Microsoft Intune Engineer - Endpoint Management Specialist
Posted Today by Hydrogen Group
Negotiable
Undetermined
Hybrid
Palo Alto, California
Summary: We are seeking a skilled Microsoft Intune Engineer to lead and enhance our endpoint management strategy in a dynamic Enterprise IT environment. The candidate will act as the subject matter expert for Microsoft Intune and the Microsoft Endpoint Manager ecosystem, ensuring secure and compliant device management across various platforms. This role involves policy management, deployment testing, and collaboration with Security and Compliance teams to uphold a Zero Trust security posture.
Key Responsibilities:
- Serving as the subject matter expert for Microsoft Intune and the Microsoft Endpoint Manager ecosystem across all supported platforms
- Owning device policy management including authoring, testing, versioning, and retiring policies across the full device lifecycle
- Leading end-to-end deployment testing for all policy changes, app deployments, and configuration updates prior to production rollout
- Managing and maintaining the Company Portal experience to ensure apps are correctly published and accessible to end users
- Maintaining software currency across the device fleet including application versions, OS updates, and security patches
- Partnering with Security and Compliance teams to align device posture with organizational standards
- Providing escalation support and mentoring junior IT staff on endpoint management best practices
- Design, deploy, and maintain Microsoft Intune policies for device enrollment, configuration, compliance, and app management across Windows, macOS, iOS, and Android
- Manage conditional access policies in integration with Microsoft Entra ID (Azure AD) to enforce Zero Trust security principles
- Lead device lifecycle management including enrollment, provisioning, policy assignment, and decommissioning
- Develop and maintain Autopilot and Apple DEP/ABM enrollment workflows
- Troubleshoot and resolve endpoint management issues including policy conflicts, enrollment failures, and compliance gaps
- Support software deployment, patch management, and app packaging through Intune
- Create and maintain technical documentation, runbooks, and SOPs for Intune configurations and deployment test results
- Evaluate new Intune features and Microsoft 365 endpoint capabilities and recommend adoption where appropriate
- Submit, document, and communicate changes through formal change control workflows (CAB, RFC, etc.)
Key Skills:
- Deep knowledge of MDM and MAM policies across Windows, macOS, iOS, and Android platforms
- Experience managing device policy at scale including policy conflict resolution, scope tagging, and deployment ring strategy
- Proficiency with Microsoft Entra ID (Azure AD), Conditional Access, and device compliance policies
- Strong working knowledge of Windows Autopilot and Apple Business Manager / Device Enrollment Program
- Understanding of certificate management (SCEP/PKCS) and network access control (Wi-Fi/VPN profiles)
- Familiarity with PowerShell scripting for automation and reporting
- Solid understanding of security baselines (CIS, NIST, Microsoft Security Baselines)
- Strong working knowledge of change management principles and ITSM frameworks such as ServiceNow or Jira
- Clear written and verbal communication skills with the ability to explain technical concepts to non-technical stakeholders
- Strong analytical and troubleshooting skills with a detail-oriented mindset
- Microsoft certifications: MD-102 (Endpoint Administrator), SC-300, or MS-102 (preferred)
- Experience with Microsoft Defender for Endpoint integration with Intune (preferred)
- Familiarity with JAMF or other MDM platforms (preferred)
- Exposure to M365 E3/E5 licensing and feature management (preferred)
- 3+ years of hands-on Microsoft Intune administration experience in an enterprise environment
- Demonstrated experience designing and executing end-to-end deployment testing processes including staged rollouts and rollback planning
- Experience in a high-growth or technology/manufacturing company environment preferred
Salary (Rate): £39.00 hourly
City: Palo Alto
Country: United States
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
Microsoft Intune Engineer / Endpoint Management Specialist
Location:
Palo Alto, CA – Hybrid Pay Rate:$39.50 – $44.50/hr Duration:
6-month contract Schedule:
Standard Working Hours
Summary
We are seeking a skilled Microsoft Intune Engineer to own and advance our endpoint management strategy within a fast-paced Enterprise IT environment. The ideal candidate will serve as the subject matter expert for Microsoft Intune and the broader Microsoft Endpoint Manager (MEM) ecosystem, ensuring secure, compliant, and well-managed device fleets across macOS, Windows, iOS, and Android platforms. This role is responsible for driving end-to-end policy management, deployment testing, and cross-functional collaboration with Security and Compliance teams to support a Zero Trust security posture.
Job Responsibilities
In this role, you will manage and support a variety of projects within the Enterprise IT department. Key responsibilities include:
- Serving as the subject matter expert for Microsoft Intune and the Microsoft Endpoint Manager ecosystem across all supported platforms
- Owning device policy management including authoring, testing, versioning, and retiring policies across the full device lifecycle
- Leading end-to-end deployment testing for all policy changes, app deployments, and configuration updates prior to production rollout
- Managing and maintaining the Company Portal experience to ensure apps are correctly published and accessible to end users
- Maintaining software currency across the device fleet including application versions, OS updates, and security patches
- Partnering with Security and Compliance teams to align device posture with organizational standards
- Providing escalation support and mentoring junior IT staff on endpoint management best practices
Essential Job Duties and Job Functions
- Design, deploy, and maintain Microsoft Intune policies for device enrollment, configuration, compliance, and app management across Windows, macOS, iOS, and Android
- Manage conditional access policies in integration with Microsoft Entra ID (Azure AD) to enforce Zero Trust security principles
- Lead device lifecycle management including enrollment, provisioning, policy assignment, and decommissioning
- Develop and maintain Autopilot and Apple DEP/ABM enrollment workflows
- Troubleshoot and resolve endpoint management issues including policy conflicts, enrollment failures, and compliance gaps
- Support software deployment, patch management, and app packaging through Intune
- Create and maintain technical documentation, runbooks, and SOPs for Intune configurations and deployment test results
- Evaluate new Intune features and Microsoft 365 endpoint capabilities and recommend adoption where appropriate
- Submit, document, and communicate changes through formal change control workflows (CAB, RFC, etc.)
Knowledge and Skills
- Deep knowledge of MDM and MAM policies across Windows, macOS, iOS, and Android platforms
- Experience managing device policy at scale including policy conflict resolution, scope tagging, and deployment ring strategy
- Proficiency with Microsoft Entra ID (Azure AD), Conditional Access, and device compliance policies
- Strong working knowledge of Windows Autopilot and Apple Business Manager / Device Enrollment Program
- Understanding of certificate management (SCEP/PKCS) and network access control (Wi-Fi/VPN profiles)
- Familiarity with PowerShell scripting for automation and reporting
- Solid understanding of security baselines (CIS, NIST, Microsoft Security Baselines)
- Strong working knowledge of change management principles and ITSM frameworks such as ServiceNow or Jira
- Clear written and verbal communication skills with the ability to explain technical concepts to non-technical stakeholders
- Strong analytical and troubleshooting skills with a detail-oriented mindset
Preferred:
- Microsoft certifications: MD-102 (Endpoint Administrator), SC-300, or MS-102
- Experience with Microsoft Defender for Endpoint integration with Intune
- Familiarity with JAMF or other MDM platforms
- Exposure to M365 E3/E5 licensing and feature management
Education and Experience
- 3+ years of hands-on Microsoft Intune administration experience in an enterprise environment
- Demonstrated experience designing and executing end-to-end deployment testing processes including staged rollouts and rollback planning
- Experience in a high-growth or technology/manufacturing company environment preferred
...