Senior Consulting Engineer — Endpoint Security, Intune & Azure Platform Security

About The Position

Requirements

• 5+ years of experience delivering Microsoft endpoint, Azure, and security engineering work in consulting, professional services, or a similarly client-facing environment.
• Hands-on experience with Microsoft Intune and modern endpoint management, including policy design, device compliance, application deployment, and operational support models.
• Experience assessing or replacing legacy RMM tooling with Microsoft-native endpoint management and security capabilities.
• Hands-on Azure security experience including network/security design, policy, resource governance, identity integration, logging/monitoring patterns, and key management.
• Working knowledge of Azure Virtual Desktop architecture and the dependencies between endpoint posture, identity, network design, and platform controls.
• Ability to communicate clearly with client stakeholders, including presenting options, constraints, and tradeoffs without ambiguity.
• Operational discipline: documentation, change control, and evidence-minded delivery.

Nice To Haves

• Experience with Microsoft security platforms such as Microsoft Defender for Endpoint, Microsoft Defender for Cloud, Microsoft Sentinel, and Defender XDR integration patterns.
• Experience with Azure Virtual Desktop design, deployment, or operational hardening in enterprise environments.
• Experience delivering in regulated environments (financial services, healthcare, SLED) and mapping technical controls to governance requirements.
• Experience building and maintaining reusable internal frameworks and accelerators (baseline configurations, policy sets, deployment templates, operational runbooks), not just one-off fixes.
• Relevant certifications (examples): MD-102, AZ-104, AZ-500, SC-300, SC-200, or equivalent demonstrated expertise.

Responsibilities

• Lead client discovery workshops and technical deep-dives focused on endpoint security, remote management modernization, and user computing strategy; clarify objectives, identify constraints, surface tradeoffs, and translate ambiguity into executable decisions.
• Assess legacy RMM and endpoint administration approaches; define target-state patterns using Intune, Microsoft security capabilities, and adjacent Azure services aligned to client requirements and SilverSky delivery standards.
• Deliver client-facing documentation that is clear, bounded, and decision-oriented, including current-state observations, target-state recommendations, risks, assumptions, and operational implications.
• Present recommendations to client stakeholders using clear rationale, sequencing, dependencies, and expected outcomes; support informed decision-making rather than one-way delivery.
• Run technical working sessions and implementation calls; coordinate dependencies across endpoint, identity, networking, and Azure platform stakeholders.
• Participate in governance cadences (status, risks/issues, decisions, next steps) and support change control practices for production-impacting modifications.
• Provide structured handoff and knowledge transfer, including runbooks, support boundaries, and operational guardrails for managed endpoints and AVD-related services.
• Design and implement Intune-based endpoint management solutions including enrollment, compliance, configuration profiles, update rings, application deployment, and device lifecycle controls.
• Define and execute RMM replacement patterns that reduce tool sprawl, improve policy consistency, and align endpoint operations to Microsoft-native management and security capabilities.
• Build repeatable deployment and configuration patterns for Windows endpoints and user computing services, including standard baselines, security controls, and operational documentation.
• Ensure delivery artifacts are traceable and supportable: documented configurations, policy intent, validation outcomes, exceptions, and transition guidance for operations teams.
• Continuously improve endpoint delivery patterns so future work is safer, faster, and less dependent on one-off operational practices.
• Engineer secure Azure foundations and controls that support endpoint and AVD workloads, including identity integration, network segmentation, policy, logging, key management, and resource governance.
• Design Azure network and platform security patterns appropriate to regulated client environments, with attention to secure connectivity, access paths, and service dependencies.
• Support AVD solution design and hardening, including host posture, access controls, profile/storage dependencies, and the interaction between endpoint management and virtual desktop operations.
• Integrate delivery work with security operations needs (logging pipelines, alerting expectations, and operational runbooks), coordinating with SOC/MxDR stakeholders when required.
• Continuously identify opportunities to standardize and automate repeatable security and platform configuration work without sacrificing safety or compliance posture.

Benefits

• Vision - We embrace a forward-thinking mindset. Our team has a clear and inspiring picture of the future that helps drive our decisions towards creating and delivering world-class security services.
• Velocity - We have a bias for action. We move swiftly and with purpose toward our goals and objectives and can easily adapt (and adjust) along the way.
• Vigilance – We foster a culture of proactive awareness for our company and our customers, who trust us to be an extension of their team. We are always looking for areas where we can innovate, improve, fix, transform and revolutionize, which ensures the protection, safety and success of everyone at SilverSky.