Job Description

We are seeking a Senior Endpoint Analyst (Intune) to own the technical direction, operational health, and security posture of our endpoint environment across approximately 5,000 managed devices. This role serves as the senior technical authority for endpoint engineering, operations, and security, ensuring consistent design, execution, and control ownership in an enterprise environment. The key focus for this role will revolve around expert level Microsoft Intune experience.
The Endpoint analyst will be accountable for endpoint compliance, vulnerability remediation, configuration standards, and high risk technical recommendations. This role partners closely with Security, Infrastructure, Risk, and Audit teams to reduce operational risk, maintain audit readiness, and deliver a stable, secure end user computing platform.

Responsibilities
Endpoint Engineering & Platform Ownership:

• Serve as the technical lead for endpoint engineering, operations, and security across ~5k devices, ensuring standardized design, implementation, and enforcement.
• Own the endpoint management stack, including Intune, Trend Micro, Microsoft Defender, Entra ID, and related tooling.
• Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards in alignment with security and regulatory requirements.
  

Security, Risk & Compliance:

• Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access enforcement.
• Own application control capabilities to enforce secure execution policies and reduce endpoint risk.
• Provide recommendations authority for high risk endpoint changes (patching, policy updates, security remediations), minimizing the risk of misconfiguration or large scale impact.
• Ensure timely remediation of vulnerabilities and adherence to firm defined SLAs, reducing exposure windows and maintaining audit readiness.
• Enforce secure baseline configurations and compliance controls across all managed endpoints.
  
  

Operations & Vulnerability Management:

• Partner with Security and Vulnerability Management teams to prioritize, plan, and execute endpoint remediation activities.
• Ensure endpoint controls and processes are measurable, defensible, and auditable.
• Act as the escalation point for complex or high impact endpoint incidents, driving root cause analysis and long term corrective actions.
• Automation & Continuous Improvement:
• Drive operational efficiency through automation, standardization, and reduction of manual processes.
  Improve consistency, reliability, and scale of endpoint operations through policy driven management and modern endpoint practices.
  Identify opportunities to modernize endpoint engineering practices and tooling while maintaining regulatory compliance.
  

Leadership & Collaboration:

• Provide technical mentorship within the endpoint and service desk teams.
• Collaborate with L1/L2 support, infrastructure, identity, security, and audit partners to ensure clear ownership and smooth execution.
• Translate technical risk and trade offs into clear, actionable recommendations for leadership.
  

Qualifications
Required:

• Education: Bachelor’s degree in computer science, information technology, or a related field.

Experience:

• 3-5 years of experience in endpoint management, with a focus on Microsoft Intune.

• Proven experience in deploying and managing devices using Intune.

Technical Skills:

• Expertise in Microsoft Intune, including policy creation, device enrollment, and compliance management.
• Experience with scripting (PowerShell, VBScript) is required.
• Ability to create and manage profiles, manage apps and create compliance rules.
• Experience administering in an Active Directory, Azure Active Directory, and Office 365 environments.
• Vulnerability Management skills for desktop OS class is required.
• Solid networking knowledge (TCP/IP, DNS, and Radius)
• Experience working within a structured process methodology (i.e., ITIL)
• Familiarity with other endpoint management tools, Autopilot, Rapid7, and Manage Engine Endpoint Central, Patch my PC
• Knowledge of Windows, iOS, and Android operating systems.
• Strong understanding of Zero Trust principles, device posture, and conditional access.
  
• Excellent troubleshooting and root cause analysis skills for complex endpoint issues.
• Azure/Intune certifications would be an asset

What This Role Is

• A true accountability owner for endpoint health, compliance, and security.
• A senior technical authority trusted to make risk based recommendations.
• A bridge between infrastructure, operations, and security.
  

What This Role Is Not

• A ticket driven desktop support role.
• A purely strategic role without hands on ownership.
• A delegated or advisory only position.
  
  

The expected salary range for this role is between $85,000 - $120,000 per year. The starting salary will be determined based on several factors such as the successful candidate’s qualifications, including but not limited to education and experience. Base pay is one component of Black & McDonald’s total rewards package. Total rewards vary by position and may include additional offerings such as group insurance benefits, pension plan, annual discretionary bonus, career development programs, and other HR programs.

Black & McDonald welcomes and encourages applications from persons with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the recruitment and selection process.

#LI-RM1