Job Title: Microsoft Intune Engineer / Endpoint Management Specialist
Location: [Location] | Hybrid / would prefer someone in Palo Alto, CA
Department: Enterprise IT
Duration:7 Months
Experience:10-20 Years
Description:
About the Role
We are looking for a skilled Microsoft Intune Engineer to own and advance our endpoint management strategy. In this role, you will be the subject matter expert for Microsoft Intune and the broader Microsoft Endpoint Manager (MEM) ecosystem, ensuring secure, compliant, and well-managed device fleets across macOS, Windows, iOS, and Android platforms. You will own device policy management and drive end-to-end deployment testing to ensure reliable, consistent experiences across the organization.
Key Responsibilities
Design, deploy, and maintain Microsoft Intune policies for device enrollment, configuration, compliance, and app management across all platforms (Windows, macOS, iOS, Android)
Own end-to-end device policy management - authoring, testing, versioning, and retiring policies across the full device lifecycle
Lead end-to-end deployment testing for all policy changes, app deployments, and configuration updates before production rollout, including validation in staged rings or test device groups
Manage and maintain the Company Portal experience - ensuring apps are correctly published, categorized, and available to end users across all platforms
Own software currency across the device fleet - maintaining up-to-date application versions, OS updates, and security patches through Intune update rings and app lifecycle management
Manage conditional access policies in integration with Microsoft Entra ID (Azure AD) to enforce Zero Trust security principles
Lead device lifecycle management including enrollment, provisioning, policy assignment, and decommissioning
Develop and maintain Autopilot and Apple DEP/ABM enrollment workflows
Troubleshoot and resolve endpoint management issues including policy conflicts, enrollment failures, and compliance gaps
Partner with Security and Compliance teams to ensure device posture aligns with organizational standards
Create and maintain technical documentation, runbooks, and SOPs for Intune configurations and deployment test results
Support software deployment, patch management, and app packaging through Intune
Evaluate new Intune features and Microsoft 365 endpoint capabilities and recommend adoption where appropriate
Provide escalation support and mentor junior IT staff on endpoint management best practices
Required Qualifications
3+ years of hands-on Microsoft Intune administration experience in an enterprise environment
Deep knowledge of MDM and MAM policies across Windows, macOS, iOS, and Android
Demonstrated experience managing device policy at scale - including policy conflict resolution, scope tagging, and deployment ring strategy
Proven ability to design and execute end-to-end deployment testing processes, including staged rollouts and rollback planning
Experience with Microsoft Entra ID (Azure AD), Conditional Access, and device compliance policies
Proficiency with Windows Autopilot and Apple Business Manager / Device Enrollment Program
Strong understanding of certificate management (SCEP/PKCS) and network access control (Wi-Fi/VPN profiles)
Familiarity with PowerShell scripting for automation and reporting
Solid understanding of security baselines (CIS, NIST, Microsoft Security Baselines)
Strong working knowledge of change management principles and processes - including submitting, documenting, and communicating changes through formal change control workflows (CAB, RFC, etc.)
Experience working within ITSM frameworks (ticketing, change management) such as ServiceNow or Jira
Preferred Qualifications
Microsoft certifications: MD-102 (Endpoint Administrator), SC-300, or MS-102
Experience with Microsoft Defender for Endpoint integration with Intune
Familiarity with JAMF or other MDM platforms
Experience in a high-growth or manufacturing/tech company environment
Exposure to M365 E3/E5 licensing and feature management
Never miss an opportunity! Create an alert based on the job you applied for.
