Service Desk Engineer (Remote)

Responsibilities

  • Design, build, maintain, and secure standardized workstation images for Windows and macOS supporting on-site, remote, and VDI access.
  • Engineer endpoint baselines and technical controls that reduce risk of unauthorized discovery, lateral movement, malicious credential use, persistence, and defense evasion.
  • Own engineering design and lifecycle maintenance for imaging, patching, automation, validation, rollback, and release management.
  • Maintain OS and application patching, version control, and deployment workflows using approved enterprise tools such as Ivanti, KACE, Intune, GPO, JAMF, or equivalent.
  • Engineer and maintain logging, telemetry, monitoring, and audit capabilities to track endpoint activity, enrollment, user authentication, network access, and compliance posture.
  • Develop and execute validation testing after imaging or major patch cycles to confirm endpoint functionality, security agent health, authentication, and VDI connectivity.
  • Support the assessment, recommendation, implementation, validation workflow by producing Findings Reports, Remediation Plans, Validation Reports, and change documentation.
  • Create and maintain runbooks, technical standards, deployment procedures, rollback procedures, and engineering documentation for Service Desk and IRM teams.
  • Support engineering escalations arising from complex Endpoint, image, patching, telemetry, and device-management incidents.

Qualifications

Core Qualifications:

  • Bachelor’s degree in IT, Cybersecurity, or related field preferred; equivalent experience acceptable
  • Must possess an active or interim Top Secret security clearance
  • 8+ years of experience in IT, Endpoint Engineering, or Cybersecurity
  • 6+ years of experience performing engineering functions in enterprise environments
  • Experience working under formal change control, audit, and security governance processes

Additional Qualifications:

  • Experience building and maintaining Windows and macOS workstation images
  • Experience with image automation, image validation, rollback, and version control
  • Experience integrating workstation images with VDI, EDR, authentication mechanisms, and logging agents
  • Experience maintaining imaging toolchains and automation scripts using Ivanti, KACE, JAMF, or equivalent
  • Experience with formal image-release processes including build, test, signoff, and release
  • Hands-on experience with Ivanti and/or KACE for OS and application patching
  • Experience managing configuration drift, remediation workflows, deployment failures, and rollback
  • Experience validating patches post-deployment and supporting rollback/recovery
  • Experience coordinating Intune/GPO-based patch orchestration for Windows endpoints
  • Experience configuring Windows Event Logs, macOS Unified Logs, application logs, and endpoint logging agents
  • Experience forwarding and validating logs to SIEM/EDR platforms such as Microsoft Sentinel or equivalent
  • Experience implementing monitoring for patch status, enrollment status, image deployment status, and compliance posture
  • Experience supporting forensic collection, artifact preservation, and audit readiness