Endpoint Management Engineer

We’re seeking a highly skilled Endpoint Management Engineer to join our IT infrastructure and security team. If you’re passionate about securing and managing modern digital workplaces at scale—across cloud, mobile, and desktop environments—this role is for you.

1. Microsoft Intune Architecture & Management

• Design and manage a scalable Microsoft Intune environment for global endpoint control
• Standardize enrollment, compliance, and configuration profiles across devices (Windows, macOS, iOS, Android)

2. Cloud PC (Windows 365) & AVD

• Deploy and manage Windows 365 Cloud PCs and Azure Virtual Desktop
• Integrate with Defender for Endpoint, Azure AD Conditional Access, and Intune

3. App Protection & Compliance

• Design and enforce App Protection and Compliance Policies
• Implement encryption, secure boot, and dynamic access controls

4. Application Deployment

• Deploy and manage Win32, LOB, Store, and mobile applications
• Automate rollouts via PowerShell, Graph API, and Intune scripting tools

5. Mobile & macOS Device Management

• Administer iOS, Android, and macOS platforms
• Manage ABM, Android Enterprise, secure Wi-Fi, VPN, certificates, and OS version control

6. Software Updates & Patch Management

• Design update rings, manage deployment schedules, and automate compliance workflows
• Align patching strategies with global vulnerability management

7. Azure AD Device Management

• Enforce Conditional Access policies, password less auth, and risk-based access for Azure AD Joined devices

8. Policy Governance & Drift Management

• Modernize GPOs with Intune Settings Catalog and OMA-URI
• Maintain version-controlled, audit-ready policies

9. Self-Healing & Remediation

• Develop Intune Proactive Remediation scripts
• Automate health checks and compliance enforcement using Azure Automation and ServiceNow triggers

10. Microsoft Endpoint Security Oversight

• Manage Defender for Endpoint, EDR, and attack surface reduction
• Collaborate with SOC for incident response integration

11. MECM / Configuration Manager

• Maintain MECM for OS deployment, patching, and application delivery in isolated networks
• Support co-management and transition to Intune

12. ServiceNow Integration

• Integrate Intune and MECM with ServiceNow CMDB for real-time asset and compliance tracking
• Enable automation for asset lifecycle and exception management

• Proven experience with Microsoft Intune, Azure AD, and Windows 365
• Hands-on expertise in endpoint security, policy enforcement, and device lifecycle management
• Experience with scripting (PowerShell, Graph API), AVD, MECM, and ServiceNow is a plus