Senior Engineer - Systems

Essential Duties and ResponsibilitiesDesign, implement, and maintain enterprise Intune infrastructure, including configuration profiles, compliance policies, conditional access, and application management at scale.Architect manage Windows Autopilot deployment solutions across the organization, including profile design, device registration, and integration with Entra ID and Intune.Plan and execute migrations from on-premises or hybrid endpoint management environments (MECM / GPO) to a modern Intune-based management model, minimizing disruption to end users.Train, guide, and support cross-functional teams while streamlining system processes, improving workflow efficiency, and enhancing the overall user experience.Maintain a working knowledge of MECM infrastructure to support co-management scenarios, policy coexistence, and workload transitions to Intune.Configure and manage MECM and Intune co-management workloads to ensure a smooth transition toward cloud-native endpoint management.Define and enforce device configuration standards, security baselines, and compliance frameworks across managed endpoints.Provide technical guidance and mentorship to associate- and mid-level engineers on Intune, Autopilot, and endpoint management best practices.Partner with security, identity, and helpdesk teams to align endpoint management strategies with broader organizational goals.Own and maintain comprehensive documentation for Intune and Autopilot processes, migration playbooks, and infrastructure configurations.Job Specific Duties and ResponsibilitiesIntune infrastructure ownership - Design, implement, and maintain enterprise Intune infrastructure including configuration profiles, compliance policies, conditional access, and app management at scale.Autopilot program lead - Architect and manage Windows Autopilot deployment strategies across the organization, including profile design, device registration, and integration with Entra ID and Intune.Intune migration leadership - Plan and execute migrations from on-premises or hybrid management environments (MECM / GPO) to a modern Intune-based management model, minimizing disruption to end users.MECM infrastructure support - Maintain working knowledge of MECM infrastructure to support co-management scenarios, policy coexistence, and workload transitions to Intune.Co-management configuration - Configure and manage MECM and Intune co-management workloads, ensuring a smooth transition path as the organization moves toward cloud-native management.Policy & security architecture - Define and enforce device configuration standards, security baselines, and compliance frameworks across managed endpoints.Team mentorship - Provide technical guidance and mentorship to associate and mid-level engineers on Intune, Autopilot, and endpoint management best practices.Stakeholder collaboration - Partner with security, identity, and helpdesk teams to align endpoint management strategies with broader organizational goals.Documentation & runbooks - Own and maintain comprehensive documentation for all Intune and Autopilot processes, migration playbooks, and infrastructure configurations.Minimum RequirementsBachelor\'s degree in relevant field of study and 5+ years of relevant professional experience required, or equivalent combination of education and experience.Job Specific Requirements5+ years of experience in enterprise endpoint management or systems engineering3+ years of hands-on experience with Microsoft Intune in a production enterprise environmentProven experience leading or executing an Intune migration from MECM or GPO-based managementStrong working knowledge of Windows Autopilot in an enterprise settingFamiliarity with MECM / SCCM in a co-management or hybrid capacityMust have the following experience for considerationMicrosoft Intune - Expert LevelIntune tenant configuration and administrationDevice configuration profiles (Windows, iOS, Android, macOS)Compliance policies and conditional access integrationApp deployment and management (Win32, MSIX, LOB apps)PowerShell and Intune scripting / remediation scriptsRole-based access control (RBAC) within IntuneEntra ID (Azure AD) device identity and hybrid joinEndpoint security policies (Defender, BitLocker, Firewall)Update rings and Windows Update for BusinessIntune reporting and monitoringWindows Autopilot - Expert LevelAutopilot profile design and deployment strategyAll deployment modes (user-driven, self-deploying, pre-provisioning)Hardware hash registration and OEM / reseller integrationEnrollment Status Page (ESP) configuration and troubleshootingAutopilot Reset and device reprovisioningIntegration with Entra ID and dynamic device groupsIntune Migration - Core CompetencyMECM to Intune workload migration planning and executionGPO to Intune configuration profile translationCo-management enablement and workload transitionHybrid Azure AD join to Entra ID join migrationStakeholder communication and change management during migrationsValidation and testing frameworks for policy parityMECM / SCCM - Working KnowledgeCo-management configuration and workload managementSite infrastructure and hierarchy awarenessOSD and task sequence fundamentalsSoftware deployment and patch managementClient health and troubleshootingSupporting & General SkillsPowerShell scripting (intermediate to advanced)Microsoft Graph API (basic to intermediate)Entra ID / Azure AD administrationActive Directory and Group PolicyNetworking fundamentals (DNS, DHCP, VPN, proxy)Windows 10 / 11 enterprise architectureSecurity baseline frameworks (CIS, DISA STIG awareness)Strong documentation and technical writing skillsProject and migration planningPreferred :Microsoft MD-102 (Endpoint Administrator) certifiedMicrosoft SC-300 or AZ-104 a plusExperience with Microsoft 365 and Defender for Endpoint integrationFamiliarity with Zero Trust network access principlesExperience working in regulated or compliance-driven environmentsEEO StatementMaximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics.Pay TransparencyMaximus compensation is based on various factors including but not limited to job location, a candidate\'s education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus\'s total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant\'s salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.AccommodationsMaximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at applicantaccom@maximus.com.Minimum Salary102,720.00Maximum Salary154,080.00J-18808-Ljbffr