Microsoft System Engineer (Endpoint)

Senior Endpoint Engineer (Intune / MECM)

Position Summary

We are seeking a highly experienced Senior Endpoint Engineer to take hands-on ownership of our enterprise endpoint management platforms, including Microsoft Intune, Microsoft Endpoint Configuration Manager (MECM/SCCM), and a Jamf environment.

We are looking for a strong engineer who can build, stabilize, and optimize endpoint management across 4,000+, primarily Windows, devices. The ideal candidate has extensive direct expertise with imaging/task sequences, software deployment and application packaging, Autopilot, Intune co-management, patching automation, kiosk configurations, and advanced troubleshooting using log analysis to identify and resolve root causes.

This is a hands-on engineering role. The right candidate is comfortable working independently, taking a project from concept through completion with measurable results, and continuously improving how endpoint management is delivered. This role will also mentor and train team members to be able to assist with standard maintenance and deployment tasks.

Current priorities include:

• Rebuilding and standardizing imaging task sequences
• Stabilizing and optimizing MECM/Intune
• Expanding and improving Intune co-management
• Implementing Autopilot
• Automating patching and software deployments
• Developing proactive hardware and software lifecycle management processes
• Improving overall end-user device reliability and experience
• Training additional team members in standard maintenance and deployment tasks

This role reports to the Enterprise Services Manager and serves as the senior technical expert for endpoint management.

Hybrid schedule: 2 days per week in-office (Rockville, MD preferred; Fairfax, VA, Chicago, IL, Margate, FL, and Houston, TX may be considered).

Key Responsibilities

Endpoint Engineering

• Serve as the primary technical owner for MECM/SCCM and Intune across 4,000+ endpoints
• Own a small but mighty Jamf management environment for ~100 Mac devices/iPads
• Design, build, and maintain Windows imaging processes and task sequences
• Implement and optimize Windows Autopilot deployments
• Configure and manage kiosk mode devices
• Build, test, and deploy enterprise software packages
• Drive modernization through stronger Intune adoption and co-management strategy
• Developing proactive hardware and software lifecycle management processes

Patching & Compliance

• Design and maintain Windows patch management processes using MECM and Intune
• Improve compliance reporting and remediation processes
• Ensure endpoints meet security and regulatory requirements (HIPAA, SOX, etc.)
• Ensure Mac devices are kept up to date through Jamf

Automation & Optimization

• Identify manual or inefficient processes and automate them using PowerShell and modern management tools
• Improve deployment consistency and reliability
• Reduce task sequence failures and patching exceptions

Advanced Troubleshooting

• Troubleshoot complex endpoint issues across MECM, Intune, and Group Policy
• Perform detailed log analysis (client logs, task sequence logs, Windows event logs, etc.)
• Resolve co-management conflicts and deployment failures
• Escalation point for advanced endpoint-related technical issues

Documentation & Knowledge Sharing

• Document build standards, processes, and configurations
• Provide guidance to team members on endpoint-related procedures
• Train additional team members in standard maintenance and deployment tasks

Required Experience & Technical Expertise

• 5+ years of enterprise endpoint management experience
• 5+ years building and maintaining Windows imaging task sequences
• Strong hands-on expertise in:
• Microsoft Endpoint Configuration Manager (MECM/SCCM)
• Microsoft Intune
• Co-management configuration and troubleshooting
• Windows Autopilot
• Active Directory Group Policy (GPO)
• Strong PowerShell scripting and automation experience
• Experience designing and maintaining automated patch management processes
• Demonstrated ability to troubleshoot using logs and identify root cause
• Experience supporting endpoints in a regulated environment
• Ability to independently execute technical projects
• Ability to lift 30+ lbs