Sr. SCCM OSD/Intune Engineer

Emory Healthcare•Tucker, GA

15h•Hybrid

About The Position

Emory Healthcare is seeking an experienced and highly skilled Senior SCCM OSD / Intune Engineer to join the Windows Endpoint Engineering team. This senior-level role is responsible for architecting, implementing, and maintaining enterprise endpoint management solutions with deep expertise in Microsoft System Center Configuration Manager (SCCM) Operating System Deployment (OSD) and Microsoft Autopilot-driven modern provisioning via Microsoft Intune. As a senior contributor, this individual will serve as a subject matter expert across the full endpoint lifecycle — from zero-touch Autopilot provisioning to complex task sequence development, co-management strategy, and cloud-first modernization. The role requires independent ownership of critical engineering workstreams and the ability to influence platform direction across a fleet of 30,000+ endpoints in a large, complex healthcare environment. This position requires one onsite day per week at our Emory Northlake Campus and includes participation in after-hours maintenance and an on-call rotation supporting critical Tier 1 clinical environments.

Requirements

Bachelor's degree in computer science, Information Technology, or related discipline and five years Infrastructure server administration experience OR seven years of Infrastructure server engineering experience.

Nice To Haves

5 or more years of hands-on experience in enterprise endpoint management with a strong focus on SCCM OSD task sequence development and Intune
Demonstrated experience architecting and deploying Windows Autopilot at scale including device hash collection, Autopilot profile configuration, and ESP design
Expert-level proficiency in SCCM including OSD, software distribution, patch management, collections, and co-management configuration
Strong experience with Intune including Win32 app packaging, compliance policies, Settings Catalog, and cloud-native device management
Advanced PowerShell scripting ability with experience writing production automation for large enterprise environments
Experience managing Windows imaging across diverse hardware including driver injection, firmware management, and persona-based build design
Working knowledge of hybrid Entra ID environments, Conditional Access, and modern identity concepts
Familiarity with Imprivata OneSign or equivalent shared workstation authentication solutions in clinical or highly regulated environments
Ability to work independently on complex, multi-phase engineering initiatives with minimal supervision
Experience in a healthcare IT environment with understanding of clinical workflow considerations and downtime risk management
Hands-on experience with Patch My PC (PMPC) for third-party patch management integrated with SCCM and Intune
Familiarity with Epic Hyperdrive local client deployment, configuration, and support
Experience with Azure DevOps using Agile methodology and Kanban-based sprint execution
Microsoft certifications such as MD-102 (Endpoint Administrator), SC-300, or equivalent
Experience contributing to or owning DEX or endpoint analytics reporting initiatives

Responsibilities

Design, build, and maintain advanced SCCM task sequences for wipe-and-load, in-place upgrade, and bare-metal OSD scenarios across clinical and administrative endpoint personas
Manage the full imaging pipeline including DEV, TST, and PRD environments aligned to monthly Patch Tuesday cadence
Develop and maintain driver and firmware management strategies for Dell and specialty clinical hardware including radiology, cardiology, and WOW devices
Architect and enforce persona-based imaging standards (DSK, RAD, CAR) to reduce image sprawl and standardize endpoint builds across the enterprise
Lead validation and quality assurance processes for new image releases, coordinating with field technicians and clinical stakeholders
Architect and operationalize Windows Autopilot at scale for both new hardware enrollment and conversion of existing SCCM-managed devices
Develop and maintain automated hardware hash collection and upload workflows using PowerShell and the Microsoft Graph API
Design zero-touch or near-zero-touch provisioning workflows for clinical environments, accounting for VPN dependencies, Imprivata integration, and domain join requirements
Lead co-management configuration and workload migration strategy, defining the path from SCCM-primary to Intune-first endpoint management
Build and maintain Autopilot deployment profiles, enrollment status page (ESP) configurations, and device group targeting in Entra ID
Develop and manage Win32 app packaging, deployment, and supersedence logic in Intune for clinical and administrative applications
Administer compliance policies, configuration profiles, and Settings Catalog policies in Intune across hybrid-joined and Entra-joined endpoints
Manage BitLocker, LAPS, and Windows Hello for Business configurations through Intune for endpoint security compliance
Configure and maintain Windows Autopatch or equivalent patching strategies through Intune for cloud-managed devices
Troubleshoot Intune enrollment failures, policy conflicts, and Win32 app deployment issues at scale
Own Windows and third-party patch management operations using SCCM and Patch My PC (PMPC) across 30,000+ endpoints
Design and maintain ring-based patch deployment strategies with appropriate deferral windows for clinical environments
Monitor patch compliance across the fleet and produce reporting for engineering leadership and CISO-level stakeholders
Evaluate and recommend application packaging standards, supersedence strategies, and lifecycle processes for third-party software
Maintain and troubleshoot hybrid Entra ID join workflows, Conditional Access policies, and PRT-based authentication for endpoint access
Support Imprivata OneSign integration across shared clinical devices including WOWs, kiosks, and fixed workstations
Collaborate with clinical informatics and Epic teams to ensure local Hyperdrive deployments meet performance, authentication, and integration standards
Partner with the security team to align endpoint configurations with healthcare compliance frameworks including HIPAA and organizational security policy
Develop production-quality PowerShell scripts for endpoint automation, remediation, and reporting; code must be self-contained, SCCM-compatible, and log to standardized paths
Contribute to the Endpoint Intelligence Program by building data pipelines and operational reporting from SCCM, Intune, and endpoint analytics sources
Document engineering standards, deployment runbooks, and architectural decisions to support team knowledge transfer and operational consistency
Serve as a senior technical resource and escalation point for endpoint engineering issues across the team
Zero-touch Autopilot provisioning operationalized for new and converted devices across the enterprise
OSD pipeline running on a consistent monthly cadence with validated images in DEV, TST, and PRD
Patch compliance rates meeting or exceeding organizational SLAs with minimal manual intervention
Win32 app packaging standards documented and applied consistently across Intune deployments
Engineering documentation current, accurate, and accessible to the full team
Escalation issues resolved with root cause documentation and preventive recommendations provided to leadership