Bachelor's degree in IT, Cybersecurity, or related field preferred; equivalent experience acceptable
Must possess an active or interim Top Secret security clearance
8 years of experience in IT, Endpoint Engineering, or Cybersecurity
6 years of engineering experience in enterprise environments
Experience with formal change control, audit, and security governance processes
Responsibilities
Design, maintain, and secure Windows workstation images for on-site and remote users.
Engineer Windows endpoint baselines and compliance configurations using Microsoft technologies.
Administer Microsoft Intune, Windows Autopilot, and Group Policy for endpoint management.
Support the implementation of passwordless authentication and hardware-backed credentials.
Integrate endpoint access controls with Entra ID / Active Directory for secure device operations.
Manage the entire lifecycle of Windows devices from provisioning to decommissioning.
Engineer Windows endpoint logging and telemetry for security monitoring.
Benefits
Active or interim Top Secret security clearance required indicating a high-stakes work environment.
Work at the cutting edge of Microsoft technologies and cybersecurity.
Opportunity to innovate in device security and compliance for a major company.
Engage in meaningful work that enhances organizational security.
Join a collaborative team focused on endpoint security and engineering solutions.
Full Job Description
Overview
The Microsoft Windows Engineer serves as the lead technical specialist for the Microsoft endpoint and identity ecosystem supporting this effort, including Windows workstation engineering, Intune, Windows Autopilot, Group Policy, Entra ID/Active Directory integration, passwordless authentication, hardware-backed credentials, and Windows endpoint telemetry.
This role is responsible for engineering secure Windows endpoint baselines, device provisioning and compliance workflows, authentication and access controls, and the operational integration of Windows devices into the company's security monitoring and incident response framework.
Responsibilities
Design, maintain, and secure Windows workstation images supporting both on-site and remote/VDI users.
Engineer Windows endpoint baselines, policy settings, compliance configurations, and patch orchestration mechanisms using approved Microsoft technologies.
Administer and optimize Microsoft Intune, Windows Autopilot, Group Policy, and associated endpoint compliance and configuration controls.
Support implementation of passwordless authentication, hardware-backed credentials (e.g., YubiKeys, CAC, software keys), and other protections for privileged and sensitive accounts.
Integrate endpoint enrollment and conditional access controls with Entra ID / Active Directory to ensure devices are securely configured before receiving access.
Support device lifecycle operations including provisioning, compliance enforcement, reassignment, and decommissioning for Windows endpoints.
Engineer and validate Windows endpoint logging, monitoring, and telemetry, including Windows Event Logs, endpoint agents, and SIEM/EDR forwarding.
Coordinate Intune/GPO-based patch orchestration, policy enforcement, and remediation of Windows configuration drift.
Produce documentation, standards, runbooks, validation artifacts, and technical guidance related to the Microsoft endpoint environment.
Support escalated incident response, troubleshooting, and audit activities involving Windows devices and Microsoft-managed endpoint services.
Qualifications
Core Qualifications:
Bachelor's degree in IT, Cybersecurity, or related field preferred; equivalent experience acceptable
Must possess an active or interim Top Secret security clearance
8 years of experience in IT, Endpoint Engineering, or Cybersecurity
6 years of experience performing engineering functions in enterprise environments
Experience working under formal change control, audit, and security governance processes
Additional Qualifications:
Experience with Microsoft Intune for provisioning, compliance, configuration profiles, and security policy enforcement
Experience with Windows Autopilot for automated provisioning and device lifecycle management
Experience with Group Policy Objects (GPO) for Windows configuration and policy delivery
Experience with Entra ID / Active Directory integration, conditional access, and device/user association workflows
Experience building and maintaining Windows workstation images
Experience integrating Windows images with VDI, EDR, authentication tools, and logging agents
Experience managing Windows patch orchestration, baseline enforcement, and configuration drift remediation
Experience validating patch deployments and supporting rollback procedures
Experience implementing passwordless authentication and hardware-backed credentials
Experience configuring and maintaining Windows Event Logs and forwarding telemetry to SIEM/EDR platforms such as Microsoft Sentinel
Experience monitoring enrollment, patch status, compliance posture, and operational failures across Windows endpoints
Experience supporting audit readiness, forensic support, and technical validation reporting