Senior Endpoint Engineer

About The Position

Requirements

• 8 + years of ex pertise managing Windows and macOS endpoints in an enterprise environment.
• Hands-on experience administering Microsoft Intune / Endpoint Manager in a production environment
• Strong knowledge of Windows 10/11 and m acOS administration
• Experience with Azure Active Directory (Entra ID) device join, hybrid join, and identity concepts
• Familiarity with endpoint security best practices in regulated or security-conscious environments
• Exper tise in packaging and deploying applications across Windows and macOS
• Strong troubleshooting skills with the ability to work independently in a fast-paced environment
• Excellent written and verbal communication skills

Nice To Haves

• Expe rtise in supporting a highly mobile and remote workforce.
• PowerShell (Windows) and Bash (macOS) scripting experience
• Expertise with Windows Autopilot and Apple ADE/DEP
• Experience with Tanium endpoint management a plus
• Strong knowledge of NIST /CIS endpoint security standards , Conditional Access, and Zero Trust principles
• Microsoft certifications (MD-102, MS-102) or Apple certifications
• Demonstrated experience in integrating Intune with third-party tools (MDM, IAM , security, or asset management platforms)

Responsibilities

• Administer and optimize Microsoft Intune for Windows 10/11 and macOS endpoints across Suffolk’s enterprise
• Design, deploy, and maintain device configuration profiles , compliance policies, and endpoint security baselines
• Manage device enrollment strategies including Windows Autopilot and Apple Automated Device Enrollment (ADE/DEP)
• Package, deploy, and maintain applications for corporate and field users (Win32, PKG, DMG, LOB apps)
• Support secure access to Suffolk systems using Azure AD (Entra ID) device identity and Conditional Access
• Partner with Information Security to implement and enforce endpoint security controls (BitLocker, FileVault , Defender, Compliance Policies )
• Manage OS updates, feature releases, and patching strategies for Windows and macOS devices
• Own endpoint hardware standards and lifecycle , including device specifications, model selection, and design for Windows and macOS laptops
• Partner with business units, field teams, and IT stakeholders to ensure endpoint hardware aligns with role-based job requirements , performance needs, and construction-site realities
• Identify opportunities to integrate AI driven capabilities into the endpoint engineering model, including device health monitoring, remediation, analytics, and operational efficiency
• Lead hardware refresh planning , including evaluation, vetting, and hands-on testing of new laptop models to ensure compatibility with Intune, security controls, and applications prior to deployment
• Partner with IT, Security, and Service Delivery teams to evaluate and adopt AI assisted tools and workflows that enhance endpoint reliability, compliance, and support outcomes
• Monitor endpoint health, compliance, and deployment success; troubleshoot complex endpoint issues
• Provide tier-3 escalation support for endpoint-related incidents and problems
• Create and maintain technical documentation , standards, and SOPs for endpoint management
• Participate in modernization initiatives such as Zero Trust, cloud-first device management, and endpoint automation

Benefits

• competitive salaries
• auto allowances and gas cards for certain roles
• access to market leading medical and emotional and mental health benefits
• dental
• vision insurance plans
• virtual care options for physical therapy and primary care
• generous paid time off
• 401k plan with employer match and access to expert financial resources
• company paid and voluntary life insurance
• tax deferred savings accounts
• 10 backup daycare days each year
• short- and long-term disability
• commuter benefits