Endpoint Engineer - Modern Endpoint & Mobility 8

Position Summary ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team.

This is a 100% remote, hands-on engineering role, not a helpdesk position.

You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment.

ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites.

You will be enrolling and managing thousands of mobile and plant-floor devices, driving zero-touch workstation provisioning via Autopilot, and building out mobile management standards as new sites come online.

Your counterpart on the team owns Endpoint Central and packaging both engineers cross-train on each other's primary platforms for full coverage.

What You'll Do Microsoft Intune Primary Platform Serve as the primary Intune administrator across Windows, iOS, iPadOS, and Android:

MDM/MAM policies, compliance policies, configuration profiles, and application deployment.

Administer Conditional Access compliance integration with Entra ID; monitor enrollment health and compliance dashboards and resolve failures across all supported platforms.

Manage application deployment via Intune:

IntuneWin packages, Microsoft Store apps, LOB apps, and app protection policies for corporate and BYOD devices.

Windows Autopilot Zero-Touch Deployment Design and maintain Autopilot deployment profiles and enrollment flows for zero-touch workstation provisioning across a growing fleet.

Manage device registration, hardware hash import, and profile assignment; coordinate with procurement and the Service Desk for new device intake.

Troubleshoot Autopilot enrollment failures and maintain runbooks for common failure scenarios.

Collaborate with the UEM & Packaging Engineer on app sequencing during provisioning to ensure a complete, compliant out-of-box experience.

Mobile Device Management iOS, iPadOS & Android Administer Intune MDM/MAM for iOS, iPadOS, and Android corporate and BYOD devices:

enrollment, policy, app deployment, compliance, and remote actions.

Manage Apple Business Manager integration with Intune; maintain DEP enrollment profiles and VPP app licensing.

Configure app protection policies for BYOD scenarios; manage mobile device lifecycle from provisioning through retirement.

Troubleshoot mobile enrollment and compliance issues; coordinate with Networking on WiFi and connectivity dependencies.

SOTI MobiControl Plant-Floor Mobility Administer SOTI MobiControl for rugged Android handhelds, RF scanners, and terminals used in manufacturing and warehouse operations.

Manage enrollment, configuration profiles, app deployment, and kiosk policies for plant-floor device groups.

Troubleshoot plant-floor device issues; coordinate with plant operations and Networking on WiFi coverage and VLAN requirements.

Support device staging for new site openings and plant expansions.

macOS Management Jamf Pro Administer Jamf Pro for ~100 Mac devices:

enrollment, configuration profiles, patch management, application deployment, and compliance reporting.

Provide Tier 2/3 support for macOS issues; maintain macOS packaging workflows and runbooks.

Thin Client Management IGEL OS Manage IGEL OS thin client configuration, policy, and patching in coordination with the Networking & Hardware Services team.

Support thin client deployments for new sites; maintain configuration standards and deployment runbooks.

Endpoint Security Configuration Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices.

Apply and maintain endpoint hardening baselines across Windows, macOS, and mobile platforms; coordinate with InfoSec on gap remediation.

Digital Signage Skykit Support management of the enterprise digital signage platform (Skykit):

device enrollment, content policy, and operational support across ProAmpac sites.

Asset Management Own endpoint asset data quality in Lansweeper for all assigned device types; drive asset management process adherence by the Service Desk.

Application Packaging Cross-Training Maintain working proficiency in application packaging (MSI, IntuneWin) to build and deploy packages via Intune independently and to cover your counterpart when needed.

Documentation & On-Call Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB).

Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support.

What You'll Bring 35 years of enterprise endpoint engineering or systems administration experience focused on MDM, UEM, or modern device management platforms.

Strong Microsoft Intune experience:

MDM/MAM policy design, compliance policies, configuration profiles, and application deployment across Windows and mobile platforms.

Hands-on Windows Autopilot experience:

deployment profile design, enrollment flows, and troubleshooting in an enterprise environment.

Experience managing iOS/iPadOS and Android devices in an enterprise MDM environment, including Apple Business Manager and DEP enrollment.

Working application packaging experience for Intune:

IntuneWin format and LOB app deployment at minimum.

Proficiency in PowerShell scripting for automation, reporting, and operational workflows.

Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration.

Strong troubleshooting skills across Windows 10/11, iOS, and Android platforms.

Self-motivated, detail-oriented, and able to manage concurrent tasks independently.

Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience.

Preferred

Microsoft MD-102 (Endpoint Administrat.