Sr. Platform Engineer, Endpoint; Hybrid - Seattle, WA

Position: Sr. Platform Engineer, Endpoint (Hybrid - Seattle, WA)
Job Description

A Senior Engineer is a key member of the Nordstrom Technology organization, applying engineering principles to design, build, and maintain technology products and solutions that drive amazing customer and employee experiences. As a Senior Engineer on the Productivity and Collaboration team, you will own the end-to-end lifecycle of client endpoint platforms (Windows client and server operating systems, macOS, mobile devices, and virtual desktop infrastructure) including securing, configuring, and automating these environments through expert scripting and tooling.

You will act as a subject matter expert and technical leader, driving endpoint reliability, security posture, and productivity improvements across Nordstrom. You bring deep hands-on expertise with Microsoft and Apple endpoint management platforms, along with experience managing Intune-enrolled mobile devices and virtual desktop environments, and strong scripting and automation skills that allow you to build scalable, repeatable solutions rather than one-off fixes.

A day in the life...

Endpoint Management & Configuration

* Design, build, and maintain configurations for Windows client and server operating systems, macOS, mobile, and virtual desktop endpoint platforms

* Develop and maintain device configuration profiles, compliance policies, and conditional access rules in Microsoft Intune and MECM/SCCM

* Deploy and maintain Virtual Desktop Infrastructure (VDI) environments, including management of VM images, user profile configurations, and the supporting platforms that maintain the health and operation of those environments

* Own the deployment pipeline for operating system images, application packaging, and patch management across all client endpoint platforms

* Architect and implement MDM/UEM solutions that enforce security baselines while preserving end-user productivity

* Lead endpoint hardening initiatives including CIS benchmark alignment, zero-trust policy enforcement, and certificate lifecycle management

Vulnerability Remediation

* Partner with the Security team to triage, prioritize, and remediate endpoint vulnerabilities across the Windows, macOS, mobile, and virtual desktop fleet in accordance with SLA targets

* Develop and maintain automated remediation scripts and Intune remediation packages to detect and resolve CVEs, misconfigurations, and compliance gaps at scale without manual intervention

* Operate and tune endpoint detection tooling to maintain continuous visibility into the vulnerability posture of the fleet

* Track remediation progress, report on vulnerability metrics and trends, and drive closure of open findings through coordination with application owners

Scripting & Automation

* Write robust Power Shell, Python, or Bash scripts to automate endpoint provisioning, compliance remediation, VDI image management, software deployment, and configuration drift detection

* Build and maintain automation pipelines for endpoint lifecycle events (enrollment, reconfiguration, decommission) using Intune Graph API, MECM task sequences, and CI/CD tooling

* Develop scripts and tools that surface endpoint health telemetry into monitoring platforms such as New Relic

* Maintain code in source control (Git Hub), apply code review practices, and document automation libraries for team reuse

* Identify manual, repetitive operational tasks and replace them with reliable, tested automation

Technical Leadership & Collaboration

* Serve as the team's subject matter expert for Windows, macOS, and mobile endpoint platforms

* Drive end-user experience goals and ongoing productivity improvement initiatives across the endpoint fleet

* Lead incident resolution, cross-functional troubleshooting, and root cause analysis for complex endpoint issues; engage vendors where appropriate

* Partner with the team's manager and program manager to define and execute team vision and roadmaps

* Write and contribute to project plans, runbooks, and team documentation

* Collaborate with Security, Networking, and Application teams to ensure endpoints meet compliance and access control requirements

* Provide mentorship and technical coaching to team members on endpoint engineering best practices

* Participate in an on-call rotation as needed

You own this if you have...

* 6+ years of experience with end-user computing technologies within a complex organization, including development, implementation, and support

* Expert hands-on experience managing Windows client and server operating systems at scale using Microsoft Endpoint Configuration Manager (MECM/SCCM)

* Experience managing macOS, including configuration profiles, compliance policies, and software distribution

* Experience deploying and managing Virtual Desktop Infrastructure (VDI) platforms, including image lifecycle management and the supporting infrastructure (e.g., Azure Virtual Desktop)

* Expert experience managing Intune-enrolled mobile devices (Android, iOS), including device enrollment, configuration, app protection policies, and…