Service Desk Engineer

About The Position

Requirements

• This position requires active Top Secret Clearance
• Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).
• Eight (8) years of experience in Information Technology, Endpoint Engineering, or Cybersecurity.
• Six (6) years of experience performing engineering (not help desk) functions in enterprise environments.
• Experience working under formal change control, audit, and security governance processes.
• Due to the nature of the work we support, all candidates in consideration for this role must be willing to undergo the government issued background investigation process.

Responsibilities

• Design and maintain secure standard workstation images that enable access to the VDI environment for remote users on both macOS and Windows platforms.
• Design and maintain secure standard workstation images that enable access to the VDI environment for on-site users on both macOS and Windows platforms.
• Engineer and maintain operating system and application patching, version control, and lifecycle management for supported applications, ensuring delivery through approved mechanisms such as a company application store, Microsoft Intune, or Group Policy Objects (GPO) based on user role and access level.
• Engineering and maintaining secure baseline configurations for macOS and Windows endpoints to support both on-site and remote access use cases.
• Using Ivanti and KACE to manage operating system and application patching, version control, deployment workflows, and remediation of configuration drift.
• Leveraging Microsoft Intune to enforce device compliance, configuration profiles, security policies, and conditional access requirements based on user role and device posture.
• Design, build, and maintain standardized, division-specific workstation images for macOS and Windows that incorporate approved baseline security controls and required VDI/remote access clients.
• Maintain imaging toolchains and automation scripts (Ivanti, KACE, JAMF, or equivalent) used for image creation, testing, and deployment; validate image integrity prior to production release.
• Engineer and operate patch management processes using Ivanti (or equivalent) for OS and third-party application patching; coordinate Intune/GPO-based patch orchestration for Windows endpoints.
• Implement and maintain enrollment workflows for Intune, Autopilot (Windows), and Apple Business Manager / JAMF for macOS and iOS devices.

Benefits

• competitive pay
• comprehensive health coverage
• flexible PTO
• federal holidays off
• tuition reimbursement
• professional development support
• wellness stipends