency with Windows Server, Active Directory, Group Policy, DNS/DHCP, and file/print services.
• Experience managing Windows 10/11 endpoints via Intune/MEM and/or MECM/SCCM, including Autopilot/MDT imaging, compliance, and application packaging.
• Demonstrated expertise in patch management, PowerShell scripting, and systems integration (identity, networking, virtualization, backup, monitoring).
• Proven ability to troubleshoot complex Windows platform issues and lead cross-functional resolution efforts.

Nice To Haves

• Experience with virtualization platforms (e.g., VMware, HyperV) and Windows-centric VDI/RDS solutions (e.g., Azure Virtual Desktop, FSLogix, Horizon/Citrix).
• Familiarity with hybrid/cloud-connected Windows environments (Azure/Entra ID, Conditional Access, Defender suite, Microsoft Sentinel).
• Knowledge of NIST 800171 and/or NIST 80053 and implementation of Windows controls and monitoring in compliance-driven environments.
• Microsoft certifications (e.g., AZ104, MS102, SC300, SC200, MD102) or equivalent infrastructure credentials.
• Experience supporting secure or GCC High environments.

Responsibilities

• Architect, deploy, and maintain Windows infrastructure across multiple clients-including Windows Server (2016/2019/2022/2025), Active Directory/Entra ID, and Windows 10/11 endpoints.
• Lead identity, directory, and policy management: design and administer AD DS, Group Policy, OU structure, DNS/DHCP, and hybrid identity (Entra Connect), including Conditional Access and MFA where applicable.
• Own endpoint management at scale: implement and optimize Intune/Microsoft Endpoint Manager and/or MECM/SCCM for device enrollment, configuration baselines, software distribution, compliance policies, and Autopilot/MDT imaging.
• Patching & update governance: establish and enforce patching strategies via Windows Update for Business, WSUS, Intune, or MECM; ensure timely remediation and reporting.
• Security hardening: apply and document Windows security baselines (e.g., CIS, DISA STIG), BitLocker, Defender for Endpoint, Defender for Identity, and LAPS; integrate with SIEM (e.g., Microsoft Sentinel) as needed.
• Automation & scripting: develop reliable PowerShell tooling for configuration, health checks, remediation tasks, and repeatable deployments; maintain source control and documentation.
• Integrate Windows platforms with virtualization, backup, and monitoring: support VMware/HyperV, Veeam/Azure Backup, and monitoring stacks (SCOM/Azure Monitor) to ensure availability and performance.
• Troubleshoot complex issues: lead deep dive diagnostics across authentication, policy application, performance bottlenecks, networking, and OSlevel failures; drive root-cause analysis and prevention.
• Standards & governance: create, document, and enforce Windows platform standards, gold images, baseline configurations, and operational runbooks.
• Project leadership: plan, lead, and deliver Windows infrastructure initiatives (migrations, upgrades, hardening programs) aligned to organizational goals, scope, and timelines.
• Team leadership: mentor engineers; supervise the Windows Infrastructure team's workload and quality, ensuring consistent, timely delivery of builds, configurations, and endpoint repairs.
• Other duties as assigned.

Benefits

• Comprehensive health and dental coverage (BCBS/Ameritas)
• Premium vision benefits (VSP)
• 401k with company match
• 10 vacation days + 7 sick days
• Certification-based bonuses and salary growth opportunities