Desktop Administrator

Company Description

CareFlite is a 501(c)(3) nonprofit ambulance service sponsored by Baylor Scott & White Health, JPS Health Network, Methodist Health System, Parkland, and Texas Health Resources. CareFlite provides medical transport by helicopter, airplane, and ground ambulance, and non-medical transport via wheelchair van.

Job Description

Position Summary


The Desktop Administrator deploys, maintains, supports, and troubleshoots all desktops, peripherals, and end‑user services across the organization. The role supports endpoint lifecycle management (Windows PCs and other related devices), application packaging and updates, security hardening, and remote support—leveraging modern RMM tools and Microsoft Intune to ensure secure, reliable, and consistent user experiences.

Essential Duties/Responsibilities

Works with other IT staff and provides guidance to the Service Desk and other IT staff on endpoint standards and procedures. Works collaboratively with the Networking and Systems Administrator roles.

Endpoint Management & Intune

• Works with the System Administrator in administering Intune/Endpoint Manager.
• Tenant hygiene, device enrollment (including Windows Autopilot), configuration profiles, compliance policies, conditional access coordination with the identity team, BitLocker, and Defender for Endpoint baselines.
• Package, deploy, and update applications (MSI/MSIX/.intunewin), including line‑of‑business apps; manage WinGet repositories where appropriate.
• Maintain device compliance posture, remediate drifts, and report on policy adherence.
  
  

RMM Operations

• Participates in administering the organization’s Remote Monitoring & Management (RMM) platform(s): agent health, policy configuration, alerting thresholds, script libraries, remote support sessions, patch automation, and asset inventory.
• Build and maintain automation (PowerShell preferred) to standardize builds, reduce manual tasks, and improve reliability across endpoints.
  
  

Patch, Security & Compliance

• Drive endpoint OS and application patching schedules; coordinate change windows to minimize user impact.
• Enforce endpoint hardening standards (CIS/Microsoft baselines), secure local admin rights, manage device encryption, and collaborate on MDR/EDR integrations.
• Support healthcare‑grade privacy and security practices (e.g., HIPAA/PHI handling) and incident response playbooks in coordination with InfoSec.
  
  

User Services & Collaboration

• Serve as Tier 2/3 escalation for endpoint issues, VIP support, and remote assistance; ensure timely resolution and clear communication.
• Participates in Service Desk to refine ticket categories, SLAs, and knowledge articles; contribute to self‑service content and training.
• Work collaboratively across departments (clinical, operations, HR, finance, air/ground operations) to understand workflows and deliver reliable user services.
  
  

Identity, Devices & Productivity

• Support identity and endpoint integrations (Entra ID/Azure AD, and/or Okta), MFA, and device compliance gates for M365 apps.
• Troubleshoot Microsoft 365 desktop apps (Teams, Outlook, OneDrive) and device sign‑in issues; coordinate with network/telecom teams for connectivity dependencies.
  
  

Documentation & Asset Management

• Maintain standard operating procedures, build images/runbooks, “golden” configuration baselines, and endpoint support playbooks.
• Track hardware/software assets, warranty/RMA, and license consumption; support annual audits and true‑ups.
  
  

Continuous Improvement

• Analyze endpoint telemetry and ticket trends to recommend optimizations; pilot new tools, features, and policies; assist with migrations (e.g., SCCM→Intune).
• Participate in after‑hours maintenance windows and on‑call rotations as required.
  
  

Hours of work

• Full‑time position with core business hours; occasional after‑hours maintenance windows and participation in on‑call rotations as required.
  
  

Overtime expectations

• Periodic overtime may be required to support system maintenance, upgrades, incident response, or business‑critical initiatives.
  
  

Work environment

• Based in Irving, TX, with support coverage for regional sites as needed to fulfill endpoint lifecycle management and user support responsibilities.
• Primarily office‑based with extended periods of computer and console work (Intune, RMM, ticketing systems, scripting environments).
• Regular interaction with production systems supporting healthcare, aviation, and operational teams where downtime or misconfiguration may directly affect patient care or mission‑critical services.
• Periodic work in technical spaces such as equipment rooms, staging areas, hangars, or clinical locations.
  
  

Travel Requirements

• Periodic local travel between facilities to support device deployments, replacements, audits, incident response, or VIP user support.
• Travel is primarily regional and typically planned, but may occasionally be time‑sensitive based on operational needs.
  
  

On-call Responsibilities

• Participation in an on‑call rotation to support endpoint incidents, outages, and planned maintenance activities outside of normal business hours.
  
  

Certifications

Required:

• CompTIA A (or equivalent technology certification)
  
  

Preferred:

• Microsoft MD‑102: Endpoint Administrator
• Microsoft SC‑200 (Security Operations Analyst) and/or AZ‑104 (Azure Administrator)
  
  

ADA Physical and Mental Requirements

Physical Demands

• Sedentary position with frequent keyboard, mouse, and screen use for endpoint administration, scripting, troubleshooting, and documentation.
• Occasional lifting, carrying, and positioning of endpoint devices, monitors, and peripherals (up to approximately 40 lbs) during deployments, replacements, or troubleshooting.
• Ability to move through offices, clinical spaces, and operational areas as required.
  
  

Sensory And Environmental Requirements

• Ability to visually inspect devices, read logs, analyze dashboards, and identify endpoint issues across multiple management platforms.
• Ability to work in environments with moderate noise levels and varying lighting conditions, including operational or clinical settings.
  
  

Mental And Emotional Requirements

• Ability to manage multiple priorities simultaneously, respond effectively to escalations, and make sound decisions during security incidents or outages.
• Maintains professionalism, discretion, and confidentiality when handling sensitive systems and protected health information (PHI).
• Follow established change management, security, and quality assurance procedures to protect patient safety and organizational operations.
• Demonstrates a continuous‑improvement mindset by documenting procedures, sharing knowledge, mentoring junior staff, and refining endpoint standards.
• Collaborates effectively across IT, clinical, and business teams to deliver secure, reliable end‑user services.
  
  

Qualifications

Knowledge & Experience Required

• 3–5 years in desktop/endpoint administration within medium/large enterprise environments.
• Hands‑on administration of Microsoft Intune/Endpoint Manager and at least one enterprise RMM platform.
• Strong Windows 10/11 skills; macOS/iOS/Android device management experience desirable.
• Proficiency with PowerShell scripting for automation and remediation.
• Solid understanding of Entra ID/Azure AD (or modern IdP), Group Policy, device compliance, conditional access concepts.
• Familiarity with Defender for Endpoint (or equivalent EDR), BitLocker, and security baselines; exposure to healthcare compliance (e.g., HIPAA/PHI) preferred.
• Working knowledge of networking fundamentals (DNS/DHCP/VPN/Wi‑Fi) and remote support tools.
• Excellent customer service mindset with clear written/verbal communication.
  
  

Additional Information

All your information will be kept confidential according to EEO guidelines.

The statements contained in this position description reflect the general duties considered necessary to describe the principal functions of the job as identified and shall not be considered a detailed description of all the work requirements that may be inherent in the position.