Sr Endpoint Management Engineer (Intune, Entra ID, MECM)

Title: Senior Endpoint Management Engineer (Intune, Entra ID, MECM)
Location: Remote

Role Summary
We are looking for a Senior Endpoint Management Engineer to lead our journey from a MECM‑centric, GPO‑driven environment to a modern Intune and Entra ID–based endpoint platform. The role will design and implement client configuration, security baselines, and deployment processes using Microsoft Intune, Entra ID, and related E5 capabilities, while co‑existing with on‑prem Active Directory and group policies.
Key Responsibilities
Design and implement a phased migration from MECM to Microsoft Intune, including co‑management, workload shifting, and eventual decommissioning of MECM for clients.
Translate existing Group Policies into Intune configuration profiles, security baselines, and compliance policies, with minimal user disruption.
Define and roll out Windows Autopilot and other zero‑touch provisioning approaches for new and re‑provisioned Windows devices.
Implement and manage Entra ID–based device management and conditional access, including hybrid‑joined and cloud‑native devices.
Design and implement Windows Hello for Business and other passwordless authentication options (e.g., FIDO2) in coordination with identity and security teams.
Use E5 capabilities (Defender, endpoint security, app protection, device compliance) to uplift endpoint security posture.
Package, deploy and update applications via Intune (and MECM where needed during transition), including rings/pilot groups and rollback plans.
Develop documentation, runbooks, and knowledge transfer for internal operations teams, considering limited in‑house endpoint resources.
Troubleshoot complex client management issues across MECM, Intune, Entra ID, on‑prem AD, and GPO.
Collaborate with cloud, network and security teams to align endpoint management with zero‑trust and Azure migration initiatives.
Required Skills 
endpoint management/Windows client engineering, including hands‑on experience with Microsoft Intune/Endpoint Manager and MECM/ConfigMgr.
Strong understanding of Active Directory, Entra ID (Azure AD), hybrid join, and Group Policy design and troubleshooting.
Demonstrated experience implementing or migrating to Intune (co‑management, workload shifts, Autopilot, policy baselines).
Experience with Windows Hello for Business, conditional access, and modern authentication concepts.
Good knowledge of Microsoft 365 E5 security stack (Defender, compliance, device configuration).
Solid PowerShell skills for automation, reporting, and remediation.
Experience operating in resource‑constrained environments where you must prioritize and phase work carefully.
Strong communication skills to work directly with stakeholders, explain trade‑offs, and drive change.
Nice to Have
Experience managing or securing Windows servers with Intune or related tooling in hybrid scenarios.
Exposure to zero‑trust architectures and endpoint‑related security frameworks.
Experience with MacOS/iOS/Android MDM is a plus.