Maximus UKRemote
Sr. Engineer — Systems
United States of America
Full Time
2 hours ago
$103,000 - $154,000 USD
Visa Sponsor
Key skills
PowerShellAzureAzure ADEntra IDActive DirectoryiOSAndroidChange ManagementCommunicationZero TrustFirewall
About this role
Maximus is seeking an experienced Sr. Engineer for their enterprise Endpoint Management strategy, primarily focusing on Microsoft Intune and Windows Autopilot infrastructure. The role involves serving as a subject matter expert, leading Intune migration efforts, and providing architectural guidance across the team.
Responsibilities:
- Design, implement, and maintain enterprise Intune infrastructure, including configuration profiles, compliance policies, conditional access, and application management at scale
- Architect manage Windows Autopilot deployment solutions across the organization, including profile design, device registration, and integration with Entra ID and Intune
- Plan and execute migrations from on‑premises or hybrid endpoint management environments (MECM/GPO) to a modern Intune‑based management model, minimizing disruption to end users
- Train, guide, and support cross‑functional teams while streamlining system processes, improving workflow efficiency, and enhancing the overall user experience
- Maintain a working knowledge of MECM infrastructure to support co-management scenarios, policy coexistence, and workload transitions to Intune
- Configure and manage MECM and Intune co‑management workloads to ensure a smooth transition toward cloud‑native endpoint management
- Define and enforce device configuration standards, security baselines, and compliance frameworks across managed endpoints
- Provide technical guidance and mentorship to associate‑ and mid‑level engineers on Intune, Autopilot, and endpoint management best practices
- Partner with security, identity, and helpdesk teams to align endpoint management strategies with broader organizational goals
- Own and maintain comprehensive documentation for Intune and Autopilot processes, migration playbooks, and infrastructure configurations
Requirements:
- Bachelor's degree in relevant field of study and 5+ years of relevant professional experience required, or equivalent combination of education and experience
- 5+ years of experience in enterprise endpoint management or systems engineering
- 3+ years of hands-on experience with Microsoft Intune in a production enterprise environment
- Proven experience leading or executing an Intune migration from MECM or GPO-based management
- Strong working knowledge of Windows Autopilot in an enterprise setting
- Familiarity with MECM/SCCM in a co-management or hybrid capacity
- Intune tenant configuration and administration
- Device configuration profiles (Windows, iOS, Android, macOS)
- Compliance policies and conditional access integration
- App deployment and management (Win32, MSIX, LOB apps)
- PowerShell and Intune scripting / remediation scripts
- Role-based access control (RBAC) within Intune
- Entra ID (Azure AD) device identity and hybrid join
- Endpoint security policies (Defender, BitLocker, Firewall)
- Update rings and Windows Update for Business
- Intune reporting and monitoring
- Autopilot profile design and deployment strategy
- All deployment modes (user-driven, self-deploying, pre-provisioning)
- Hardware hash registration and OEM/reseller integration
- Enrollment Status Page (ESP) configuration and troubleshooting
- Autopilot Reset and device reprovisioning
- Integration with Entra ID and dynamic device groups
- MECM to Intune workload migration planning and execution
- GPO to Intune configuration profile translation
- Co-management enablement and workload transition
- Hybrid Azure AD join to Entra ID join migration
- Stakeholder communication and change management during migrations
- Validation and testing frameworks for policy parity
- Co-management configuration and workload management
- Site infrastructure and hierarchy awareness
- OSD and task sequence fundamentals
- Software deployment and patch management
- Client health and troubleshooting
- PowerShell scripting (intermediate to advanced)
- Microsoft Graph API (basic to intermediate)
- Entra ID / Azure AD administration
- Active Directory and Group Policy
- Networking fundamentals (DNS, DHCP, VPN, proxy)
- Windows 10/11 enterprise architecture
- Security baseline frameworks (CIS, DISA STIG awareness)
- Strong documentation and technical writing skills
- Project and migration planning
- Microsoft MD-102 (Endpoint Administrator) certified
- Microsoft SC-300 or AZ-104 a plus
- Experience with Microsoft 365 and Defender for Endpoint integration
- Familiarity with Zero Trust network access principles
- Experience working in regulated or compliance-driven environments