Sr. Endpoint Engineer

Job Description Description: MSM Technology is seeking a Senior Endpoint Engineer to support the Department of Homeland Security in a fully cloud-based Microsoft Azure environment. The selected candidate will join a team of Windows cloud engineers and cybersecurity specialists responsible for modern endpoint management, automation, and security hardening across enterprise systems. This role focuses heavily on Microsoft Intune administration, Windows Autopilot deployment, endpoint compliance, enterprise patching, and automation through PowerShell scripting. The engineer will work across endpoint management and server operations teams to support secure device provisioning, application deployment, patch management, and vulnerability remediation. The ideal candidate will have strong experience in software packaging and deployment, endpoint compliance, security baseline implementation, and troubleshooting enterprise Windows environments. This individual will also play a key role in mentoring junior engineers and collaborating with security teams to ensure systems align with DHS security requirements.Administer and engineer Microsoft Intune environments including device compliance policies, conditional access, application deployment, and patch management. Create, configure, and deploy Intune policies, device configurations, and endpoint security settings Manage and maintain Windows 11 workstation baseline configurations Support provisioning and troubleshooting of devices using Windows Autopilot and Autopilot pre-provisioning Utilize Windows Update for Business (WUfB) to maintain enterprise patch compliance Package, test, and deploy enterprise applications using PSAppDeployToolkit (PSADT) or similar tools Develop and implement endpoint security baselines in collaboration with engineering and cybersecurity teams Support endpoint hardening using Windows Defender Application Control (WDAC) Monitor and maintain endpoint compliance, vulnerability remediation, and patch management Create reporting on device compliance, patch status, software inventory, and deployment metrics Develop PowerShell scripts and automation workflows to streamline endpoint management tasks Troubleshoot complex endpoint and system issues, providing both short-term mitigation and long-term remediation Support Tier 2 escalation requests and collaborate with Tier 3 engineering teams to resolve incidents Provide guidance and mentorship to junior systems and endpoint engineers Participate in client meetings to ensure technical requirements and operational needs are met Collaborate with security, infrastructure, and cloud engineering teams to implement new technologies and improvements Participate in special engineering initiatives, technology testing, and cloud modernization projectsRequirements:Education / Experience: Bachelor’s degree + 10 years relevant experience, OR Associate degree + 12 years relevant experience, OR 16 years of relevant experienceTools and Technologies: Experience managing cloud-based endpoint environments Experience supporting Azure Virtual Desktop (AVD) environments Experience with Nerdio or similar AVD management platforms Familiarity with PSAppDeployToolkit (PSADT) Experience implementing Windows Defender Application Control (WDAC) Experience with endpoint vulnerability management Preferred Technical Skills: Strong experience with Microsoft Intune administration and engineering Experience supporting software packaging, patch management, and application deployment