Endpoint Architect

About The Position

Requirements

• Expert troubleshooting of Windows client OS (Windows 10/11), registry, policy processing, user profiles, and application compatibility.
• PowerShell-first mindset for automation (image/config automation at scale, compliance remediation, reporting, and API integration).
• Strong communication and documentation skills; ability to influence and collaborate across cross-functional teams.
• Project and time management in fast-paced operational environments.
• Bachelor’s degree in Computer Science or equivalent experience.
• 10+ years supporting Windows client operating systems in enterprise environments.
• 5+ years hands-on experience with virtual desktop platforms.
• Demonstrated experience architecting and operating SCCM/MECM and Microsoft Intune at enterprise scale.
• Proven experience with Group Policy design, governance, troubleshooting, and MDM migration strategies.
• Ability to travel, as needed.
• Ability to safely and successfully perform essential job functions consistent with ADA, FMLA, and other applicable standards.
• Ability to maintain regular, punctual attendance consistent with ADA, FMLA, and other applicable standards.
• Must be able to lift and carry up to 50 lbs.

Responsibilities

• Architect, design, and optimize Azure AVD and Windows 365 environments for scalability, performance, resilience, and cost-efficiency.
• Define and maintain architecture standards and best practices for VDI deployment, configuration, security hardening, and lifecycle management.
• Design and provision virtual machines (images, specs, profiles), configure networking/storage/backup, and implement user profiles and access controls.
• Develop and maintain standardized Windows images and configurations for laptops/desktops/tablets; ensure consistency across managed devices.
• Ensure adherence to organizational security standards and regulatory requirements (e.g., encryption, identity, data protection).
• Act as the top-tier escalation for complex endpoint incidents across physical and virtual devices; perform root-cause analysis and drive durable fixes.
• Monitor health and performance of EUC/VDI platforms; execute maintenance, updates, and patching to sustain reliability and security.
• Create and maintain comprehensive technical documentation, SOPs, and troubleshooting guides; enable knowledge transfer to support teams.
• Own Microsoft Configuration Manager (SCCM/MECM) platform health and governance: hierarchy design, CMG usage, distribution point strategy, boundary groups, collections, RBAC, and custom reporting.
• Engineer application packaging and deployment, software update management (ADRs), task sequencing/OSD, compliance baselines, and inventory/compliance reporting.
• Lead Modern Management with Microsoft Intune: device enrollment, configuration profiles, compliance policies, update rings/feature flighting, application lifecycle (Win32/MSIX), Autopilot, and co-management scenarios.
• Design a scalable Group Policy framework: authoring, targeting, troubleshooting, change control, and rationalization/migration of legacy GPOs to MDM policies where appropriate.
• Integrate endpoint compliance, patching posture, and security operations across physical devices and AVD/W365 virtual desktops.

Benefits

• 401(k) plan with company match
• comprehensive medical, dental, and vision insurance
• flexible spending and health savings accounts
• paid vacation, and sick days
• paid parental leave
• paid holidays
• wellness program