Senior Endpoint Engineer

Overview

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter . Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.

We are seeking a Senior Endpoint Engineer to lead the design, deployment, and operation of modern endpoint management across the enterprise. This role sits at the intersection of user experience, security, and scalable operations-translating modern Microsoft capabilities into reliable, compliant, and repeatable outcomes.

You will be responsible for building and operating a secure, zero-touch endpoint lifecycle using Microsoft Intune, Windows Autopilot, and supporting automation. Success in this role requires both technical depth and systems thinking: understanding how endpoint decisions affect security posture, compliance obligations, operational efficiency, and workforce productivity.

Responsibilities

Endpoint Architecture & Lifecycle

• Architect, deploy, and manage Microsoft Intune for the whole device and application lifecycle management across Windows, macOS, iOS, and Android.
• Design and optimize Windows Autopilot for zero-touch provisioning, rapid onboarding, and consistent device standards.
• Own device configuration profiles, compliance policies, and enforcement models aligned to enterprise security requirements.

Security & Compliance

• Implement Application Protection Policies (APP) and Mobile Application Management (MAM) to secure corporate data without compromising usability.
• Deploy and maintain endpoint security baselines, integrating Intune with Microsoft Defender for Endpoint.
• Manage Windows Update for Business, feature update rings, and patch cadence to balance stability, security, and user impact.
• Monitor and report on device health, compliance, and security posture using Intune analytics and endpoint reporting.

Automation & Operations

• Automate enrollment, application deployment, remediation, and reporting using PowerShell and Microsoft Graph API.
• Troubleshoot and resolve complex endpoint issues across heterogeneous environments, including hybrid identity scenarios.
• Document architectures, configurations, and operational procedures to support auditability and operational continuity.

Qualifications

Required Qualifications:

• 5+ years of experience in endpoint engineering or endpoint management roles.
• Deep expertise with Microsoft Intune, Windows Autopilot, and Azure AD / Entra ID integration.
• Strong working knowledge of modern management concepts, conditional access, compliance policies, and security baselines.
• Proficiency in PowerShell scripting and automation using Microsoft Graph API.
• Hands-on experience managing Windows 10/11, macOS, and mobile platforms at scale.
• Familiarity with Microsoft 365 security and compliance capabilities.
• Demonstrated ability to operate independently, diagnose complex issues, and drive solutions to completion.

Desired Qualifications:

• Microsoft certifications such as MD-102 (Endpoint Administrator) or MS-102 (Microsoft 365 Administrator).
• Experience with Microsoft Defender for Endpoint, BitLocker, and the Enterprise Mobility + Security (EMS) suite.
• Knowledge of Group Policy, Active Directory, and hybrid identity environments.
• Exposure to SCCM/MECM in co-management scenarios.
• Familiarity with regulatory and compliance frameworks such as NIST SP 800-53, CMMC, and FedRAMP.
• Ability to obtain and maintain a security clearance.