Endpoint Management Engineer

Descrição do trabalho

About the Role

The Endpoint Management Engineer designs, builds, and operates a modern endpoint management platform across Windows, Apple, and Android devices in a large-scale, global enterprise environment. This role focuses on engineering (not day-to-day helpdesk support) and delivers secure, automated, compliant, and cost-efficient endpoint services aligned with Zero Trust principles and enterprise standards.

Key Responsibilities

Endpoint Engineering, Apple & Windows, Virtual Apps/Desktops, Cloud & Automation

· Engineer and operate end-to-end lifecycle management (enrollment, provisioning, configuration, patching, compliance, and decommissioning) across Windows, macOS, iOS/iPadOS, and Android.

· Build and maintain standardized configurations, baselines, and policies using Microsoft Intune and Omnissa Workspace ONE, with strong versioning, documentation, and controlled release processes.

· Drive reliability and performance improvements through observability, automation, and continuous optimization.

· Apple engineering: Operate ABM capabilities and device enrollment programs, develop Apple automation/tooling using Bash and/or Swift.

· Windows engineering: Implement Modern Management with Intune (policies, configuration profiles, security baselines, updates) and Windows Autopilot for provisioning/redeployment, engineer and execute the transition from GPO to Intune Configuration profiles, develop automation and configuration using Powershell and VBS.

· Engineer and support enterprise virtual app/desktop delivery with Citrix DaaS, leveraging AWS Workspaces Core for cost-efficient, non-persistent Windows Server 2025 workloads where applicable.

· Build automation and infrastructure workflows using Git-based CI/CD pipelines, apply Infrastructure-as-Code and image automation with Hashicorp Terraform and Hashicorp Packer.

· Integrate cloud platforms and enterprise APIs to automate provisioning, policy enforcement, reporting, and operational tasks, create and maintain reusable automation routines to reduce manual operations and improve service quality.

· Create and maintain automation and configuration using supporting languages/tools including HCL, JSON, YAML, VBS, and Python.

Security, Compliance & Endpoint Protection

· Operate and continuously enhance endpoint detection and response with Palo Alto Networks Cortex XDR, Microsoft Defender, and Lookout.

· Partner with security teams to implement controls, hardening standards, and incident response playbooks relevant to endpoints while maintaining excellent performance.

Zero Trust Access & Networking

· Support and integrate Zscaler ZIA/ZPA for secure internet access and private application access patterns, aligned with endpoint protection posture.

· Support and integrate Google Chrome Enterprise Premium with Citrix Secure Private Access and company managed profiles.

Delivery & Operating Model

· Deliver work through Agile practices (Scrum) using Jira, contribute to backlog refinement, sprint planning, Quarter Alignment Days, and continuous improvement.

· Operate services aligned with ITIL v4 practices (incident/problem/change, service requests, knowledge management), with an engineering-first approach.

Requirements

· Proven experience engineering and operating endpoint management at enterprise scale (multi-region, five-digit endpoints).

· Strong hands-on expertise with:

o Microsoft Intune (Windows and Apple management), Autopilot, Entra ID

o Experience with Apple identity programs and large-scale Managed Apple ID migration planning/execution.

o Omnissa Workspace ONE (Apple and Android management)

o Windows 11 and Windows enterprise configuration (Modern Management and GPO coexistence)

o macOS / iOS / iPadOS enterprise management and ABM

· Scripting/automation proficiency:

o PowerShell (advanced), plus Bash

o Familiarity with Python, JSON/YAML, and configuration tooling

· Experience with endpoint security tooling such as Palo Alto Networks Cortex XDR.

· Experience with Tanium modules and large-scale remediation/visibility workflows.

· Working knowledge of Citrix DaaS.

· Practical experience with Git CI/CD, Terraform, Packer, APIs, and automation-first engineering.

. Exceptional English communication skills (written and verbal).

Preferred Qualifications

· Experience integrating Zscaler with endpoint posture and identity.

· Experience integrating Google Chrome Enterprise Premium with Citrix Secure Private Access.

· Okta integration experience (IdP patterns, device/user access alignment).

· Cloud experience with AWS and/or Alibaba Cloud supporting endpoint/VDI services.

· Familiarity with FinOps principles for optimizing platf