[Hiring] Senior Intune Endpoint Engineer @Stefanini Group

Role Description

We're hiring a Senior Intune Endpoint Engineer to take ownership of a partially migrated Intune tenant and bring it to a stable, predictable, and auditable state. This role requires someone who is deeply hands-on with Intune internals (IME behavior, detection logic, precedence/conflicts, filters, ESP), strong in Win32 app packaging, and disciplined about testing, rollout rings, and documentation.

Core Responsibilities

• Stabilization, Troubleshooting, and Intune 'Internals'
• Own day-to-day engineering and escalation for Intune: policies, apps, enrollment, compliance, and updates.
• Troubleshoot when policies/apps don't apply using a structured approach (assignment/scoping, filters, licensing, device state, IME logs, MDM diagnostics, event logs).
• Diagnose and remediate policy conflicts and precedence issues across configuration profiles, security baselines, compliance policies, scripts, and (where applicable) co-management/GPO overlap.
• Perform deep Windows troubleshooting when needed (Event Viewer, Services, Scheduled Tasks, registry, MDM diagnostics) to resolve issues without reimaging.
• Win32 App Packaging, Detection, and Automation
• Package and deploy complex Windows applications (non-MSI installers, multiple components, prerequisites) using Win32 app model.
• Build reliable detection rules, install/uninstall logic, versioning, and logging standards; manage supersedence and dependencies.
• Create repeatable packaging standards (folder structure, log locations, naming/versioning conventions) and automate where possible with PowerShell and Graph.
• Autopilot and Provisioning
• Design, implement, and test Autopilot deployments (deployment profiles, ESP, device naming, dynamic groups, required apps, enrollment flows).
• Establish a repeatable Autopilot test plan and acceptance criteria before expanding scope.
• Update Rings, Feature Management, and Verification
• Implement and manage Windows Update for Business: update rings, feature update policies, quality updates, deadlines, and safeguards.
• Verify what is actually happening on devices (Intune reporting + device-side validation) and troubleshoot update compliance gaps.
• Governance, Change Control, and Documentation
• Implement operational maturity: change control, peer review (where applicable), pilot rings, rollback plans, and post-change validation.
• Maintain documentation that supports auditability and long-term maintainability: runbooks, standards, 'why' behind configurations, and conflict-avoidance guidance.
• Produce drift detection and baseline comparison outputs (e.g., export Intune objects, compare to a golden baseline, report differences).
• Security Layering Without Collisions
• Partner with Security/IAM to layer WUfB + Defender + compliance + baselines + Conditional Access in a way that avoids conflicting settings and unintended lockouts.
• Ensure endpoint security posture is strong while maintaining usability and operational stability.

Qualifications

• 5+ years in endpoint engineering/EUC with significant enterprise Intune ownership.
• Proven experience stabilizing or cleaning up a partially migrated / inconsistent Intune environment.
• Strong knowledge of:
• Intune Management Extension (IME) behavior, Win32 app processing, and log-based troubleshooting.
• Policy assignment/scoping, filters, and conflict resolution.
• Autopilot + ESP design and troubleshooting.
• Windows Update for Business rings and feature update control.
• Strong Windows 10/11 troubleshooting skills (Event Viewer, services, scheduled tasks, registry, MDM diagnostics).
• Strong PowerShell skills used routinely for automation, reporting, and troubleshooting (Graph API preferred).
• Ability to write clear documentation and operate with disciplined change control.

Preferred Qualifications

• Co-management (ConfigMgr/SCCM) experience and understanding of how it can shadow or override Intune behavior.
• Defender for Endpoint and endpoint security policy experience (BitLocker, ASR, firewall, security baselines).
• macOS and/or mobile management experience (iOS/iPadOS, Android Enterprise).
• PKI/cert profiles (SCEP/PKCS), Wi-Fi/VPN profiles, and enterprise networking integrations.
• Certifications (nice to have): MD-102, Azure/Entra, Security certs.

Details

For interested applicants, click the apply button or you may reach out to Alfher Hidalgo at (248) 728-2627 / [email protected] for faster processing. Thank you!