Microsoft Systems Endpoint Architect - CTH - 100% Onsite- Local Only

This is an on-site contract to hire opportunity.

The Endpoint Architect will own endpoint strategic planning & architecture development, systems engineering, script development, application and OS deployment, operations & maintenance of user endpoints, remediating endpoint vulnerabilities, and developing a modern application management approach. This role plays a critical role in modernizing and securing the organization s endpoint environment which consists of approximately 2,000 endpoints. This position will also be part of the Systems Administration team that supports infrastructure servers, Active Directory, and O365, as well as the associated applications and tool sets.

DUTIES AND RESPONSIBILITIES

1. Deployment Modernization
• Rearchitect and modernize Application Deployment and Operating System Deployment processes.
• Modernize Enterprise policy development & deployment methodologies, leveraging industry standard endpoint management technologies and methodologies including inTune, Microsoft Configuration Manager, Windows Autopilot, and PatchMyPC.
• Develop scripts for solution deployments and vulnerability remediations.
• Ensure that only approved applications are installed on endpoints.
• Package, test, deploy, and support new applications, updates, and operating systems in compliance with technology standards, ensuring compatibility with existing services.
• Design and implement policies in Intune and Group Policy to harden endpoints and streamline management.
2. Endpoint Management & Operations
• Develop and execute security enhancements for endpoint management platforms like SCCM, Intune, and PatchMyPC, focusing on reducing technical debt.
• Provide situational awareness on the threat landscape and take a leadership role in defining and implementing the techniques, tactics, and procedures associated with those threats. Analyze platform (SCCM, Intune, and PatchMyPC) errors and warnings and design/implement remediations. Develop goals related to endpoint vulnerability management and compliance.
• Serve as a core Vulnerability Management Committee member and trusted subject matter expert, collaborating on decisions and actions related to remediating vulnerabilities.
• Independently research, test, and implement Automatic Deployment Rules (ADRs) for browsers, Adobe, and other third-party tools.

1. Migration and Consolidation

• Plan and execute the integration of Intune with existing SCCM infrastructure.
• Evaluate legacy GPO and Intune policies for effectiveness and efficiency. Develop new policies and/or revisions to address policy gaps as appropriate.
1. Escalation and Troubleshooting
• Identify and escalate concerns to Sr. Management regarding endpoint security deficiencies or enhancements that need to be addressed.
• Partner with teammates and IT teams to test and resolve deployment or policy-related issues with an emphasis on creating a stable, secure and optimized endpoint environment for the organization.
• Provide advanced technical support to resolve complex issues related to operating systems, endpoint applications, and images.
• Utilize scripting and deployment expertise to address widespread endpoint issues
2. Other Duties Special projects and assignments as business dictates including but not limited to
• Plan, implement, and ensure regular systems maintenance tasks such as endpoint patching and server reboot schedules
• Active Directory management and administration for users, groups, and other objects in AD.
• Support of Okta, single sign on/multi-factor solution/remote access solutions.
• Ticket queue management and problem resolution.
• Required to participate in on-call (after-hours) support rotation and to participate in onsite event support rotation
• Responsible for the creation, maintenance and control of all personally identifiable information or any other information protected by Confidentiality and Privacy Standards (see Mass Regulations on Personal Identity Regulations and HIPAA).

SKILLS AND QUALIFICATIONS

• Bachelor s degree in information technology or relevant experience

• 7+ years of experience managing enterprise endpoints on a large scale (1000+ clients).
• Strong experience with inTune, Microsoft Configuration Manager, Windows Autopilot, Windows Server, Active Directory, and GPO.
• Experience migrating Operating System versions and updating Windows 10/11 desktop Images.
• Well versed in windows scripting (PowerShell, VBS, etc)
• Experience with patch management software (PatchMyPC, SolarWinds, etc)
• Experience with Exchange Online, Office365, MS Teams, Azure AD and various cloud technologies
• Experience creating deploying, and managing policies and software packages using products such as Intune and SCCM
• Experience with VMWare, O365, and Okta
• Strong oral, written, and interpersonal communication skills.
• Strong documentation skills.