• Core Responsibilities & Job duties
• Design, implement, and manage Microsoft Intune configuration profiles, compliance policies, and Mobile Application Management (MAM)
• Deploy and manage Windows 11 devices using Autopilot, supporting zero-touch provisioning and maintaining imaging standards
• Implement and maintain endpoint security controls, including Security Baselines, BitLocker, firewall configurations, and Conditional Access aligned with Zero Trust principles
• Oversee operating system and application patching for workstation environments
• Develop and maintain automation and reporting solutions using PowerShell for endpoint management tasks
• Provide third-level support for complex device, application, and deployment issues, including root cause analysis and remediation
• Manage the health, configuration, and patching of the Tanium platform
• Identify, monitor, and remediate endpoint vulnerabilities, detect configuration drift, and enforce security policies
• Develop custom and optimized scripts using PowerShell, Python, and Bash to automate workflows and execute large-scale endpoint changes
• Utilize Tanium for asset discovery, inventory management, and reporting to deliver actionable insights
• Scope, package, test, and deploy desktop applications across the enterprise environment
• Ensure all solutions meet established supportability, compliance, and security requirements
• Troubleshoot and remediate failed deployments to maintain overall deployment health
• Build, maintain, and update gold images using standardized build-and-capture methodologies
• Maintain task sequences to ensure alignment with current departmental and operational needs
• Diagnose and resolve complex client issues using industry best practices and custom solutions
• Identify, recommend, and implement improvements to enhance endpoint reliability and performance
• Design and maintain CB/CI configurations and asset intelligence reporting
• Develop and support automation workflows using ServiceNow or comparable platforms
• Create, maintain, and update SOPs and technical documentation to support knowledge sharing and operational continuity
• Develop self-service solutions for internal customers, including silent installers, remediation scripts, and data collection queries
• Provide Tier 3 support and technical mentorship for SCCM, Intune, and/or Tanium teams and support technicians
• Deliver SOP training and collaborate closely with Endpoint Engineering team members on escalations and solution development

• Deep expertise in Microsoft Intune & Tanium endpoint management systems
• Strong proficiency with Windows 11 endpoint management; experience with macOS, iOS, and Android environments
• Solid understanding of identity and security technologies, including Azure Active Directory (Entra ID), Active Directory Group Policy, and endpoint security controls
• Proficiency in PowerShell scripting for automation, management, and reporting
• 5+ years of experience in IT operations with a strong focus on endpoint engineering or endpoint management
• Proven experience configuring, administering, and supporting the Tanium platform
• Advanced scripting skills using PowerShell, Python, and/or Bash
• Strong understanding of operating systems (Windows, Linux, macOS) and endpoint security principles
• Demonstrated ability to troubleshoot and resolve agent-side and server-side issues in large-scale enterprise environments

---

This role is responsible for the engineering, security, and operational management of enterprise endpoint environments across a global operating company. The position focuses on delivering secure, scalable, and automated endpoint solutions using Microsoft Intune, Tanium, and supporting platforms, with an emphasis on Windows 11 provisioning, Zero Trust security controls, and large-scale automation. The role supports globally distributed users and devices by ensuring consistent endpoint standards, regional compliance alignment, and reliable operations across time zones, while providing Tier 3 escalation support, technical guidance, and continuous improvement across endpoint engineering operations.