Endpoint Engineer
ARCHIVED
We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.
**** Sorry no third party candidates ****ENDPOINT & IDENTITYSECURITY ENGINEERPosition Summary We are seeking an experienced Endpoint & Identity Security Engineer to serve as the technical authority for device posture, compliance policy, and authentication platform engineering across our enterprise environment. This is a hands-on engineering role — you will own the architecture, build, testing, and deployment of solutions across our endpoint management and identity security platforms, while our Support and HelpDesk teams handle day-to-day operations and first-line escalations.Our environment spans Windows, macOS, iOS, and Android devices across a mix of corporate-owned and BYOD use cases. A strong candidate will bring genuine cross-platform depth and the ability to understand how endpoint management, device compliance, and identity platformsinteract to enforce consistent security posture across a diverse device ecosystem.Equally important is the abilityto operate effectively across teams. This role presentssolutions to IT Directors and Management, trains and enables Support staff, and collaborates directly with our Security team and CISO. The ability to communicate technical risk and impact clearly — both up and down — is a core expectation of the role, not a secondary skill.Key Responsibilities Endpoint Management & Device ConfigurationDesign, build, and maintain device enrollment architectures, configuration profiles, and compliance policies across Windows,iOS, and Androidplatforms using enterprise MDM tooling.Own and driveWindows device management strategy, including modernmanagement architecture aligned to cloud-native identity and device management best practices.Manage Android enterprise device deployments including corporate-owned and BYOD use cases, kiosk-mode configurations for operational environments, and enterprise mobile application management.Maintain solid working knowledge of Apple device management platforms and their integration with enterprise identity platforms for compliance and access enforcement across macOS and iOS devices.Collaborate with Appledevice management specialists on cross-platform compliance and authentication integration points.Ensure endpoint securityplatform posture signalsare properly integrated into device compliance and access control policies across managed operating systems.Identity Security &Authentication EngineeringEngineer and maintainenterprise MFA and authentication platformdeployments, including device trust, device health enforcement, and evaluation of passwordless authentication capabilities.Lead the design,integration, and operationalization of authentication platformcapabilities within the enterprise identity environment, including policy design and phased rollout in partnership with the Security team.Build, test, and deploy Conditional Access policies within the enterprise identity platform; ownassociated group structures scoped to policy requirements and maintain policy integrity as the environment evolves.Evaluate emerging authentication platform capabilities and assess fit within the broader identity architecture, ensuring solutions remain properly aligned without duplicating or conflicting with existing infrastructure.Security Posture & Compliance PolicyDesign and implement device compliance policiesguided by NIST and CIS benchmarks, applying controls that strengthen security posture without disrupting critical business operations.Partner with the internal Security team to evaluate recommended security controls and translate accepted requirements into deployable configuration profiles across managed platforms and approved browsers.Participate in device posture remediation efforts when remediation paths involve configuration profile changes,compliance policy updates,or access controlmodifications.Maintain consistent compliance policy coverage across all manageddevice types and operating systems, with clear traceability to access control enforcement logic.Change Management, Documentation & EnablementManage all platform changes through the organization’s formal change management process; assess, document, and communicate risk,scope, and end user impactprior to any production deployment.Author and maintain technical documentation and knowledge base articles for all platforms andprocesses within scope;ensure Support and HelpDesk staffare trained and enabled on new configurations, tooling, and process changes.Maintain accurate recordsof solution designs,configurations, and platformdecisions within the ITSM platform in accordance with departmental documentation standards.Prepare and present solution designs, project plans, and risk assessments to IT Management and Directors; communicate technical complexity and business impactclearly without relying on excessive technical detail.Engage with the PMO on larger programsand projects that require formalgovernance, milestone tracking, or cross-team coordination.Escalation & AvailabilityServe as the final escalation point for endpointmanagement and identitysecurity issues that exceed Support team resolution capability; provide timely, thorough resolution with appropriate documentation of findings and outcomes.Participate in the on-call rotation as assigned. Given the scope of this role — spanning authentication, device compliance, and endpoint access across an active venue and operations environment — a higher degree of availability and responsiveness is expected even outside of formally scheduled on-call periods.QualificationsRequired Experience & Skills7+ years of hands-on experience in endpoint management, device security, and identity platforms in enterprise environments, with demonstrated progression in scope,complexity, and ownership.Deep expertise with Microsoft Intune across the full configuration lifecycle: enrollment, configuration profiles, compliance policies, app deployment architecture, and Conditional Access integration.Hands-on enterprise MFA and authentication platform experience, including policy management, device trust, and integration with enterprise identity providers.Meaningful experience with Apple device management platforms in an enterprise environment — sufficient to understand platformarchitecture, configuration management for macOS and iOS, and integration with enterprise identity platforms for compliance enforcement. Candidates without Apple MDM exposure will not be considered for this role.Demonstrated experience managingmixed-platform environments: Windows,macOS, iOS, and Android.Solid working knowledgeof Microsoft Entra ID, includingConditional Access policy authoring, group management, and identity integration patterns.Familiarity with NIST and CIS security frameworks as applied to endpoint compliance and device posture.ITIL v4 Foundation — structured approachto change management and service operations is required.Strong written and verbal communication skills; demonstrated abilityto present technical solutions and risk assessments to non-technical IT leadership.Preferred CertificationsMicrosoft MD-102: EndpointAdministratorMicrosoft SC-300: Identityand Access AdministratorEnterprise MFA platformcertificationApple MDM platformcertificationNice to HaveThe following skills are not required but represent areaswhere additional experience will accelerate contribution in our environment:General SysAdmin background: on-premises Active Directory, Group Policy (GPO),DNS, SSL Certificate lifecycle management, VMwareEnterprise network accesscontrol and identityintelligence platformsEndpoint patch management and software deployment toolingVulnerability management platformsMicrosoft 365 platformbreadth (Exchange Online,Teams, SharePoint, Purview,etc.)Certificate enrollment and network device enrollment servicesEnterprise SSO and application registration managementITSM platform administration