DMI is seeking a Microsoft Systems SME to serve as the subject matter expert for Windows endpoint engineering at a federal agency client. In this role, you will lead the design, configuration, and lifecycle management of Windows workstations and Microsoft endpoint management services, ensuring secure, compliant, and well-documented deployments across the enterprise environment.

Duties and Responsibilities:

• Engineer and maintain secure Windows workstation images incorporating approved security baselines, authentication agents, and VDI/remote access capabilities
• Configure and maintain Microsoft Intune device compliance policies, configuration profiles, and conditional access requirements based on user role and device posture
• Manage Windows Autopilot for automated device provisioning, registration, and lifecycle management
• Implement and maintain OS and application patch management using Ivanti, KACE, and Intune/GPO-based orchestration; validate patches post-deployment and support rollback
• Implement passwordless authentication and hardware-backed credentials, including YubiKey, CAC, and software keys for privileged and sensitive accounts
• Maintain Windows device enrollment workflows and accurate asset inventory, including provisioning, reassignment, decommissioning, and secure wipe
• Produce and maintain engineering documentation, runbooks, and change records for all Windows endpoint configurations

Education and Years of Experience:  

• Bachelor's degree in Information Technology, Cybersecurity, or a related field preferred 
• Education requirements may be waived based on professional experience, at the government’s discretion
• 8+ years of experience in Information Technology, Endpoint Engineering, or Cybersecurity
• 6+ years performing engineering (not help desk) functions in enterprise environments
• Expert-level proficiency with Microsoft Intune, including compliance policies, configuration profiles, and conditional access
• Hands-on experience with Windows Autopilot for device provisioning and lifecycle management
• Experience with Ivanti and/or KACE for OS and application patch management
• Experience with Group Policy Objects (GPO) for Windows endpoint configuration and security enforcement
• Experience implementing passwordless authentication and hardware-backed credentials (YubiKey, CAC, software keys)
• Experience working under formal change control, audit, and security governance processes

Required Skills & Certifications: 

• Microsoft certifications in endpoint management or cloud administration (e.g., MD-102, MS-102)
• Experience with Microsoft Sentinel or equivalent SIEM for Windows endpoint telemetry ^
• Familiarity with hybrid identity environments integrating on-premises Active Directory with Entra ID

Clearance Requirements: Must possess or be eligible to obtain and complete a government security screening and/or a Secret security clearance.

• Active Top Secret (TS) clearance required.

Citizenship Status Required: Must be a U.S. Citizen

Physical Requirements: None required for this position.

Location: Remote, US

#LI-MS3