Microsoft SMEPosition SummarySofttek Government Solutions is seeking highly cleared, experienced IT engineering professionals to support the Congressional Budget Office (CBO) Service Desk Engineering task order. This initiative focuses on fundamentally hardening the CBO's enterprise environment to reduce the risk of unauthorized lateral movement, credential misuse, and persistence techniques.
Note: This is an advanced engineering scope focused on resolving complex escalations, implementing security architecture, and developing automated workflows. It does not involve routine Tier 1 end-user help desk support.
The engineering team will be responsible for designing, deploying, and maintaining the technical controls necessary to secure endpoint, identity, and device lifecycle operations.
Responsibilities- Design and maintain standardized Windows workstation images for on-site and VDI/remote access.
- Leverage Microsoft Intune to enforce device compliance, configuration profiles, security policies, and conditional access requirements.
- Engineer and support Microsoft Intune registration and Windows Autopilot for desktops, laptops, and CBO-issued mobile devices, including passwordless authentication and hardware-backed credentials.
- Manage Windows patching orchestration via Intune/GPO in coordination with Ivanti, including post-deployment validation and rollback.
- Apply expert-level Group Policy (GPO) management to enforce baseline configurations across the Windows estate.
- Ensure proper configuration of Windows Event Logs and Windows Event Forwarding for forensic readiness and SIEM integration.
- Produce runbooks, remediation plans, and conduct knowledge transfer sessions with Service Desk and Incident Response teams.
Education- Bachelor's degree in Information Technology, Cybersecurity, or a related field. Formal education requirements may be waived based on relevant professional experience
Qualifications- Must be a US Citizen
- Minimum 8 years of experience in IT, Endpoint Engineering, or Cybersecurity, with at least 6 years in engineering (not help desk) roles in enterprise environments.
- Expert-level knowledge of Microsoft Intune, Windows Autopilot, and Group Policy (GPO) management.
- Experience building and automating Windows images integrated with VDI, EDR, authentication, and logging agents.
- Strong understanding of Windows Active Directory/Entra ID interactions, Windows Event Forwarding, and Windows security hardening baselines.
- Experience working under formal change control, audit, and security governance processes.
Required Clearance - Active Top Secret (TS) security clearance.
