Endpoint Engineer/ MECM

Position: Endpoint Engineer/ MECM Engineer
Location: Alexandria, VA
Duration: 1 year Contract
 Needs a TS/SCI clearance
 
Job Description:
 
MECM platform
• Design and support of primary sites, management points, distribution points, and software update points.
• High availability design for critical MECM roles.
• Boundary groups, collections, and role-based administration design.
• Content management and distribution optimization for multi-site and remote offices.

OS deployment and imaging
• Creation and maintenance of task sequences for Windows 10/11.
• Image engineering, driver management, language packs, and feature packs.
• In-place upgrade strategy and execution for large fleets.
• Zero-touch and lite-touch deployment experience (PXE, boot media).

Patch management
• End-to-end patching using MECM and WSUS.
• Monthly patch cycle design, pilot rings, phased deployments.
• Compliance reporting and SLA tracking for security updates.
• Third-party patching integration (Ivanti, Patch My PC, or equivalent).

Software deployment
• Application packaging with MSI, MSIX, script-based installers.
• Detection methods, custom return codes, and supersedence.
• Global deployment planning with minimal user impact.
• License-aware deployment for commercial software.

Endpoint security and compliance
• Integration with Defender for Endpoint and Microsoft security stack.
• Baseline configuration using GPO, Security Baselines, or Configuration Items/Baselines.
• Support for BitLocker management and key recovery.
• Experience aligning with NIST, CIS, ISO 27001, or SOC 2 requirements.
Cloud and modern management
• Co-management experience with Intune and MECM.
• Windows Autopilot design and operations.
• Use of Azure AD (Entra ID), Conditional Access, and hybrid join models.
• Integration with Microsoft Store for Business / winget where applicable.

Automation and scripting
• Strong PowerShell for MECM automation, reporting, and remediation.
• Experience building reusable scripts and runbooks.
• Familiarity with APIs, WMI, and SQL queries for MECM operations.

Monitoring and reporting
• Custom MECM reports using SQL Server Reporting Services.
• Health checks for site roles, replication, and client status.
• Clear dashboards and metrics for leadership and audit needs.

Required Skills
• 7 years in enterprise endpoint management.
• 5 years hands-on with Microsoft Endpoint Configuration Manager in large environments (5,000 endpoints).
• Proven record designing, implementing, and operating MECM hierarchies.
• Experience in highly regulated or audited environments (finance, healthcare, government, or similar).