Clearance Required:

Top Secret

Education Required:

BA/BS

US Citizenship:

Required

Summary

The MIL Corporation is looking for an Endpoint Engineering Lead (Computer Engineering, Team Lead). The Endpoint Engineering Lead is responsible for overseeing the design, implementation, and continuous improvement of secure endpoint platforms across macOS and Windows environments. This role ensures the creation and maintenance of standardized workstation images, configuration baselines, secure device lifecycle workflows, telemetry and logging pipelines, and automation capabilities that support enterprise-grade security, compliance, and operational readiness. The Lead guides engineering strategy, establishes best practices, develops documentation and runbooks, and drives coordination with Service Desk, IAM, Incident Response, and Security Operations teams.

This position currently requires an on-site schedule. Schedule is subject to change based on company/contract requirements.

This position is currently unfunded and is being posted in anticipation of a future contract award and funding approval. We are proactively identifying and engaging with qualified candidates. While candidates may be contacted for pre-screening, any hiring decisions will be contingent upon funding availability and final program requirements or client approval.

Responsibilities

Endpoint Engineering Leadership

• Direct and oversee engineering efforts for secure workstation images (macOS & Windows), ensuring baseline enforcement, VDI compatibility, authentication readiness, and logging/telemetry integration
• Lead the engineering lifecycle for endpoint configuration baselines, patching, version control, and configuration drift remediation using Ivanti, KACE, Intune, Autopilot, and JAMF as applicable
• Guide design and tuning of controls that prevent initial compromise, lateral movement, and credential misuse through hardened configurations and secure authentication mechanisms

Imaging, Patching, and Automation Oversight

• Own the engineering roadmap for imaging toolchains, automated deployment workflows, version control, patch orchestration, and post-patch validation processes
• Ensure consistent, secure workstation builds across divisions; maintain structured image release processes and change documentation
• Promote automation adoption to reduce manual tasks, accelerate remediation, and maintain high endpoint reliability

Device Enrollment & Lifecycle Management Leadership

• Oversee implementation and maintenance of secure device enrollment workflows (Intune, Autopilot, Apple Business Manager/JAMF), ensuring correct profile enforcement and authentication hardening
• Ensure strong asset accountability via integrated user-device association, lifecycle visibility, recovery-key escrow, and provisioning/decommissioning workflows
• Champion onboarding/offboarding automation to improve consistency and reduce human error

Monitoring, Telemetry, and Audit

• Lead development of endpoint telemetry pipelines across EDR, AV, logging agents, and OS/application logs; ensure reliable forwarding to SIEM/EDR platforms
• Drive monitoring and alerting for enrollment failures, image deployment issues, patch non-compliance, and agent health
• Maintain audit-ready documentation of image releases, configuration changes, remediation steps, and lifecycle engineering actions

Assessment, Remediation, and Change Governance

• Lead team execution of structured assessment 12 recommendation 12 implementation 12 validation workflows for endpoint-related changes
• Ensure all engineering changes meet governance, audit, and security review requirements and are fully documented for traceability

Knowledge Transfer, Documentation & Enablement

• Oversee creation of user-facing and operational runbooks for imaging, patching, enrollment, troubleshooting, and automation workflows
• Conduct and coordinate training sessions for Service Desk, IAM, and SOC teams to ensure operational sustainability
• Maintain a version-controlled knowledge base and ensure clear escalation paths

Travel

Travel expectations will be confirmed upon contract award and may vary based on customer and project requirements

Required Qualifications

• 8+ years in IT, Endpoint Engineering, or Cybersecurity
• 6+ years performing enterprise endpoint engineering work (not help desk)
• Deep experience with:
• Windows/macOS imaging, automation, validation, version control
• Ivanti/KACE patching and configuration management
• Intune, Autopilot, JAMF, and secure authentication methods (e.g., YubiKey, CAC)
• Logging and telemetry engineering (Windows Event Logs, macOS Unified Logs, SIEM ingestion)
• Experience working within formal change control and audit-governed environments

Desired Qualifications

• Experience supporting forensic collections and audit readiness
• Prior leadership or senior engineering experience guiding multi-tool endpoint management ecosystems.

Education

Bachelor's degree (or equivalent experience) in IT, Cybersecurity, or related field

Clearance

Active Top Secret (TS) clearance.

Compensation

The MIL Corporation values your contributions and offers a range of benefits to support your overall well-being. We are pleased to offer a comprehensive range of benefits to our full-time employees which include health, life, disability, and retirement plans, as well as paid time off, opportunities for professional growth and tuition assistance. Additional benefits and incentives may also apply, which will be communicated during the hiring process.

For this position, the projected compensation range is $138,000 - $152,000 per year. This estimate represents the typical salary range and is just one part of MIL's complete compensation package. Final salary for this position is determined based on factors such as individual qualifications, education, experience, and contractual limitations. Learn more on the MIL Careers page.