IT Endpoint Engineer

About The Position

Requirements

• Expert-level knowledge of Windows Autopilot, Configuration Profiles/Settings Catalog, Proactive Remediations, WinGet/Win32 app packaging, update rings, and Defender for Endpoint integration.
• Strong proficiency in PowerShell for automation, packaging, and reporting; familiarity with KQL and Log Analytics for endpoint performance and health analytics.
• Solid understanding of Microsoft Entra ID, on‑prem Active Directory, Group Policy design principles, and modern identity‑based management.
• Demonstrated experience developing operational runbooks, change plans, and stakeholder communications aligned to ITSM processes.
• Strong understanding of device lifecycle management, modern endpoint deployment practices, and digital workspace best practices.
• Proven ability to manage multiple projects simultaneously, work independently, and deliver tasks on time.
• Strong analytical skills with the ability to understand complex issues and drive them to resolution.
• Excellent troubleshooting, documentation, and communication skills.
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent experience.
• Minimum 6 years of related IT experience, or 12 years of experience in lieu of a degree.
• 5–7+ years of experience in endpoint engineering or administration, including at least 3 years of hands‑on Intune/Microsoft Endpoint Manager experience in an enterprise environment.
• Minimum of 4 years of experience with Microsoft Intune management methodologies, including security configuration, application management, policy creation and management, and service health/monitoring.
• Experience with Group Policies and Active Directory/Entra.
• Experience managing Defender security policies.

Nice To Haves

• Exposure to macOS management (Jamf or Intune for macOS) and mobile device and app protection policies for iOS/Android.
• Experience with a patch management solution such as Ninja.
• ITIL v4 Foundation certification preferred.

Responsibilities

• Manage endpoint devices via Azure Intune to ensure that all devices are updated with the appropriate configuration and security policies.
• Oversee Autopilot device lifecycle standards (procurement specifications, golden config, retirement and secure wipe) and coordinate with Asset/Finance for inventory and chargebacks, consistent with your Endpoint/Asset.
• Lead the design, packaging, testing, and deployment of line‑of‑business and third‑party apps via Intune; maintain app catalogs and deployment rings.
• Create robust monitoring and reporting: device compliance, patch coverage, app success, enrollment trends, and risk/health dashboards; leverage KQL/Log Analytics where applicable.
• Attend regular calls to discuss vulnerabilities within the environment and plan for their remediation.
• Provide Tier 2 (second level) support for the End User Support team.
• Provide outstanding customer support to the End Users and End User Support team.
• Manage cases with Microsoft support and other vendors to drive solutions to technical issues.
• Partner with architecture and security teams to contribute to the digital workspace roadmap.