Desktop Engineering & Endpoint Management

Scottish Rite for Children•Dallas, TX

1d•Onsite

About The Position

This role is a senior, hands-on endpoint engineering position responsible for owning endpoint platforms, inventory accuracy, and endpoint risk management across the organization. Although the role reports into the Help Desk & End User Support Manager, it operates at a senior engineering and platform-ownership level, defining standards, leading modernization efforts, and reducing operational and security risk.

Requirements

5+ years of experience in endpoint or desktop engineering.
Hands-on experience with Microsoft Intune / Endpoint Manager.
Hands-on experience with KACE.
Strong experience with ServiceNow CMDB population, reconciliation, and lifecycle workflows.
Experience managing Windows 10/11 enterprise environments, application packaging, and patch management.

Nice To Haves

Experience with Absolute for device visibility and recovery.
Experience with Armis for device discovery and risk insight.
Experience managing macOS and iOS/iPadOS devices.
Healthcare or other regulated industry experience.

Responsibilities

Endpoint Inventory & CMDB Management
Own endpoint inventory accuracy and lifecycle management across ServiceNow CMDB, Microsoft Intune, and KACE.
Define authoritative data sources and reconcile discrepancies between systems.
Design and maintain automated CMDB population and lifecycle workflows.
Ensure accurate tracking of device ownership, status, and compliance.
Partner with IT Asset Management, Security, and End User Support to ensure audit readiness and reliable reporting.
Endpoint Engineering, Standards & Risk Management
Serve as the technical authority for endpoint configuration and standards.
Design, build, and maintain gold images, including traditional and modern cloud-based builds.
Establish and enforce endpoint security baselines aligned with organizational and industry standards.
Proactively manage endpoint risk related to vulnerabilities, configuration drift, and unsupported platforms.
Endpoint Platform Ownership (KACE to Intune)
Act as platform owner for KACE (current state) and Microsoft Intune (future state).
Develop and execute a phased migration strategy from KACE to Intune.
Migrate policies, applications, and patching with minimal end-user disruption.
Reduce tool overlap and establish Intune as the primary endpoint management platform.
Patch Management & Compliance
Own patching strategy for Windows, macOS, and third-party applications.
Define patch SLAs based on risk and clinical impact.
Automate patch deployment and compliance reporting.
Partner with Information Security on vulnerability remediation and audits.
Modern Endpoint Strategy & Continuous Improvement
Evaluate and recommend modern endpoint management solutions such as Windows Autopilot and cloud-based imaging.
Identify opportunities to automate endpoint processes and improve deployment speed.
Provide technical mentorship and escalation support to End User Support teams.