Senior Engineer — Systems

Overview

Essential Duties and Responsibilities:

Design, implement, and maintain enterprise Intune infrastructure, including configuration profiles, compliance policies, conditional access, and application management hitect and manage Windows Autopilot deployment solutions across the organization, including profile design, device registration, and integration with Entra  Intune. Plan and execute migrations from on-premises or hybrid endpoint management environments (MECM/GPO) to a modern Intune-based management model, minimizing disruption to end users. Train, guide, and support cross-functional teams while streamlining system processes, improving workflow efficiency, and enhancing the overall user experience.

Maintain a working knowledge of MECM infrastructure to support co-management scenarios, policy coexistence, and workload transitions to Intune. Configure and manage MECM and Intune co-management workloads to ensure a smooth transition toward cloud-native endpoint management. Define and enforce device configuration standards, security baselines, and compliance frameworks across managed endpoints. Provide technical guidance and mentorship to associate- and mid-level engineers on Intune, Autopilot, and endpoint management best practices.

Partner with security, identity, and helpdesk teams to align endpoint management strategies with broader organizational goals. Own and maintain comprehensive documentation for Intune and Autopilot processes, migration playbooks, and infrastructure configurations.

• Intune infrastructure ownership - Design, implement, and maintain enterprise Intune infrastructure including configuration profiles, compliance policies, conditional access, and app management at scale.
• Autopilot program lead - Architect and manage Windows Autopilot deployment strategies across the organization, including profile design, device registration, and integration with Entra  Intune.
• Intune migration leadership - Plan and execute migrations from on-premises or hybrid management environments (MECM/GPO) to a modern Intune-based management model, minimizing disruption to end users.
• MECM infrastructure support - Maintain working knowledge of MECM infrastructure to support co-management scenarios, policy coexistence, and workload transitions to Intune.
• Co-management configuration - Configure and manage MECM and Intune co-management workloads, ensuring a smooth transition path as the organization moves toward cloud-native management.
• Policy & security architecture - Define and enforce device configuration standards, security baselines, and compliance frameworks across managed endpoints.
• Team mentorship - Provide technical guidance and mentorship to associate and mid-level engineers on Intune, Autopilot, and endpoint management best practices.
• Stakeholder collaboration - Partner with security, identity, and helpdesk teams to align endpoint management strategies with broader organizational goals.
• Documentation & runbooks - Own and maintain comprehensive documentation for all Intune and Autopilot processes, migration playbooks, and infrastructure configurations.

• Bachelor’s degree in a relevant field and 5+ years of relevant professional experience, or an equivalent combination of education and experience.

• 5+ years of experience in enterprise endpoint management or systems engineering
• 3+ years of hands-on experience with Microsoft Intune in a production enterprise environment
• Proven experience leading or executing an Intune migration from MECM or GPO-based management
• Strong working knowledge of Windows Autopilot in an enterprise setting
• Familiarity with MECM/SCCM in a co-management or hybrid capacity
• Microsoft Intune - Expert Level
• Intune tenant configuration and administration
• Device configuration profiles (Windows, iOS, Android, macOS)
• Compliance policies and conditional access integration
• App deployment and management (Win
  32, MSIX, LOB apps)
• Power Shell and Intune scripting / remediation scripts
• Role-based access control (RBAC) within Intune
• Entra  (Azure AD) device identity and hybrid join
• Endpoint security policies (Defender, Bit Locker, Firewall)
• Update rings and Windows Update for Business
• Intune reporting and monitoring
• Windows Autopilot - Expert Level
• Autopilot profile design and deployment strategy
• All deployment modes (user-driven, self-deploying, pre-provisioning)
• Hardware hash registration and OEM/reseller integration
• Enrollment Status Page (ESP) configuration and troubleshooting
• Autopilot Reset and device reprovisioning
• Integration with Entra  dynamic device groups
• Intune Migration - Core Competency
• MECM to Intune workload migration planning and execution
• GPO to Intune configuration profile translation
• Co-management enablement and workload transition
• Hybrid Azure AD join to Entra  migration
• Stakeholder communication and change management during migrations
• Validation and testing frameworks for policy parity
• MECM / SCCM - Working Knowledge
• Co-management…