Endpoint Engineer/ MECM

Position: Endpoint Engineer / MECM Engineer

Location: Alexandria, VA

Duration: 1+ year contract

Clearance: TS/SCI required

Base Pay: $58.00/hr - $59.00/hr

Responsibilities

• Design and support primary sites, management points, distribution points, and software update points
• Create high availability design for critical MECM roles
• Design boundary groups, collections, and role‑based administration
• Manage content distribution and optimization for multi‑site and remote offices
• Develop and maintain task sequences for OS deployment (Windows 10/11)
• Engineer images, manage drivers, language packs, feature packs
• Plan and execute in‑place upgrade strategy for large fleets
• Implement zero‑touch and lite‑touch deployment (PXE, boot media)
• Perform end‑to‑end patching using MECM and WSUS, design monthly patch cycles, pilot rings, phased deployments
• Report compliance and track SLA for security updates
• Integrate third‑party patching (Ivanti, Patch My PC, etc.)
• Package applications (MSI, MSIX, scripts), handle detection, custom return codes, supersedence
• Plan global deployments minimizing user impact, license‑aware for commercial software
• Integrate with Defender for Endpoint and Microsoft security stack
• Configure baseline using GPO, Security Baselines or Configuration Items/Baselines
• Support BitLocker management and key recovery
• Align with NIST, CIS, ISO 27001, or SOC 2 requirements
• Co‑manage Intune and MECM; design Windows Autopilot operations
• Use Azure AD, Conditional Access, hybrid join models
• Integrate Microsoft Store for Business / winget
• Automate with PowerShell for MECM, reporting, remediation; build reusable scripts and runbooks
• Leverage APIs, WMI, SQL queries for MECM operations
• Create custom MECM reports via SSRS, perform health checks for site roles, replication, client status
• Deliver dashboards and metrics to leadership and audit needs

Required Skills & Experience

• 7+ years in enterprise endpoint management
• 5+ years hands‑on with Microsoft Endpoint Configuration Manager in large environments (5,000+ endpoints)
• Proven experience designing, implementing, and operating MECM hierarchies
• Experience in highly regulated or audited environments (finance, healthcare, government, or similar)
• Knowledge of NIST, CIS, ISO 27001, SOC 2 (baseline compliance)
• Strong PowerShell scripting; familiarity with APIs, WMI, SQL
• Experience with Windows deployment technologies (PXE, boot media, Zero‑touch)
• Experience in patch management with WSUS and MECM
• Co‑management with Intune and MECM

Seniority & Employment

• Seniority Level: Mid‑Senior
• Employment Type: Full‑time
• Job Function: Other
• Industries: IT Services and IT Consulting