Senior Endpoint Engineer

Summary

The Windows Systems Administrator is a technical lead responsible for the architecture, security, and continuous optimization of the district’s Windows endpoint infrastructure. Reporting to the Director of Innovative Technology, this role serves as the primary engineer for the district’s Microsoft Endpoint Configuration Manager (MECM/SCCM) environment. The Administrator ensures enterprise-wide stability by designing robust patching workflows, managing complex software deployments, and maintaining the overall health of the Windows ecosystem.

Configuration & Infrastructure Maintenance (40%)

• Lead infrastructure engineering for MECM/SCCM by designing, implementing, and scaling thehierarchy to support district-wide workstation services.
• Drive system automation by developing and maintaining advanced PowerShell scripts tostreamline administration, automate configuration management, and remediate vulnerabilities.
• Own vulnerability management and patch compliance by orchestrating Windows OS andthird-party patching to meet cybersecurity standards and achieve full compliance.
• Establish and enforce configuration, compliance, and escalation support by hardening systemswith GPOs/MECM compliance baselines and serving as the subject matter expert for advancedtroubleshooting (kernel, deployment failures, registry-level issues).

Patching & Application Deployment (35%)

• Improve and manage the patching lifecycle for Windows Servers and workstations, includingmaintaining the patching process/cycle and actively verifying and applying security updates.
• Design, build, and execute automated OS deployment (OSD) imaging sequences to supportdistrict-wide workstation provisioning and reimaging.
• Use Structured Query Language (SQL) and database querying to support reporting,troubleshooting, automation, and operational decision-making.
• Manage application packaging and software deployment pipelines to deliver applicationsefficiently with minimal disruption to end users.

Documentation & Project Support (15%)

• Develop and maintain documentation related to project, operational, incident, and problemmanagement.
• Develop and maintain documentation for MECM/SCCM procedures and system configurations.
• Analyze and document business processes to facilitate the evaluation of software updates,changes, and user enhancement requests.
• Assist with the Enterprise Product Evaluation (EPE) for new hardware introduction andsoftware integrations.

Service & Communication (5%)

• Manage incidents, service requests, and escalations by logging requests/support calls,troubleshooting, and escalating unresolved issues to vendors as needed.
• Collaborate and communicate with end-users, teammates, and internal/external customers tounderstand district needs, provide solutions, and gather feedback.
• Coordinate and oversee monthly downtime maintenance to ensure planned work is executedsmoothly, communicated clearly, and documented appropriately.
• Partner with stakeholders to align process improvements, upgrades, and daily support workwith district goals—especially student growth and achievement.

Education and Training

• Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalentprofessional experience).

Experience

• Five years of experience in Windows Systems Administration, with three years specificallyfocused on MECM (SCCM) architecture and automated patch management.
• Required experience includes two years of administering Microsoft Intune and one year ofexperience in Information Technology Infrastructure Library (ITIL) Change Management.
• Expertise needed in Advanced knowledge of PowerShell and scripting, and experiencemanaging on-prem Active Directory, Azure Active Directory, and Azure AD Connect.
• Scripting Proficiency: Advanced experience using PowerShell to manage Active Directoryobjects, manipulate the registry, and automate software deployments.
• Networking Knowledge: Solid understanding of TCP/IP, DNS, DHCP, and PXE boot processes asthey relate to imaging and endpoint communication.

Skills, Knowledge, and Competencies

• Ability to promote and follow district policies and building and department procedures.
• Ability to communicate, interact, and work effectively and cooperatively with people fromdiverse backgrounds.
• Ability to recognize the importance of safety in the workplace, follow safety rules, practice safework habits, utilize appropriate safety equipment, and report unsafe conditions to theappropriate administrator.
• Strong oral and written communication skills. Strong Analytical, Multitasking, Organizational,and Time management skills.
• Advanced knowledge of PowerShell and scripting (development and optimization).
• Knowledge of technical change management best practices.
• Solid background operating user, server, device management systems, network monitoringapplications, and operating centralized print management.
• Deep knowledge and understanding of datacenter operations.
• Strong customer service orientation and ability to continuously learn as the product evolves.
• Ability to quickly identify client issues and conduct in-depth diagnostics on Microsoft Intuneproducts and the Microsoft Endpoint Configuration Manager program.
• Experience with Active Directory Group Policy Object (GPO), including configuration andsecurity for Windows OS.
• Experience in configuring and managing Multifactor Authentication (MFA) and conditionalaccess policies, managing Group Policy for an enterprise environment.
• Versed in the management of System Center Configuration Manager (SCCM/MECM), includingimage creation and deployment of Windows OS, configuring, deploying, and troubleshootingIntune policies.