Client Platform Engineer

About The Position

Requirements

• 5+ years of experience in endpoint engineering or support across one or more enterprise client platforms.
• Hands-on expertise with Microsoft Intune, including compliance, configuration, application deployment, reporting, and troubleshooting across supported platforms (including Windows 11 and Android).
• Experience supporting hybrid Windows environments during transition to cloud / Entra ID-based management, including some SCCM/MECM (Configuration Manager) lifecycle management.
• Hands-on expertise with Jamf Pro, including configuration profiles, policies, inventory, application deployment, and troubleshooting across iOS, iPadOS, and macOS (and Android where applicable).
• Experience supporting modern enrollment and provisioning approaches such as Windows Autopilot, Apple Automated Device Enrollment (ADE), and Android Enterprise.
• Practical experience managing and troubleshooting endpoints across iOS, iPadOS, macOS, Android, and Windows 11 in an enterprise environment.
• Working knowledge of Apple enterprise services including Apple Business Manager, APNs certificate lifecycle management, and common macOS security/privacy controls (e.g., PPPC/TCC).
• Working knowledge of Android enterprise management concepts including Android Enterprise enrollment models, Managed Google Play, and work profile / fully managed device configurations.
• Familiarity with compliance frameworks such as CIS, PCI DSS, and NIST.
• Working knowledge of Microsoft Entra ID, especially Conditional Access and its endpoint implications.
• Strong understanding of administrative segmentation and role delegation (e.g., RBAC; Intune Scope Tags where applicable).
• Proficiency in automation and scripting (e.g., PowerShell, shell scripting) and basic use of Microsoft Graph API for endpoint administration.
• Experience with DEX tools (e.g., Nexthink, ControlUp, 1E).
• Excellent documentation and communication skills.
• Ability to work effectively in a global, collaborative environment.

Nice To Haves

• Exposure to Git for version control and collaboration.
• Microsoft certifications (MD-102, MS-102, AZ-104).
• Jamf certifications (e.g., Jamf 200/300/400) or equivalent hands-on experience.
• Experience with Apple Business Manager device/app assignment, ADE workflows, and Volume Purchase app distribution concepts.
• Experience with macOS administration topics such as software packaging (pkg/dmg), LaunchAgents/LaunchDaemons, and troubleshooting via logs/profiles.
• Familiarity with Apple security management patterns such as FileVault, PPPC/TCC, and macOS update/upgrade orchestration.
• Experience with Android enterprise at scale, including Managed Google Play, app configuration, and OEM enrollment methods (e.g., Android Zero-touch / Knox Mobile Enrollment where applicable).
• Experience working with or alongside MSPs in enterprise environments.
• Familiarity with enterprise IT best practices including patching, change management, and security hardening.

Responsibilities

• Engineer, implement, and maintain endpoint management solutions across iOS, iPadOS, macOS, Android, and Windows 11 using enterprise tooling, including Microsoft Intune and Jamf, plus platform-native capabilities.
• Design and operate modern provisioning approaches including Zero Touch provisioning for supported platforms (e.g., Windows Autopilot, Apple Automated Device Enrollment (ADE) via Apple Business Manager, and Android Enterprise enrollment methods).
• Administer and optimize Jamf and Intune for fleet management, including configuration profiles, restrictions, inventory, compliance reporting, and policy/workflow automation.
• Engineer application lifecycle management across platforms, including macOS packaging and deployment, iOS/iPadOS app distribution, and Windows/Android application deployment through available management channels.
• Ensure device compliance with enterprise policies and standards, including CIS, PCI DSS, and other regulatory frameworks.
• Manage OS and firmware update strategies across the fleet (e.g., Windows Update for Business, Autopatch, macOS/iOS/iPadOS DDM) to maintain security posture and user productivity.
• Support the ongoing transition of the Windows endpoint environment to cloud / Entra ID-based management while continuing to support hybrid-joined devices, including limited SCCM/MECM lifecycle management as needed.
• Collaborate with IAM and M365 partner teams on shared responsibilities, particularly around Microsoft Entra ID and endpoint identity/access configurations.
• Understand and support Conditional Access policies and their impact on endpoint behavior and user experience across platforms.
• Configure and manage administrative controls, including RBAC and segmentation constructs (e.g., Intune Scope Tags where applicable), to ensure proper administrative segmentation and policy targeting.
• Implement and maintain endpoint security baselines and configuration standards (e.g., Windows security baselines, macOS configuration profiles, iOS/iPadOS restrictions, and Android enterprise policies).
• Monitor and optimize device performance and user experience using DEX (Digital Employee Experience) tools.
• Support automation and reporting efforts using PowerShell, scripting, and Microsoft Graph API (and equivalent platform tooling where applicable).
• Partner with a Site Reliability Engineer (SRE) to support desktop application management through shared tooling responsibilities across Windows and macOS, and coordinate mobile app management for iOS/iPadOS and Android.
• Guide operational documentation, SOPs, and support materials for multi-platform endpoint management.

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• 401 (K)
• Paid Paternity and Maternity leave
• Commuter Benefits
• Disability insurance
• Tuition assistance