Microsoft Subject Matter Expert (SME)

About The Position

Requirements

• Must possess an active Top Secret security clearance.
• A minimum of eight (8) years of overall experience in Information Technology, Endpoint Engineering, or Cybersecurity.
• A minimum of six (6) years of dedicated experience performing advanced engineering (not help desk) functions in complex enterprise environments.
• Demonstrated experience working under formal change control, audit, and security governance processes.
• Extensive experience supporting enterprise Windows environments.
• Hands-on experience and proficiency with Microsoft Intune, Windows Autopilot, Active Directory, and Microsoft 365 administration.
• Experience with patch management and deployment tools such as Ivanti and KACE.
• Deep expertise in endpoint security, patch management, and device lifecycle management.
• Experience supporting virtual desktop and remote access technologies.

Nice To Haves

• A Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience) is preferred.
• Familiarity with JAMF for macOS management is highly beneficial as environments are often mixed.

Responsibilities

• Provide high-level engineering support for enterprise Windows environments, including Microsoft 365 administration and Active Directory integrations.
• Build and maintain Windows (and macOS) workstation images. Manage image automation, validation, rollback, and version control processes. Integrate images with Virtual Desktop Infrastructure (VDI), Endpoint Detection and Response (EDR), authentication, and logging agents.
• Utilize tools such as Ivanti and/or KACE for OS and application patching. Manage configuration drift, execute remediation workflows, and provide comprehensive reporting. Validate patches post-deployment and support necessary rollback procedures.
• Leverage Microsoft Intune and Windows Autopilot for robust provisioning, deployment, and compliance enforcement. Implement and manage advanced authentication methods, including passwordless authentication and hardware-backed credentials (e.g., YubiKey, CAC, software keys).
• Configure robust endpoint logging (e.g., Windows Event Logs). Forward and validate logs into SIEM/EDR platforms (such as MS Sentinel) to support forensic collection, audit readiness, and continuous monitoring.
• Assist in administering all information security functions for the Windows baselines, including updates, upgrades, policy administration, and validation for special access to segmented environments.
• Develop and maintain detailed technical documentation, operational procedures, and configuration baselines.
• Actively support federal security and compliance requirements through rigorous engineering practices and under formal change control, audit, and security governance processes.