Service Desk Engineer (Remote)
Responsibilities
- Design, build, maintain, and secure standardized workstation images for Windows and macOS supporting on-site, remote, and VDI access.
- Engineer endpoint baselines and technical controls that reduce risk of unauthorized discovery, lateral movement, malicious credential use, persistence, and defense evasion.
- Own engineering design and lifecycle maintenance for imaging, patching, automation, validation, rollback, and release management.
- Maintain OS and application patching, version control, and deployment workflows using approved enterprise tools such as Ivanti, KACE, Intune, GPO, JAMF, or equivalent.
- Engineer and maintain logging, telemetry, monitoring, and audit capabilities to track endpoint activity, enrollment, user authentication, network access, and compliance posture.
- Develop and execute validation testing after imaging or major patch cycles to confirm endpoint functionality, security agent health, authentication, and VDI connectivity.
- Support the assessment, recommendation, implementation, validation workflow by producing Findings Reports, Remediation Plans, Validation Reports, and change documentation.
- Create and maintain runbooks, technical standards, deployment procedures, rollback procedures, and engineering documentation for Service Desk and IRM teams.
- Support engineering escalations arising from complex Endpoint, image, patching, telemetry, and device-management incidents.
Qualifications
Core Qualifications:
- Bachelor’s degree in IT, Cybersecurity, or related field preferred; equivalent experience acceptable
- Must possess an active or interim Top Secret security clearance
- 8+ years of experience in IT, Endpoint Engineering, or Cybersecurity
- 6+ years of experience performing engineering functions in enterprise environments
- Experience working under formal change control, audit, and security governance processes
Additional Qualifications:
- Experience building and maintaining Windows and macOS workstation images
- Experience with image automation, image validation, rollback, and version control
- Experience integrating workstation images with VDI, EDR, authentication mechanisms, and logging agents
- Experience maintaining imaging toolchains and automation scripts using Ivanti, KACE, JAMF, or equivalent
- Experience with formal image-release processes including build, test, signoff, and release
- Hands-on experience with Ivanti and/or KACE for OS and application patching
- Experience managing configuration drift, remediation workflows, deployment failures, and rollback
- Experience validating patches post-deployment and supporting rollback/recovery
- Experience coordinating Intune/GPO-based patch orchestration for Windows endpoints
- Experience configuring Windows Event Logs, macOS Unified Logs, application logs, and endpoint logging agents
- Experience forwarding and validating logs to SIEM/EDR platforms such as Microsoft Sentinel or equivalent
- Experience implementing monitoring for patch status, enrollment status, image deployment status, and compliance posture
- Experience supporting forensic collection, artifact preservation, and audit readiness