Endpoint Engineer

Job Summary:The Endpoint Engineer is accountable for the reliability, security, lifecycle, and support of end-user devices, systems, and services across the enterprise. This role owns the Hardware Services program, including current-state MECM imaging and OSD workflows, Endpoint Patch and Vulnerability Management, and the overall IT Asset Lifecycle. The Endpoint Engineer will lead the transition to modern provisioning and endpoint management, with future-state goals to leverage platforms such as Microsoft Autopilot and Intune/MEM.

As a technical SME and escalation point, this position troubleshoots complex hardware, software, and network issues, provides support for escalations, and serves as a technical coach to other staff. The Endpoint Engineer collaborates with cross-functional teams to deliver projects, document processes, and train end-users, ensuring alignment with enterprise security and compliance standards.

This role requires deep expertise in modern endpoint management platforms (MECM, Intune), scripting tools (PowerShell, Python), and enterprise systems (M365, Azure).

Essential Duties & Job Functions:

• Hardware Services Program Ownership
  • Manage the end-to-end IT Asset Lifecycle, including procurement coordination, imaging, deployment, and disposal in partnership with the ITAD vendor
  • Maintain SOPs and governance artifacts for lifecycle processes and vendor interactions
• Endpoint Imaging & Configuration (Current State)
  • Administer MECM (Configuration Manager) for OS deployment: task sequences, WIMs, driver packages, PXE workflows, and Distribution Point health
  • Validate imaging success rates and content freshness; troubleshoot OSD failures and coordinate fixes with vendor teams
• Modern Provisioning & Endpoint Management (Future State)
  • Design and lead the transition to cloud-based provisioning (e.g., Autopilot or equivalent) and Intune/MEM for compliance, configuration, and application delivery
  • Define modernization roadmap, pilot cohorts, rollback plans, and cutover criteria; retire legacy OSD components as milestones are met
• Patch & Vulnerability Management
  • Own monthly patch cycles for OS and applications; manage pilot rings, maintenance windows, and rollback strategies
  • Monitor compliance SLAs and remediate non-compliant devices; integrate vulnerability signals into remediation plans
• Security & Compliance
  • Implement and support endpoint security controls including Microsoft Defender for Endpoint, EDR agents, configuration baselines, application control, and privilege management
  • Collaborate with Cybersecurity on Conditional Access, device risk signals, and incident response playbooks
• Technical Escalation & End-User Support
  • Serve as escalation point for complex hardware, software, and network issues
  • Diagnose and resolve advanced Incidents and Service Requests; participate in Problem Management, Change Advisory Board, and other ITSM processes
  • Lead and participate in root cause analysis and document corrective actions
• Contract & Site Support
  • Lead or support solution design and technical execution at locations across the U.S. and abroad
  • Collaborate with cross-functional teams to meet contract requirements, perform hardware/software deployments, and ensure smooth transition of services from incumbent providers
• Automation & Scripting
  • Develop automation using tools like PowerShell, Python, and PowerApps for packaging, policy updates, reporting, and bulk operations
  • Contribute reusable scripts and runbooks to improve program efficiency
• Documentation & Training
  • Author and maintain technical documentation, SOPs, runbooks, and Knowledge Base articles
  • Deliver training and enablement sessions for staff and end-users
  • Provide audit evidence and compliance documentation
• Cross-Functional Collaboration
  • Partner with internal teams and partners to deliver integrated solutions
  • Participate in enterprise projects impacting endpoint management, security posture, and user experience

Accountable For:

• Endpoint reliability and security
• Patch & Vulnerability compliance
• Endpoint imaging and provisioning success
• Escalation resolution and knowledge capture
• Lifecycle management accuracy
• Vendor performance and governance
• Software installation and maintenance
• Project support and execution
• User training and support resources

Job Requirements (Education, Experience, Professional Associations):

Mandatory:

• Bachelor's degree in Computer Science, Information Technology, or related field OR equivalent work experience
• 5+ years in Information Technology field
• CompTIA Sec+ or similar or ability to attain one within 90 days of hire.
• CompTIA A+ (or better)
• Microsoft Certified: Endpoint Administrator MD-102 (or better)
• Strong understanding of Operating Systems (Windows)
• Strong understanding of common hardware (Dell workstations & peripherals)
• Experience with M365 (SharePoint, OneDrive, Exchange, etc.)
• Experience with MECM & Intune
• Experience with PowerShell, Python, or other common scripting languages/tools
• Familiarity with network concepts
• Conduct research on emergent technologies and identify solutions to technology challenges
• Communicate clearly and concisely, both orally and in writing.
• Establish and maintain professional working relationships with internal and external customers.

Preferred:

• Microsoft 365 Certified: Administrator Expert MS-102
• Microsoft Certified: Identity and Access Administrator SC-300
• Microsoft Certified: Azure Administrator AZ-104
• Experience with Virtualization technologies (VMWare/Hyper-V)
• Experience with Juniper and Cisco networking equipment & platforms
• Experience with Solarwinds, Fortigate platforms
• Experience with TeamDynamix or other ITSM platforms
• Experience with DevOps, Agile, or Project Management