Microsoft Systems SME

About The Position

Requirements

• Bachelor's degree in Information Technology, Cybersecurity, or a related field preferred
• Education requirements may be waived based on professional experience, at the government’s discretion
• 8+ years of experience in Information Technology, Endpoint Engineering, or Cybersecurity
• 6+ years performing engineering (not help desk) functions in enterprise environments
• Expert-level proficiency with Microsoft Intune, including compliance policies, configuration profiles, and conditional access
• Hands-on experience with Windows Autopilot for device provisioning and lifecycle management
• Experience with Ivanti and/or KACE for OS and application patch management
• Experience with Group Policy Objects (GPO) for Windows endpoint configuration and security enforcement
• Experience implementing passwordless authentication and hardware-backed credentials (YubiKey, CAC, software keys)
• Experience working under formal change control, audit, and security governance processes
• Microsoft certifications in endpoint management or cloud administration (e.g., MD-102, MS-102)
• Experience with Microsoft Sentinel or equivalent SIEM for Windows endpoint telemetry
• Familiarity with hybrid identity environments integrating on-premises Active Directory with Entra ID
• Must possess or be eligible to obtain and complete a government security screening and/or a Secret security clearance.
• Active Top Secret (TS) clearance required.
• Must be a U.S. Citizen

Responsibilities

• Engineer and maintain secure Windows workstation images incorporating approved security baselines, authentication agents, and VDI/remote access capabilities
• Configure and maintain Microsoft Intune device compliance policies, configuration profiles, and conditional access requirements based on user role and device posture
• Manage Windows Autopilot for automated device provisioning, registration, and lifecycle management
• Implement and maintain OS and application patch management using Ivanti, KACE, and Intune/GPO-based orchestration; validate patches post-deployment and support rollback
• Implement passwordless authentication and hardware-backed credentials, including YubiKey, CAC, and software keys for privileged and sensitive accounts
• Maintain Windows device enrollment workflows and accurate asset inventory, including provisioning, reassignment, decommissioning, and secure wipe
• Produce and maintain engineering documentation, runbooks, and change records for all Windows endpoint configurations

Benefits

• Virtual health visits
• commuter perks
• pet insurance
• entertainment discounts
• Annual performance reviews
• tuition assistance
• internal career growth opportunities
• Generous 401(k) matches
• life and disability insurance
• financial wellness tools
• Annual awards
• service anniversaries
• referral bonuses
• peer-to-peer shoutouts
• Healthcare coverage
• wellness programs
• flu shots
• biometric screenings