Security Endpoint Engineer/Admin

The Endpoint Engineer/Administrator shall assist with implementing and operating Endpoint Security infrastructure to protect the DCGOV IT infrastructure. The position is in the Citywide.

The Endpoint Engineer/Administrator will be intimately familiar with next generation Endpoint management/protection platforms including but not limited to Microsoft Intune, Tanium provisioning and patching management, Jamf macOS device management, and CrowdStrike security. The engineer must have mastery-level skill with Endpoint Device and patch Management. Hands-on experience with implementing and managing the following technologies like Device Provisioning, Windows Autopilot, Creation and Configuration of device policies, Software Packaging & distribution, Windows OS and software patching, reporting in Intune using Graph explorer and API. To be successful in this position, the candidate will be responsible for managing the endpoint devices within our organization, ensuring that they are secure, up-to-date, and functioning at peak performance. As an Endpoint Engineer, the candidate will also be responsible for providing support to end-users, troubleshooting issues, and identifying areas for improvement. Must display excellent teamwork skills, technical, written, and oral communication skills, and ability to learn and adapt in a fast-paced environment. The candidate must have in-depth knowledge of the aforementioned point products and can formulate Security policy and manage Security configuration.

1. Day-to-day administration of our MDM environment, including Configuration of Intune and Autopilot.
2. Maintain the development, test and production environments.
3. Manage various device policies and desktop applications in Microsoft Intune and JamF within the organization.
4. Deploy software updates, Windows OS patches, and updates to endpoints using automated tools.
5. Develop and maintain endpoint operating system infrastructure and perform day-to-day tune-up and maintenance as required policies and procedures.
6. Manage various components of Azure AD, Intune, Tanium, and Jamf.
7. Troubleshoot endpoint issues and provide support to end-users.
8. Create and update endpoint agent policies as per requirements.
9. Provide assistance and validation of implementation timelines and delivery management.
10. Communicate clearly to executive management/end users and manage the reporting process.
11. Coordinate and drive Endpoint solutions and direction to achieve measurable increases in OS deployment, end-user knowledge, and operations.
12. Application Packaging / scripting for deployment of apps on Windows and macOS.
13. Provide up-to-date information on SW updates and alerts.
14. Support team in the design and implementation of highly available, scalable, and secure modern mobility solutions using industry best practices on Microsoft Intune and AzureAD + other 3rd party technologies.
15. Create and maintain technical documentation as well as assist with training and related materials as needed.

1. 3+ years Performing successful Windows OS updates.
2. 6+ years total progressive IT experience.
3. 5+ years of Endpoint Management and Security.
4. 3+ years Troubleshooting complex experience in endpoint engineering with PowerShell, VBScript and batch scripting. Strong focus on Windows and macOS devices.
5. 5+ Experience with device management platforms such as Microsoft Intune, Tanium, and/or Jamf.
6. 2+ years Strong understanding of network technologies, such as DNS, DHCP, TCP/IP, VPN, and other related technologies.
7. 2+ years cloud-based platforms such as Azure AD and Intune, integration with endpoint management solutions.
8. Analytical and problem-solving skills.
9. Excellent communication and interpersonal skills.
10. Ability to work independently and as part of a team in a fast-paced environment.

1. Endpoint Engineer subject-matter expert (SME).
2. Experience in managing Azure AD, Intune, Tanium (Jamf would be a plus).
3. BS in computer science/IT/SW or related field.
4. Data security and networking experience required.

1. The Endpoint Engineer is responsible for effective Device provisioning, Software and policy installation/configuration, operations, and maintenance of device management infrastructure.
2. Participates in technical research and development to enable continuing innovation within the infrastructure.
3. Ensures that system hardware, operating systems, software systems, and related procedures adhere to District policies, standards, and guidelines.
4. Endpoint engineering and provisioning, operations and support, maintenance and research and development to ensure continual innovation.
5. Device provisioning for new and existing devices using Windows Autopilot, configuration of device-based policies, applications, services, settings in accordance with standards and project/operational requirements.
6. Performs daily system monitoring, verifying the systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
7. Performs regular security monitoring to identify any possible intrusions.
8. Deploy Operating system images, software packages, device configuration policies, patches, and updates to endpoints using automated tools like Intune, Tanium, and JamF.
9. Provides Tier III support per request from various agencies.
10. Investigates and troubleshoots issues.
11. Diagnoses and recovers from software failures.
12. Coordinates and communicates with impacted agencies.
13. Applies operating system (OS) patches and upgrades on a regular basis and upgrades administrative tools and utilities.
14. Upgrades and configures system software that supports infrastructure applications or Asset Management applications per project or operational needs.

1. Demonstrated experience in Device Management. Required 6 Years
2. Demonstrated experience with Microsoft Intune. Required 3 Years
3. Demonstrated experience using Device Provisioning. Required 2 Years
4. Demonstrated experience with PowerShell and Shell scripting. Required 3 Years
5. Demonstrated experience with Endpoint Security management solutions. Required 3 Years
6. Software Packaging & Distribution. Required 4 Years
7. Device policies, settings, and registry. Required 4 Years
8. Operating system (OS deployment, patches, and upgrades). Required 4 Years
9. Windows Autopilot Provisioning. Required 2 Years
10. BS Degree in IT, Cybersecurity, Engineering, or equivalent experience. Required