We are seeking a Senior Systems Engineer with deep expertise in Microsoft Intune and Microsoft Configuration Manager (SCCM/ConfigMgr) to design, engineer, and operate enterprise‑scale endpoint platforms across Windows, iOS, and Android. This role goes beyond day‑to‑day administration and focuses on architecture, lifecycle strategy, automation, security posture, and operational excellence.

You will serve as a technical authority for endpoint systems, owning platform design decisions, modernization initiatives, and complex problem resolution. You will partner closely with Security, Identity, Networking, Collaboration, and Support teams to deliver a secure, resilient, and high‑quality end‑user computing environment.

Key Responsibilities

• Design, engineer, and operate enterprise endpoint management platforms using Microsoft Intune and SCCM/ConfigMgr, supporting Windows, iOS, and Android across cloud, hybrid, and co‑managed environments.
• Engineer end‑to‑end device lifecycle solutions including Autopilot, Apple Automated Device Enrollment, Android Enterprise, OS deployment, driver and firmware management, and Windows 10 to Windows 11 upgrades.
• Define and enforce configuration standards, compliance policies, security baselines, and update strategies using Intune, ConfigMgr, Windows Update for Business, BitLocker, FileVault, Defender for Endpoint, ASR rules, and Windows LAPS.
• Design and maintain scalable application deployment frameworks for Win32, Store, LOB, iOS, and Android apps, including detection logic, dependencies, supersedence, rollback, and lifecycle management.
• Engineer integrations with Microsoft Entra ID for device identity, Conditional Access, compliance enforcement, Hybrid Join, Entra ID Join, Cloud PC, and Intune RBAC.
• Develop PowerShell automation and Proactive Remediations to reduce manual effort and configuration drift. Build operational and executive reporting using Log Analytics, KQL, Power BI, Endpoint Analytics, and Update Compliance.
• Enforce least‑privilege access, auditable change control, and platform governance. Author system designs, standards, runbooks, and operational documentation.
• Act as senior escalation point for endpoint issues, lead root cause analysis, drive incident and problem management, and coordinate pilots, change management, and staged rollouts with Security, Identity, Networking, and Support teams.

Required Qualifications

• Bachelor’s degree required; preferred in Information Systems, Computer Science.
• 5+ years engineering and operating enterprise endpoint platforms using Microsoft Intune and/or SCCM/ConfigMgr in medium to large environments.
• Deep experience designing and supporting device lifecycle, OS deployment, and update strategies across Windows, iOS, and Android, including Autopilot, Apple Automated Device Enrollment, Android Enterprise, and Windows 10 to Windows 11 upgrades.
• Strong expertise in configuration management, compliance, security baselines, and endpoint hardening using Intune, ConfigMgr, Windows Update for Business, BitLocker, FileVault, Windows LAPS, and Defender for Endpoint.
• Hands‑on experience with application packaging and lifecycle management for Win32, Store, LOB, iOS, and Android applications.
• Advanced PowerShell skills for automation, remediations, and integration with Microsoft Graph and Intune APIs.
• Solid understanding of Microsoft Entra ID including device identity, Conditional Access, Hybrid Join, Entra ID Join, and role‑based access control.
• Proven ability to troubleshoot complex endpoint, identity, networking, and enrollment issues using logs and telemetry.
• Experience authoring system designs, standards, and runbooks; familiarity with ITSM platforms such as ServiceNow.
• Experience modernizing endpoint management, including GPO to MDM migrations and use of endpoint analytics or DEX tooling.

Core Competencies

• Designs, implements, and operates scalable endpoint platforms with sound engineering judgment, focusing on reliability, maintainability, and long‑term value.
• Builds secure‑by‑default configurations and enforces consistent standards, governance, and least‑privilege access.
• Uses AI, self‑healing automation, and telemetry to reduce manual effort, improve system health, and drive measurable improvements.
• Diagnoses complex, cross‑domain issues using logs, data, and root cause analysis to deliver durable solutions.
• Collaborates effectively across Security, Identity, Networking, and Support teams, serving as a trusted technical leader and escalation point.

Tools & Technologies

• Microsoft: Intune, ConfigMgr, Windows 11, Windows Update for Business, Autopilot, Entra ID, Defender for Endpoint, Endpoint Analytics, Update Compliance, Azure Monitor/Log Analytics.
• Support/ITSM: ServiceNow (or equivalent).
• Packaging/Scripting: PowerShell, Win32 Content Prep Tool, Git.

The range of starting base pay for this role is 105K – 145K. Actual starting pay will be based on a wide range of factors including, but not limited to, relevant skills, experience, qualifications, education and location. In addition to base pay, this position is eligible for participation in either (i) our annual bonus program or (ii) a sales incentive plan.

Benefits package includes comprehensive Medical (includes Prescription Drug), Dental, Vision,  Flexible Spending Accounts, 401(k) with matching company contribution, 3-weeks paid time off plus paid sick time, stock purchase plan, tuition reimbursement, parental leave, short- and long-term disability,  life insurance, accidental death & dismemberment insurance, 12 paid holidays (including floating holidays), employee referral bonuses and employee discounts.

#LI-hybrid