Sr. Endpoint Management Engineer

About The Position

Requirements

• Bachelor’s degree required; preferred in Information Systems, Computer Science.
• 5+ years engineering and operating enterprise endpoint platforms using Microsoft Intune and/or SCCM/ConfigMgr in medium to large environments.
• Deep experience designing and supporting device lifecycle, OS deployment, and update strategies across Windows, iOS, and Android, including Autopilot, Apple Automated Device Enrollment, Android Enterprise, and Windows 10 to Windows 11 upgrades.
• Strong expertise in configuration management, compliance, security baselines, and endpoint hardening using Intune, ConfigMgr, Windows Update for Business, BitLocker, FileVault, Windows LAPS, and Defender for Endpoint.
• Hands‑on experience with application packaging and lifecycle management for Win32, Store, LOB, iOS, and Android applications.
• Advanced PowerShell skills for automation, remediations, and integration with Microsoft Graph and Intune APIs.
• Solid understanding of Microsoft Entra ID including device identity, Conditional Access, Hybrid Join, Entra ID Join, and role‑based access control.
• Proven ability to troubleshoot complex endpoint, identity, networking, and enrollment issues using logs and telemetry.
• Experience authoring system designs, standards, and runbooks; familiarity with ITSM platforms such as ServiceNow.
• Experience modernizing endpoint management, including GPO to MDM migrations and use of endpoint analytics or DEX tooling.

Responsibilities

• Design, engineer, and operate enterprise endpoint management platforms using Microsoft Intune and SCCM/ConfigMgr, supporting Windows, iOS, and Android across cloud, hybrid, and co‑managed environments.
• Engineer end‑to‑end device lifecycle solutions including Autopilot, Apple Automated Device Enrollment, Android Enterprise, OS deployment, driver and firmware management, and Windows 10 to Windows 11 upgrades.
• Define and enforce configuration standards, compliance policies, security baselines, and update strategies using Intune, ConfigMgr, Windows Update for Business, BitLocker, FileVault, Defender for Endpoint, ASR rules, and Windows LAPS.
• Design and maintain scalable application deployment frameworks for Win32, Store, LOB, iOS, and Android apps, including detection logic, dependencies, supersedence, rollback, and lifecycle management.
• Engineer integrations with Microsoft Entra ID for device identity, Conditional Access, compliance enforcement, Hybrid Join, Entra ID Join, Cloud PC, and Intune RBAC.
• Develop PowerShell automation and Proactive Remediations to reduce manual effort and configuration drift.
• Build operational and executive reporting using Log Analytics, KQL, Power BI, Endpoint Analytics, and Update Compliance.
• Enforce least‑privilege access, auditable change control, and platform governance.
• Author system designs, standards, runbooks, and operational documentation.
• Act as senior escalation point for endpoint issues, lead root cause analysis, drive incident and problem management, and coordinate pilots, change management, and staged rollouts with Security, Identity, Networking, and Support teams.

Benefits

• Benefits package includes comprehensive Medical (includes Prescription Drug), Dental, Vision, Flexible Spending Accounts, 401(k) with matching company contribution, 3-weeks paid time off plus paid sick time, stock purchase plan, tuition reimbursement, parental leave, short- and long-term disability, life insurance, accidental death & dismemberment insurance, 12 paid holidays (including floating holidays), employee referral bonuses and employee discounts.