The Endpoint Security Engineer holds a vital position within the IT security and operations team, tasked with the implementation, administration, and enhancement of endpoint security solutions, primarily leveraging Microsoft Intune. This role demands advanced technical proficiency in Microsoft Intune for Mobile Device Management (MDM) and Mobile Application Management (MAM), with experience in Jamf for Apple environments considered advantageous and must be prepared to respond to security incidents outside of regular business hours. The incumbent is instrumental in ensuring robust protection, regulatory compliance, and efficient user experience across a wide array of device platforms.

Duties and Responsibilities:

• Endpoint Security Architecture & Strategy:

Design, deploy, and manage Microsoft Intune environment to support both corporate-owned and BYOD (Bring Your Own Device) scenarios.

Develop solutions for device enrollment, authentication, and lifecycle management, leveraging Intune and, where applicable, Jamf for Apple devices.

• Administration and Operations - Mobile Device & Application Management (Intune Focus)

Configure and optimize Microsoft Intune settings for MDM and MAM across Windows, Android, and iOS devices.
Establish policies for device compliance, security baselines, encryption, and remote wipe capabilities.
Manage application deployment, app protection policies, and conditional access requirements.
Monitor and analyze Intune performance, logs, and user feedback to ensure optimal functionality and user experience.
Manage device inventory, patch management, and security controls for macOS/iOS endpoints.

Lead and support large-scale device migrations, OS upgrades, and enterprise mobility transformation projects. Ensure minimal disruption and continuity of services throughout transition periods.

• Monitor, Incident Response & Threat Mitigation

Monitor endpoint threats, vulnerabilities, and anomalies using security analytics and reporting tools.
Investigate and remediate security incidents related to endpoints.

Collaborate with the SOC and IT support teams for escalation and rapid response.

• Compliance, Governance & Reporting

Ensure endpoint security solutions meet regulatory standards and internal governance policies.
Generate regular reports on device compliance, application usage, and security events.

Produce and maintain comprehensive documentation for security audits, configurations, procedures, and standards. Regularly audit device compliance and generate reports for stakeholders and regulatory bodies.

• User Training & Support:

Develop training materials and conduct workshops for end-users and helpdesk staff regarding device enrollment and security practices.
Provide Tier 2/3 support for endpoint-related issues.

Collaborate with cross functional IT teams to implement robust endpoint security measures, including conditional access, device compliance, and threat detection.

• Continuous Improvement & Research

Stay updated on the latest security trends, technologies, and best practices in endpoint management.
Recommend and implement improvements to existing security processes and tools.
Specific Experience: 3-5 years of experience in Microsoft Intune and Office 365.

Specific experience and skills include:

• Bachelor’s degree in Computer Science, Information Security, or related field; advanced degrees or relevant certifications are a plus.
• 3-5 years of experience in Microsoft Intune and Office 365.
• Strong proficiency in Microsoft Intune, Microsoft Endpoint Manager, and Azure Active Directory.
• Proven experience in designing, implementing, and supporting Intune MDM/MAM solutions for enterprise environments.
• Strong understanding of endpoint security concepts, including antivirus, EDR, device encryption, and secure access controls.
• Experience with compliance frameworks (e.g., HIPAA, GDPR, SOC 2) and associated audit processes.
• Familiarity with automation tools (PowerShell, Bash), group policy management, and mobile application deployment.
• Excellent analytical, organizational, and problem-solving skills; ability to manage multiple projects simultaneously.
• Knowledge of Group Policy Objects (GPO), Active Directory, and remote support tools.
• Strong interpersonal skills and the ability to work collaboratively in a team environment or independently with minimal supervision.
• Preferred hands-on expertise in Jamf administration for macOS and iOS device management, including policy configuration,

LICENSE/CERT: Required: Microsoft Certifications, Jamf Certificate Helpful: ISSAP (Certified Information Systems Security Professional) Preferred:
EDUCATION: Required: Bachelors - Computer Science, Bachelors - Related Fiel

• Endpoint Security Architecture & Strategy