DMI is seeking an IT Engineer to provide engineering-level endpoint and infrastructure support for a federal agency client. This is not a Tier 1 help desk role — you will design, implement, and maintain technical controls across Windows and macOS environments, covering imaging, patch management, device lifecycle, identity engineering, and telemetry to support threat detection and incident response.

Duties and Responsibilities:

• Design and maintain secure, standardized workstation images for macOS and Windows platforms, including VDI and remote access configurations
• Engineer and maintain endpoint configuration baselines using Ivanti, KACE, Microsoft Intune, and Windows Autopilot; remediate configuration drift and enforce compliance policies
• Implement and manage OS and application patch management processes; coordinate orchestration, post-deployment validation, and rollback
• Support device enrollment, provisioning, and lifecycle management using Intune, Autopilot, Apple Business Manager, and JAMF; maintain accurate asset inventory
• Configure and maintain endpoint logging and telemetry; ensure log forwarding to enterprise SIEM and EDR platforms
• Follow a formal assessment-to-remediation workflow, producing Findings Reports, Remediation Plans, and Validation Reports for all engineering changes
• Produce and maintain operational runbooks, knowledge transfer materials, and escalation documentation

Education and Years of Experience:  

• Bachelor's degree in Information Technology, Cybersecurity, or a related field preferred
• Education requirements may be waived based on professional experience, at the government’s discretion
• 8+ years of experience in Information Technology, Endpoint Engineering, or Cybersecurity
• 6+ years performing engineering (not help desk) functions in enterprise environments
• Experience building and maintaining Windows and macOS workstation images, including automation, validation, and rollback 
• Hands-on experience with Ivanti and/or KACE for OS and application patch management 
• Experience with Microsoft Intune and Windows Autopilot for device provisioning and compliance enforcement 
• Experience implementing passwordless authentication and hardware-backed credentials 
• Experience configuring endpoint logging and forwarding telemetry to SIEM and EDR platforms 
• Experience supporting forensic collection and audit readiness 
• Experience working under formal change control, audit, and security governance processes 

Required Skills & Certifications: 

• Experience with JAMF Pro for macOS endpoint management
• Microsoft certification in endpoint management or cloud administration
• Prior federal government IT engineering experience

Clearance Requirements: Must possess or be eligible to obtain and complete a government security screening and/or a Secret security clearance.

• Active Top Secret (TS) clearance required.

Citizenship Status Required: Must be a U.S. Citizen

Physical Requirements: None required for this position.

Location: Remote, US