Senior Cloud Desktop Engineer

Job#: 3023916

Job Description:

Senior Cloud Desktop Engineer (Windows 365 / Azure Virtual Desktop)

Location: NYC, NY 10036

*All interested and qualified candidates can please contact Schuyler Moose at

Role Summary

We're seeking a Senior Cloud Desktop Engineer to architect, deploy, and operate enterprise-scale Windows 365 and/or Azure Virtual Desktop (AVD) environments across multiple global regions. The ideal candidate has led end-to-end, production deployments (not POCs), understands multi-region user experience, and can combine architecture, automation, security, and operations to deliver a consistent, compliant platform at scale (25,000-30,000+ users).

Key Responsibilities

Architecture & Deployment

• Design and deliver multi-region Windows 365/AVD platforms for 25k-30k users including provisioning policies, device sizing, application placement, image strategy, and regional deployment waves.
• Select and implement network connectivity models (e.g., Azure Network Connection vs. Global Secure Access) and determine when VPN is required for Cloud PCs.
• Define cutover plans, pilot criteria, success metrics, rollback plans, and knowledge transfer.

Networking, Connectivity & Global Access

• Engineer resilient global connectivity for Cloud PCs; troubleshoot cross-region connectivity and latency issues; optimize routing and bandwidth usage.
• Establish standards for DNS, routing, and identity flows across regions; evaluate and implement GSA where appropriate.

Image Creation, Hardening & Lifecycle

• Build, harden, and maintain gold images for Windows 365/AVD using Intune, MECM/SCCM, MDT, and/or third-party tooling.
• Optimize images for performance (e.g., logon time, disk I/O, Teams optimization), enable repeatable patching and regional consistency.

Security & Access Control

• Implement mandatory security controls for Cloud PCs: MFA, Conditional Access, device compliance, baseline hardening, Defender/EDR, DLP, and data exfiltration controls.
• Design privilege elevation processes and tooling (e.g., BeyondTrust, LAPS) aligned to least privilege and auditability.

Enterprise Management & Tooling

• Operate and scale Intune to 10,000+ devices, balancing Intune policies, GPOs, and third-party toolsets.
• Recommend and integrate advanced tooling for inventory, software delivery, observability, and remote support beyond baseline Intune capabilities.

Performance, Monitoring & Troubleshooting

• Define and track VDI KPIs (e.g., logon time, CPU/memory, disk I/O, session stability, Teams/Zoom optimization).
• Diagnose performance issues across regions; mitigate security-agent overhead; drive root cause analysis and durable fixes.

Multi-Region Architecture & User Experience

• Design for consistent UX across NA, EU, and APAC, considering data residency, compliance, and cross-region latency.
• Align application distribution (SaaS, on-prem, virtualized) with network topology and user proximity.

Configuration as Code & Automation

• Manage platform configuration as code using Azure DevOps, GitHub Actions, Terraform (or equivalent); establish version control for Intune/AVD artifacts and CI/CD pipelines.
• Automate image pipeline, policy deployment, and environment validation.

Application Delivery Strategy

• Determine base image vs. dynamic delivery; package and deliver applications via MSIX App Attach or equivalent technologies.
• Optimize real-time collaboration apps (e.g., Teams, Zoom) for Cloud PCs.

Data & User State Management

• Define data strategy across OneDrive, SharePoint, Teams, and traditional home drives; implement user state management for VDI.
• Support hybrid scenarios where specific apps require on-prem storage or low-latency access.

Minimum Qualifications (Must-Have)

• 7+ years in End-User Computing/VDI/endpoint management; 3+ years leading production Windows 365 or AVD deployments.
• Proven end-to-end responsibility for at least one enterprise Windows 365/AVD deployment (not a POC), ideally >10k users and multi-region.
• Deep expertise with Windows 365 and/or AVD, Intune, Azure AD/Entra ID, Conditional Access, MFA, and device compliance.
• Strong networking fundamentals (latency, bandwidth, routing, DNS) and Azure networking (VNets, peering, vWAN, Private endpoints); practical understanding of ANC vs. GSA; experience assessing VPN requirements for Cloud PCs.
• Hands-on image engineering (creation, hardening, optimization, patching) with Intune/MECM/MDT

and consistent flighting across multiple regions.

• Proficiency in PowerShell and at least one automation/IaC platform (Terraform preferred; Azure DevOps or GitHub Actions for CI/CD).
• Demonstrated ability to monitor and troubleshoot at scale using AVD Insights/Azure Monitor/Log Analytics (or equivalent).
• Experience implementing privileged access solutions (e.g., BeyondTrust, LAPS) and data-loss prevention/exfiltration controls.

Preferred Qualifications

• MSIX App Attach packaging and dynamic app delivery experience.
• Experience with FSLogix user profile/container strategies and profile performance tuning.
• Exposure to Citrix (or other VDI) in hybrid or migration contexts.
• Familiarity with ITIL practices and enterprise change management.
• Relevant certifications: Microsoft Certified: Azure Virtual Desktop Specialty, Azure Administrator, or equivalent.

Success Measures (First 6-12 Months)

• Architecture approved for multi-region Windows 365/AVD supporting 25k-30k users, with clear cutover and risk mitigation plans.
• Hardened base images and automated patching pipeline in place; measurable improvement in logon time and session performance.
• Monitoring & KPIs implemented with alerting and dashboards; established SLA/SLOs for availability and UX.
• Configuration-as-code repositories and CI/CD pipelines operational; peer-review and rollback standards defined.
• Security & compliance baselines enforced globally with regional variations documented and audited.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.