Job Summary
We are seeking a Senior Endpoint Engineer to own and evolve our enterprise endpoint environment across Windows and macOS. This role goes beyond traditional desktop administration or helpdesk support. You will be responsible for designing, packaging, scripting, and deploying endpoint changes at scale across thousands of devices in a modern, security-focused environment.
This position serves as a Tier 3 escalation point for HelpDesk but is primarily an engineering and automation role. The successful candidate brings a strong automation-first mindset, deep scripting experience, and the ability to implement mass endpoint changes safely, repeatably, and with minimal user disruption.
Key Responsibilities
- Endpoint Engineering and Automation
- Design, build, test, and maintain scripted endpoint changes for large-scale deployment (PowerShell, shell scripts, Intune remediation scripts).
- Package and deploy applications, configuration changes, security updates, and OS customizations across Windows and macOS.
- Develop idempotent, auditable scripts to modify local settings, profiles, security baselines, certificates, registry, and system preferences.
- Own endpoint automation standards, including testing, rollback strategies, logging, and documentation.
- Endpoint Management and Configuration
- Administer and secure enterprise endpoints using modern management tools (InTune MDM and traditional controls where required).
- Manage device lifecycle end-to-end: automated provisioning, enrollment, configuration, patching, and decommissioning.
- Implement and maintain device compliance, configuration baselines, and conditional access enforcement.
- Evaluate and remediate configuration drift across the fleet.
- Tier 3 Support and Escalation Management
- Act as final escalation point for complex endpoint, OS, policy, and identity-related issues.
- Diagnose root causes across OS, applications, identity, device compliance, and security tooling.
- Partner with HelpDesk team to eliminate recurring issues through automation and self-healing solutions.
- Documentation and Collaboration
- Produce clear technical documentation, runbooks, and standard operating procedures.
- Present this documentation and train technical resources to raise the bar in overall HelpDesk competency
- Collaborate with Security, Infrastructure, and DevOps teams to align endpoint strategy with broader platform and automation standards.
Required Skills & Experience
- 5+ years in enterprise desktop administration, endpoint engineering, or device management roles.
- Advanced PowerShell scripting skills for administration, automation, and remediation
- Demonstrated experience delivering mass endpoint changes via scripting and automation, not manual touch.
- Experience supporting hybrid and remote work environments at scale
- Professional Skills:
- Strong troubleshooting and root-cause analysis skills
- Clear written and verbal communication
- Ability to work independently and take ownership of complex problems
- Engineering mindset with a bias toward automation and long-term fixes
- Technical Expertise
- Windows 10/11 and macOS administration
- Modern endpoint management (InTune MDM) and traditional policy controls
- Identity and access management in enterprise environments
- Application packaging and deployment
- Automated patching and OS updates
- Device compliance, configuration baselines, and access controls
- Solid understanding of:
- MDM vs Group Policy design tradeoffs
- Endpoint security concepts and zero-trust principles
- Least-privilege access and identity-driven security Proven troubleshooting skills in enterprise environments
- Differentiators:
- Experience building Intune Win32 apps, remediation scripts, and proactive remediation packages
- Familiarity with version control for scripts (Git)
- Experience designing self-service or self-healing endpoint solutions
- Prior work in regulated or security-sensitive environments
