Desktop Engineer

About Fortress

Fortress Investment Group LLC is a leading, highly diversified global investment manager with approximately $54 billion of assets under management as of September 30, 2025. Founded in 1998, Fortress manages assets on behalf of approximately 2,000 institutional clients and private investors worldwide across a range of credit and real estate, private equity and permanent capital investment strategies. Investment performance is our cornerstone - we strive to generate strong risk adjusted returns for our investors over the long term. For additional information on Fortress, please visit www.fortress.com.

Position Summary

Fortress's Information Technology team seeks a skilled and well-rounded Desktop Engineer to join the Desktop Engineering Group (DEG) full-time. This is an end-to-end ownership role spanning the full desktop lifecycle — from image management and software packaging to patch management, configuration compliance, cloud platform management, virtualization, and security operations.

You will be responsible for designing, implementing, and maintaining the firm's desktop infrastructure — ensuring it is secure, compliant, and optimized for performance, from the Windows OS and its core components to the platforms that manage and deliver the desktop experience at scale. We are looking for a thought leader who actively identifies trends and inefficiencies, and drives iterative, safely executed improvements that continuously raise the bar. Every DEG team member is also responsible for security operations and plays an active role in protecting the environment.

Key Responsibilities

Desktop Engineering, Cloud & Modern Management

• Design, build, and maintain the enterprise Windows desktop environment across physical and virtual platforms, applying deep OS-level knowledge to troubleshoot, optimize, and automate at scale.
• Own and operate Microsoft Intune/Endpoint Manager across the full device lifecycle — policy management, compliance, application delivery, and configuration enforcement — while driving evolution toward cloud-first management.
• Manage M365 integrations relevant to the desktop, including licensed application deployment and policy configuration. Develop automation and self-healing remediation workflows to address configuration and version drift, keeping endpoints consistently compliant.

Endpoint Operations — Image, Packaging, Patching & Monitoring

• Create and maintain desktop images for all user roles; manage task sequences, validate in staging, and ensure images remain current and compliant.
• Package, test, and distribute applications via SCCM, Intune, and Citrix. Enforce application control policies (AppLocker/WDAC) and manage versioning in coordination with application owners.
• Own the full patch lifecycle — staging, testing, deployment, verification, and documentation — across OS, hardware, and software.
• Deploy and leverage end-user experience monitoring tools (Nexthink or equivalent) to track endpoint health, surface trends, and drive proactive improvements.

Desktop Security & Security Operations

• Administer endpoint security controls: Defender for Endpoint, BeyondTrust Privilege Management, BitLocker, LAPS, WDAC, and AppLocker.
• Monitor and respond to alerts via SIEM and Defender; participate in incident triage, investigation, remediation, and post-incident review.
• Collaborate with the SecOps team on vulnerability management, threat detection, and pre-deployment security reviews.

Virtualization & Operations

• Deploy and manage virtual desktop environments (AVD, Windows 365, Citrix XenApp); monitor performance, support capacity planning, and assist with thin client strategy.
• Manage day-to-day operational tasks, track work in ServiceNow and Microsoft Planner, and serve as the Level 3 escalation point for complex desktop issues.

Candidate Qualifications

• Experience: 5 years of enterprise Windows desktop engineering, including design, deployment, and operations across physical and virtual environments.
• Education: Bachelor's degree in Computer Science, Information Technology, or equivalent experience.
• Technical Depth: Deep working knowledge of the Windows OS and the platforms that manage it — SCCM/ConfigMgr, Intune/Endpoint Manager, M365, and endpoint security tooling (Defender for Endpoint, BeyondTrust, BitLocker, LAPS, WDAC/AppLocker, Azure Sentinel).
• Certifications: Microsoft certifications (MD-102, SC-200, AZ-104) preferred; equivalent hands-on experience considered.
• Able to work independently and collaboratively across IT and business teams, managing both operational and project-based responsibilities simultaneously.
• Bring a proactive, automation-first mindset — identifying trends, building solutions, and driving continuous improvement across the environment.

The base salary range for this position is expected to be between $130,000 and $160,000

The base salary range proposed for this role has been set forth to comply with local law, but salary is only one element of the total compensation for this role. The base salary range suggested above does not include compensation elements such as bonuses, overtime and deferred cash (each of which are applicable in certain roles), benefits, perquisites, and company contributions to employee 401(k) accounts. Such other pay components often result in total compensation materially exceeding base salary for a particular role. Total compensation as well as base salary for a role depend in part upon individual performance, years of service, experience, geographic considerations, the performance and the needs of particular business units, company performance, and general market conditions.