Senior Desktop Engineer

About The Position

Requirements

• 5+ years of experience in desktop engineering, endpoint management, or infrastructure engineering
• Hands-on experience with modern endpoint management tools, including Microsoft Intune and Autopilot, in a production environment
• Experience with application packaging, deployment, and patching solutions such as Patch My PC or equivalent tools
• Experience with SCCM / MECM, including application deployment and co-management
• Proven experience supporting and maintaining enterprise desktop standards
• Strong communication skills and the ability to work effectively with technical teams, firm users, and external partners in a fast-paced environment
• Endpoint & Device Management: Microsoft Intune, Autopilot, SCCM/MECM
• Security & Configuration: Windows Defender Application Control (WDAC), AppLocker, BitLocker, Windows Firewall, NTFS permissions, Windows Registry
• Application Management & Patching: Patch My PC, application packaging and deployment
• Identity & Policy: Active Directory, Group Policy / Group Policy Preferences
• Scripting & Automation: PowerShell (preferred), VBScript / HTA
• Virtual & Remote Platforms: Azure Virtual Desktop (AVD) with Nerdio
• Operating Systems: Windows 10, Windows 11, Windows Server 2025
• Productivity & Collaboration: Microsoft 365 (Outlook, Teams, OneDrive), Microsoft Office 365 / 2016
• Browsers: Microsoft Edge, Google Chrome
• Networking Fundamentals: DNS, DHCP
• Enterprise Applications: iManage, Litera, Adobe (preferred)

Nice To Haves

• Experience supporting professional services environments preferred; legal industry experience a plus
• Bachelor’s degree preferred; equivalent professional experience accepted
• Microsoft or other relevant industry certifications are a plus

Responsibilities

• Own and administer modern endpoint management platforms, including Microsoft Intune and Autopilot, with SCCM/MECM co-management where applicable.
• Design, implement, and maintain Autopilot provisioning workflows to enable secure, consistent, and low-touch device onboarding.
• Manage application packaging, deployment, and patching, including third-party application updates using Patch My PC.
• Plan, execute, and document application testing and validation for new deployments, updates, patches, and OS changes to ensure compatibility and stability prior to broad rollout.
• Develop and maintain regression testing practices for core applications and desktop configurations to prevent repeat issues.
• Design, implement, and maintain Windows Defender Application Control (WDAC) policies to control application execution and reduce endpoint attack surface.
• Define and enforce endpoint configuration standards, security baselines, and compliance policies using Intune configuration profiles, Group Policy, and related technologies.
• Plan, test, and execute Windows feature updates, quality updates, and application upgrade cycles following staged deployment and validation best practices.
• Act as a Level II/III escalation resource for complex endpoint and application issues, identifying root causes and driving permanent, documented fixes.
• Partner with the TSC to reduce escalations through improved tooling, automation, documentation, and self-service capabilities.
• Collaborate with Enterprise Application Engineers on the deployment and support of firmwide applications, including Microsoft 365, iManage, Litera, Adobe, and other business-critical platforms.
• Support and optimize Azure Virtual Desktop (AVD) with Nerdio, ensuring alignment between virtual and physical desktop performance and user experience.
• Maintain and enhance Microsoft Teams client behavior and capabilities, including policies, add-ins, plugins, and user experience considerations.
• Evaluate, test, and standardize desktop and laptop hardware, including drivers, firmware, BIOS configurations, and lifecycle planning.
• Perform advanced troubleshooting using logs, diagnostics, and monitoring tools; coordinate with vendors as needed.
• Support endpoint security initiatives, including WDAC, BitLocker, Windows Firewall, and related controls.
• Mentor and support other Desktop team members, promoting engineering best practices, documentation, and knowledge sharing.
• Participate in limited after-hours support on an as-needed basis.
• Other duties as assigned.

Benefits

• Competitive Salary : We offer a competitive base salary commensurate with skills and experience.
• Bonus Program : Discretionary annual bonus program.
• Retirement Planning : Discretionary profit sharing and 401(k) matching to help you plan for your future.
• Health and Wellness : Comprehensive health, dental, and vision plans, along with optional health savings and flexible spending accounts, firm-paid Life and Disability benefits, and wellness programs to support your overall well-being.
• Paid Time Off : Competitive time off package including vacation days, paid holidays, sick time and personal days.
• Professional Development : Opportunities for continuous learning and career growth through firm provided training programs.
• Employee Recognition : Anniversary and Vedder Praise Programs to celebrate your achievements and milestones.
• Work-Life Balance : Hybrid work model and family-friendly policies.
• Additional Perks : Employee discount program, pre-tax commuter benefits, back up child & elder care, Employee Assistance Program (EAP), fitness center discounts and more.