Senior Endpoint Management Engineer

We are looking for a seasoned Endpoint Management Engineer for one of our clients to lead the design, implementation, and support of secure, enterprise-grade endpoint solutions across global operations. This role will be embedded in a high-compliance, multi-site environment, spanning remote, offshore, and field-based locations, and will require deep technical proficiency in Microsoft’s modern device management stack.

You’ll be responsible for building and maintaining secure, automated, and scalable endpoint environments using Microsoft Intune, Windows 365 Cloud PC, Azure Virtual Desktop (AVD), and Microsoft Endpoint Security tools. Integration with ServiceNow, MECM, and scripting for automation will be central to the position.

Key Responsibilities:

1. Microsoft Intune Platform Oversight

• Design and maintain a globally scalable Intune environment.
• Standardize policies for Windows, macOS, iOS, and Android device lifecycle and compliance.
• Align device onboarding, security baselines, and configurations with enterprise IT governance.

2. Windows 365 Cloud PC & AVD Operations

• Deploy and support Windows 365 Cloud PCs and Azure Virtual Desktop instances.
• Ensure compliance, performance optimization, and secure access across varied geographies.
• Integrate with Azure AD and Intune for centralized policy enforcement.

3. Endpoint Compliance & App Protection

• Enforce enterprise-wide compliance policies using risk-based, dynamic access controls.
• Build App Protection Policies (APP) for secure access on BYOD and unmanaged devices.
• Implement secure device health checks, encryption mandates, and geo-aware access policies.

4. Application Delivery & Lifecycle

• Package and deploy applications using Intune and MECM.
• Automate rollout plans, detection methods, and rollback procedures via scripting.
• Manage update channels and deployment rings across diverse platforms.

5. macOS and Mobile Device Management

• Manage Apple Business Manager (ABM), Android Enterprise, and mobile-specific policies.
• Apply platform-specific controls for encryption, Wi-Fi/VPN, OS control, and app governance.

6. Patch Management & Remediation

• Build and operate automated update workflows aligned with security and compliance mandates.
• Integrate compliance-based reporting and exception remediation using automated scripts.

7. Azure AD Device Join & Access Control

• Administer Azure AD Joined and Hybrid-Joined devices globally.
• Enforce MFA, password less sign-ins, and compliance-based Conditional Access policies.

8. Policy Modernization & Drift Control

• Migrate and maintain legacy GPOs via Intune’s Settings Catalog and OMA-URI.
• Create a central, auditable policy baseline with regional and role-based flexibility.

9. Automation & Proactive Maintenance

• Develop Intune Proactive Remediation scripts and integrate with Graph API and Azure Automation.
• Implement alert-based self-healing mechanisms and ServiceNow ticketing workflows.

10. Endpoint Security Integration

• Manage Defender for Endpoint policies, telemetry, and attack surface configurations.
• Work closely with the SOC to align endpoint monitoring with broader security response efforts.

11. MECM / SCCM Support

• Maintain co-management with MECM for OS deployment, offline patching, and legacy support.
• Facilitate a strategic transition from MECM to full cloud management.

12. Asset Lifecycle Integration (ServiceNow)

• Integrate device telemetry and lifecycle data with ServiceNow for CMDB and audit readiness.
• Automate provisioning, decommissioning, and compliance event tracking.

Required Qualifications:

• Bachelor's degree in IT, Cybersecurity, or related discipline.
• 10+ years in enterprise endpoint management across multiple platforms.
• Proficiency in:
• Microsoft Intune & Microsoft Endpoint Manager
• Windows 365 Cloud PC & Azure Virtual Desktop
• Microsoft Defender for Endpoint
• Azure AD, Conditional Access, and passwordless technologies
• macOS, iOS, Android device management
• PowerShell, Graph API scripting
• ServiceNow CMDB & MECM/SCCM integration

Preferred Certifications:

• MD-102 – Microsoft Endpoint Administrator
• SC-300 – Identity & Access Administrator
• SC-200 – Security Operations Analyst
• AZ-104 – Azure Administrator Associate