Microsoft Intune Engineer / Endpoint Management Specialist

Microsoft Intune Engineer / Endpoint Management Specialist

Our client, an Ev Manufacturing company, is looking for a Microsoft Intune Engineer / Endpoint Management Specialist for their Palo Alto, CA/Hybrid location.

Responsibilities:

• Design, deploy, and maintain Microsoft Intune policies for device enrollment, configuration, compliance, and app management across all platforms (Windows, macOS, iOS, Android)
• Own end-to-end device policy management authoring, testing, versioning, and retiring policies across the full device lifecycle
• Lead end-to-end deployment testing for all policy changes, app deployments, and configuration updates before production rollout, including validation in staged rings or test device groups
• Manage and maintain the Company Portal experience ensuring apps are correctly published, categorized, and available to end users across all platforms
• Own software currency across the device fleet maintaining up-to-date application versions, OS updates, and security patches through Intune update rings and app lifecycle management
• Manage conditional access policies in integration with Microsoft Entra ID (Azure AD) to enforce Zero Trust security principles
• Lead device lifecycle management including enrollment, provisioning, policy assignment, and decommissioning
• Develop and maintain Autopilot and Apple DEP/ABM enrollment workflows
• Troubleshoot and resolve endpoint management issues including policy conflicts, enrollment failures, and compliance gaps
• Partner with Security and Compliance teams to ensure device posture aligns with organizational standards
• Create and maintain technical documentation, runbooks, and SOPs for Intune configurations and deployment test results
• Support software deployment, patch management, and app packaging through Intune
• Evaluate new Intune features and Microsoft 365 endpoint capabilities and recommend adoption where appropriate
• Provide escalation support and mentor junior IT staff on endpoint management best practices

Requirements:

• 3+ years of hands-on Microsoft Intune administration experience in an enterprise environment
• Deep knowledge of MDM and MAM policies across Windows, macOS, iOS, and Android
• Demonstrated experience managing device policy at scale — including policy conflict resolution, scope tagging, and deployment ring strategy
• Proven ability to design and execute end-to-end deployment testing processes, including staged rollouts and rollback planning
• Experience with Microsoft Entra ID (Azure AD), Conditional Access, and device compliance policies
• Proficiency with Windows Autopilot and Apple Business Manager / Device Enrollment Program
• Strong understanding of certificate management (SCEP/PKCS) and network access control (Wi-Fi/VPN profiles)
• Familiarity with PowerShell scripting for automation and reporting
• Solid understanding of security baselines (CIS, NIST, Microsoft Security Baselines)
• Strong working knowledge of change management principles and processes — including submitting, documenting, and communicating changes through formal change control workflows (CAB, RFC, etc.)
• Experience working within ITSM frameworks (ticketing, change management) such as ServiceNow or Jira
• Microsoft certifications: MD-102 (Endpoint Administrator), SC-300, or MS-102
• Experience with Microsoft Defender for Endpoint integration with Intune
• Familiarity with JAMF or other MDM platforms
• Experience in a high-growth or manufacturing/tech company environment
• Exposure to M365 E3/E5 licensing and feature management
• Strong analytical and troubleshooting skills with a detail-oriented mindset
• Ability to manage multiple priorities in a fast-paced environment
• Clear written and verbal communication skills able to explain technical concepts to non-technical stakeholders
• A collaborative, cross-functional working style

Why Should You Apply?

• Health Benefits
• Referral Program
• Excellent growth and advancement opportunities

ICONMA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law.