Jobs · Engineering · Illinois

Senior Digital Workspace Engineer

Oncourse Home Solutions · Naperville, IL · 1 wk ago
HybridEngineering$112k–$168k/yrFull-time

About the role

Oncourse Home Solutions is seeking a Sr. Digital Workspace Engineer to own the full lifecycle of the company's enterprise endpoint environment. This role operates at the intersection of endpoint engineering, cybersecurity, and operational delivery.

Responsibilities

  • Architect, package, and deploy standardized Windows and macOS images using Autopilot, Intune, and Jamf Pro.
  • Manage the full MDM lifecycle for corporate and BYOD devices across iOS, Android, and macOS — including enrollment, compliance profiles, and MAM app protection policies.
  • Own Autopilot end-to-end (ESP tuning, all deployment models), zero-touch large-scale rollouts, OS update cadences, app packaging, and CIS/NIST endpoint hardening.
  • Design, implement, and maintain Microsoft Entra ID Conditional Access policies aligned to Zero Trust principles.
  • Manage device compliance policies, identity-based controls, and privileged access workstation (PAW) configurations.
  • Administer Microsoft Defender for Endpoint (MDE) — threat and vulnerability management, ASR rules, and EDR.
  • Operate Microsoft Purview for DLP, information protection labels, and eDiscovery workflows in support of legal and compliance requirements.
  • Build and maintain PowerShell and Python automation scripts for endpoint provisioning, patch compliance reporting, configuration drift remediation, and security telemetry.
  • Support enterprise networking functions relevant to endpoint connectivity: DNS, DHCP, VPN, NAC, and firewall policy.
  • Work with network teams on Meraki wireless policy and endpoint segmentation.
  • Troubleshoot certificate-based authentication issues.
  • Provide engineering-level support for contact center endpoint environments — VDI, softphone/CCaaS integrations, and specialized peripherals — ensuring zero-downtime availability for customer-facing functions.
  • Deliver white-glove endpoint experience for executive leadership and board-level stakeholders.
  • Communicate complex technical issues clearly and professionally.
  • Lead stakeholder-facing briefings on endpoint health, security posture, and platform roadmap.
  • Support enterprise deployment and governance of AI productivity tools (Microsoft Copilot for M365) — ensuring endpoint readiness, data classification policy alignment, and compliance with the organization's AI governance framework.
  • Own endpoint security hardening standards across all device platforms via Intune and Jamf configuration profiles.
  • Remediate vulnerability scan findings.
  • Support NYDFS Part 500 and PCI DSS endpoint-related control evidence collection.
  • Own the full IT asset lifecycle for all managed endpoints — procurement through decommission.
  • Maintain CMDB accuracy via MDM integration (Intune, Jamf), conduct asset audits, enforce software license compliance, and support hardware refresh forecasting with data-driven reporting.
  • Participate in on-call rotation for after-hours critical endpoint incidents affecting contact center, executive, or production systems.

Qualifications

  • 7+ years of enterprise endpoint engineering experience in mid-to-large organizations.
  • Deep hands-on expertise with Microsoft Intune (MEM) — MDM and MAM policy design, compliance, app deployment, Autopilot (device registration, ESP tuning, User-Driven / Self-Deploying / Pre-Provisioning models), zero-touch large-scale rollouts, and mobile platform enrollment (iOS, Android, macOS).
  • Proven MDM expertise across corporate-owned and BYOD programs — iOS, Android, and macOS enrollment, compliance policies, conditional access for mobile, and Intune App Protection Policies (MAM without enrollment).
  • Deep hands-on expertise with Jamf Pro — smart groups, policies, packages, Jamf Connect, and remote management.
  • Proficiency in Microsoft Entra ID: device registration, hybrid join, Conditional Access, named locations, sign-in risk policies, and Privileged Identity Management (PIM) for just-in-time administrative access governance.
  • Proven expertise in M365 E5 security: Microsoft Defender for Endpoint (MDE), Microsoft Purview (DLP, Information Protection, eDiscovery), and Defender Vulnerability Management.
  • Strong scripting capability in PowerShell (required) and Python (required) — endpoint automation, API integrations, compliance reporting.
  • Hands-on experience with enterprise image packaging and remote OS deployment — Windows Autopilot, MDT, WDS, or equivalent macOS workflows — with capability executing large-scale device rollouts across distributed and remote workforce environments.
  • Working knowledge of enterprise networking: TCP/IP, DNS, DHCP, VPN, NAC, certificate services, and firewall policy coordination.
  • Experience supporting contact center or other high-availability critical-function endpoint environments.
  • Demonstrated ability to manage executive and VIP stakeholders — executive-ready written, verbal, and presentation skills.
  • Familiarity with AI productivity tools in enterprise environments (e.g., Microsoft Copilot for M365, AI governance frameworks).
  • Strong understanding of security hardening principles: CIS Benchmarks, NIST SP 800-70, DISA STIGs, or equivalent.
  • Experience in regulated industries (financial services, healthcare, or insurance) strongly preferred.
  • Proven background scaling endpoint environments for remote or distributed workforces — zero-touch provisioning, remote wipe/reset, and multi-region device management.
  • Hands-on ITAM and CMDB experience — device lifecycle tracking, software license compliance, asset auditing, and MDM-to-CMDB integration for automated inventory.
  • Proficiency with ServiceNow (ITAM/CMDB/Asset Management modules preferred) or Jira Service Management for change governance and asset record management.
  • Nice to have: Hands-on experience with Cisco Meraki wireless infrastructure (SSID policy, device tagging, network segmentation); familiarity with SIEM/EDR integrations: Microsoft Sentinel, CrowdStrike, or equivalent; experience with Microsoft Entra ID PIM (Privileged Identity Management) and PAM; exposure to Zero Trust Network Access (ZTNA) or SSE/SASE platforms.

Similar jobs

Software Engineer, Senior

Parsons CorporationAberdeen, MD· 1 wk ago
Engineering$112k–$196k/yrapply on parsons.wd5.myworkdayjobs.com

Software Engineer, Senior

EverWatchAnnapolis Junction, MD· 2 wk ago
Engineering$91.34–$110.57/hrapply on everwatch-everwatchsolutions.icims.com