Microsoft Windows Engineer (Remote)

Overview

  • The Microsoft Windows Engineer serves as the lead technical specialist for the Microsoft endpoint and identity ecosystem supporting this effort, including Windows workstation engineering, Intune, Windows Autopilot, Group Policy, Entra ID/Active Directory integration, passwordless authentication, hardware-backed credentials, and Windows endpoint telemetry.
  • This role is responsible for engineering secure Windows endpoint baselines, device provisioning and compliance workflows, authentication and access controls, and the operational integration of Windows devices into the company's security monitoring and incident response framework.

Responsibilities

  • Design, maintain, and secure Windows workstation images supporting both on-site and remote/VDI users.
  • Engineer Windows endpoint baselines, policy settings, compliance configurations, and patch orchestration mechanisms using approved Microsoft technologies.
  • Administer and optimize Microsoft Intune, Windows Autopilot, Group Policy, and associated endpoint compliance and configuration controls.
  • Support implementation of passwordless authentication, hardware-backed credentials (e.g., YubiKeys, CAC, software keys), and other protections for privileged and sensitive accounts.
  • Integrate endpoint enrollment and conditional access controls with Entra ID / Active Directory to ensure devices are securely configured before receiving access.
  • Support device lifecycle operations including provisioning, compliance enforcement, reassignment, and decommissioning for Windows endpoints.
  • Engineer and validate Windows endpoint logging, monitoring, and telemetry, including Windows Event Logs, endpoint agents, and SIEM/EDR forwarding.
  • Coordinate Intune/GPO-based patch orchestration, policy enforcement, and remediation of Windows configuration drift.
  • Produce documentation, standards, runbooks, validation artifacts, and technical guidance related to the Microsoft endpoint environment.
  • Support escalated incident response, troubleshooting, and audit activities involving Windows devices and Microsoft-managed endpoint services.

Qualifications

Core Qualifications:

  • Bachelor’s degree in IT, Cybersecurity, or related field preferred; equivalent experience acceptable
  • Must possess an active or interim Top Secret security clearance
  • 8 years of experience in IT, Endpoint Engineering, or Cybersecurity
  • 6 years of experience performing engineering functions in enterprise environments
  • Experience working under formal change control, audit, and security governance processes

Additional Qualifications:

  • Experience with Microsoft Intune for provisioning, compliance, configuration profiles, and security policy enforcement
  • Experience with Windows Autopilot for automated provisioning and device lifecycle management
  • Experience with Group Policy Objects (GPO) for Windows configuration and policy delivery
  • Experience with Entra ID / Active Directory integration, conditional access, and device/user association workflows
  • Experience building and maintaining Windows workstation images
  • Experience integrating Windows images with VDI, EDR, authentication tools, and logging agents
  • Experience managing Windows patch orchestration, baseline enforcement, and configuration drift remediation
  • Experience validating patch deployments and supporting rollback procedures
  • Experience implementing passwordless authentication and hardware-backed credentials
  • Experience configuring and maintaining Windows Event Logs and forwarding telemetry to SIEM/EDR platforms such as Microsoft Sentinel
  • Experience monitoring enrollment, patch status, compliance posture, and operational failures across Windows endpoints
  • Experience supporting audit readiness, forensic support, and technical validation reporting