Key skills
Unified Endpoint Management (UEM)ManageEngine Endpoint CentralMicrosoft SCCM/MECMApplication PackagingMSI packagingMSIX packagingScripted silent-install deploymentWindows Server OS patch managementMicrosoft IntunePowerShell scriptingEncryption managementLocal administrator password managementEndpoint hardening baseline configurationWindows 10/11 troubleshootingEnterprise application packaging toolsPowerShell
About this role
ProAmpac is a nearly $5 billion packaging company seeking an Endpoint Engineer to join their Cloud & Digital Workplace Services team. This role involves owning the enterprise Unified Endpoint Management platform, managing application packaging, and overseeing Windows server OS patching across a rapidly growing fleet.
Responsibilities:
- Administer Endpoint Central as the primary owner across all managed Windows desktops and servers: device enrollment, configuration policy, software deployment, remote control, and compliance reporting
- Monitor endpoint health, agent connectivity, and policy compliance at scale; investigate and resolve drift and non-compliance
- Manage BIOS and firmware update testing and staged rollout; administer high-risk and outdated software remediation within defined SLAs
- Own the enterprise application packaging library: build, test, version, and maintain deployment-ready packages for all managed software
- Package applications in MSI, MSIX, IntuneWin, and scripted EXE silent wrapper formats; collaborate with vendors to obtain silent install parameters and resolve compatibility issues
- Deploy applications via Endpoint Central and Intune; manage targeting, scheduling, and deployment rings to minimize user disruption
- Establish and document packaging standards, testing procedures, and naming conventions
- Support legacy application compatibility testing during OS upgrades and desktop refresh cycles
- Own the Windows server OS patching program via Endpoint Central across a large and rapidly growing server estate: maintenance windows, patch rings, and deployment schedules
- Coordinate patching schedules with Cloud Platform and Networking teams; monitor compliance and remediate failures within SLA
- Track exceptions, escalate unresolved vulnerabilities, and support desktop OS patching
- Manage the Windows workstation lifecycle from provisioning through retirement; coordinate hardware refresh cycles with procurement and the Service Desk
- Support new workstation deployments with your Intune counterpart; ensure devices are enrolled, compliant, and configured before user handoff
- Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices
- Apply and maintain endpoint hardening baselines across Windows platforms; coordinate with InfoSec on gap remediation
- Support management of the enterprise digital signage platform (Skykit): device enrollment, content policy, and operational support across ProAmpac sites
- Own endpoint asset data quality in Lansweeper; drive asset management process adherence by the Service Desk and maintain accurate lifecycle records
- Maintain working proficiency in Intune to cover your counterpart during absences; assist with package deployment, compliance troubleshooting, and Autopilot support as needed
- Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB)
- Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support
Requirements:
- 3–5 years of enterprise endpoint engineering or systems administration experience focused on UEM or desktop/server management platforms
- Hands-on experience with ManageEngine Endpoint Central, Microsoft SCCM/MECM, or a comparable enterprise UEM platform at scale
- Strong application packaging experience: MSI, MSIX, and scripted silent-install deployments; ability to build and troubleshoot packages independently
- Solid Windows Server OS patch management experience in an enterprise environment with a large server footprint
- Working knowledge of Microsoft Intune for Windows device management and application deployment
- Proficiency in PowerShell scripting for automation, reporting, and bulk remediation
- Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration
- Strong troubleshooting skills across Windows 10/11 desktop and server environments
- Self-motivated, detail-oriented, and able to manage concurrent tasks independently
- Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience
- Microsoft MD-102 (Endpoint Administrator Associate) certification or actively working toward it
- Experience with enterprise application packaging or repackaging tools (e.g., PACE Suite, InstallShield, or equivalent)
- Familiarity with IGEL OS or thin client management platforms
- Experience supporting manufacturing or multi-site industrial environments