The RoleWe're looking for a Lead MDM Engineer to own and drive the strategy, automation, and day-to-day management of our endpoint fleet across Windows and macOS platforms. You will be a senior member of the team responsible for building and maintaining the "Zero Touch" device experience for every SolarWinds employee.
This isn't a break-fix role. You'll be engineering the platform that makes laptops just work - from unboxing to retirement. You'll partner closely with Director of User Experience, the Global Helpdesk, and IT leadership to keep our endpoints secure, compliant, and frictionless.
ResponsibilitiesEndpoint Management & Strategy
- Own and mature our Microsoft Intune environment - Autopilot profiles, compliance policies, configuration profiles, Autopatch rings, and Conditional Access integration via Entra ID.
- Own and mature our JAMF Pro environment - automated enrollment (DEP/ABM), Self Service policies, JAMF Connect, scripting, and smart/static group management.
- Architect and maintain the Intune + JAMF integration (JAMF as Management Authority, Intune as Compliance Authority) to enforce a single security posture across platforms.
- Design, test, and deploy Zero Touch provisioning workflows for both Windows (Autopilot) and macOS (DEP/ABM + JAMF) so new hires are productive from day one.
Security & Compliance
- Build and enforce device compliance policies aligned with security requirements - encryption, OS currency, antivirus status, Conditional Access gating.
- Partner with Our Security Teams to remediate endpoint vulnerabilities, deploy emergency patches, and manage security agent deployments (SentinelOne, Microsoft Defender).
- Manage Endpoint Privilege Management (Admin By Request) policies and Intune RBAC roles.
- Support audit and compliance requirements by maintaining clean device inventories and accurate reporting.
Lifecycle & Operations
- Manage full device lifecycle: enrollment �12 provisioning �12 patching �12 compliance monitoring �12 retirement/wipe.
- Maintain and improve application packaging and deployment pipelines for both platforms.
- andle Tier 3 escalations from the Global Helpdesk related to MDM, device provisioning, and platform issues.
- Develop and maintain Knowledge Base articles and runbooks to enable Helpdesk shift-left on common MDM issues.
Automation & Continuous Improvement
- Write and maintain PowerShell and Bash/Shell scripts to automate device management tasks, reporting, and remediation.
- Build dashboards and reporting (e.g., compliance rates, enrollment success, OS version distribution, patch status) to track fleet health.
- Identify opportunities to reduce ticket volume through proactive policy, self-healing scripts, and improved self-service options.
- Contribute to sprint-based project work (MDM team runs Jira sprints) for platform improvements and security initiatives.
Qualifications- 5+ years of hands-on experience managing endpoints at scale in a corporate environment.
- Deep expertise in Microsoft Intune - Autopilot, compliance policies, configuration profiles, Autopatch, Conditional Access, Entra ID integration.
- Deep expertise in JAMF Pro - DEP enrollment, Self Service, JAMF Connect, configuration profiles, smart groups, scripting (Bash/Shell).
- Strong understanding of Apple Business Manager (ABM) and the Apple device lifecycle.
- Solid experience with Windows 10/11 and macOS administration and troubleshooting.
- Proficiency scripting in PowerShell and Bash/Shell for automation and reporting.
- Understanding of Entra ID (Azure AD), Conditional Access, and modern identity-driven security models.
- Familiarity with endpoint security tooling - EDR, privilege management, encryption enforcement.
- Strong documentation habits - you write the KB article before someone asks.
- Relevant certifications: Microsoft Certified (Intune/Endpoint Manager), JAMF 200/300/370, Apple Certified.
