IT Systems Engineer (Endpoint)

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Technology, or related technical discipline and 5+ years of hands-on experience designing, implementing, and managing Jamf, Fleet, Intune, and Entra Conditional Access in large enterprise environments; OR 7+ years of hands-on experience designing, implementing, and managing Jamf, Fleet, Intune and Entra Conditional Access in large enterprise environments in lieu of a degree
• Experience with Apple macOS and iOS enterprise management as well as Windows 11 and Windows Server operating systems
• Experience implementing security controls and compliance frameworks in regulated environments

Nice To Haves

• Hands-on experience integrating endpoint platforms with Splunk for SIEM, compliance reporting, and operational visibility
• Direct experience implementing CIS benchmarks and operating in ITAR/EAR-controlled environments
• Familiarity with AI workflows and tools, such as using large language models for script development, policy generation, log analysis, or operational automation
• Significant experience developing and maintaining production-grade scripts in PowerShell, Bash, and AppleScript
• Proficiency with Microsoft Graph API, advanced PowerShell module development, modern automation/CI-CD practices, GitOps, DevOps tooling, and Infrastructure as Code (IaC)
• Relevant Microsoft and Apple certifications (e.g., MS-102 Endpoint Administrator, AZ-900 Microsoft Azure Fundamentals, Jamf-200/300, or security/compliance credentials)
• Experience leading cross-functional endpoint projects and mentoring or training other IT team members
• Excellent written and verbal communication skills, with the ability to explain complex technical topics to technical and non-technical audiences

Responsibilities

• Architect, implement, and manage Jamf, Fleet, Microsoft Intune, and Entra Conditional Access policies to enforce zero-trust principles and device compliance across the fleet
• Design, deploy, and maintain endpoint configurations, compliance policies, application deployments, and security baselines for Windows 11, Windows Server, macOS, and iOS devices
• Develop and maintain advanced automation using PowerShell, Bash, and AppleScript to handle provisioning, configuration management, patching, remediation, and reporting at enterprise scale
• Integrate telemetry from Intune, Jamf, and other endpoint platforms with Splunk to deliver real-time monitoring, alerting, compliance dashboards, and support for security investigations
• Implement, audit, and maintain endpoint controls aligned with CIS benchmarks while ensuring strict adherence to ITAR and EAR regulatory requirements for devices, configurations, and data handling
• Evaluate, pilot, and operationalize AI-powered workflows and tools (including LLM-assisted scripting, intelligent policy analysis, and automated remediation) to increase efficiency and reduce risk
• Collaborate closely with Security, Compliance, Infrastructure, and business stakeholders to define endpoint standards, drive configuration and patch compliance across endpoint platforms, and support audits involving endpoint platforms and systems
• Create and maintain high-quality documentation, runbooks, and knowledge articles; provide training and tier-3 escalation support to IT and support teams
• Lead or significantly contribute to major endpoint projects such as OS migrations, Entra Conditional Access expansions, new platform integrations, and automation platform improvements
• Continuously improve the team’s automation, monitoring, compliance posture, and operational resilience through scripting, policy refinement, and process optimization

Benefits

• comprehensive medical, vision, and dental coverage
• access to a 401(k) retirement plan
• short and long-term disability insurance
• life insurance
• paid parental leave
• various other discounts and perks
• 3 weeks of paid vacation
• 10 or more paid holidays per year
• paid sick leave