What are the responsibilities and job description for the Endpoint Engineer - Modern Endpoint & Mobility position at Gelpac?
Description
Position Summary
ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role, not a helpdesk position. You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment.
ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites. You will be enrolling and managing thousands of mobile and plant-floor devices, driving zero-touch workstation provisioning via Autopilot, and building out mobile management standards as new sites come online. Your counterpart on the team owns Endpoint Central and packaging both engineers cross-train on each other's primary platforms for full coverage.
What You'll Do
Microsoft Intune — Primary Platform
This is a 100% remote position. Candidates must be based in the United States and able to work during US business hours. Eastern or Central time zones are preferred for team collaboration.
Travel: This position may require occasional travel (up to 20%) for site support and team meetings.
Additional Information
This role includes participation in a rotating on-call schedule to support endpoint infrastructure. Escalations for service-impacting issues may occur outside standard business hours (8am–6pm).
ProAmpac is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by applicable law. EEO – M/F/Disability/Vets
To apply, please submit your resume and cover letter.
#CORP
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.
Job Category: Information Technology
Full-Time
Position Summary
ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role, not a helpdesk position. You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment.
ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites. You will be enrolling and managing thousands of mobile and plant-floor devices, driving zero-touch workstation provisioning via Autopilot, and building out mobile management standards as new sites come online. Your counterpart on the team owns Endpoint Central and packaging both engineers cross-train on each other's primary platforms for full coverage.
What You'll Do
Microsoft Intune — Primary Platform
- Serve as the primary Intune administrator across Windows, iOS, iPadOS, and Android: MDM/MAM policies, compliance policies, configuration profiles, and application deployment.
- Administer Conditional Access compliance integration with Entra ID; monitor enrollment health and compliance dashboards and resolve failures across all supported platforms.
- Manage application deployment via Intune: IntuneWin packages, Microsoft Store apps, LOB apps, and app protection policies for corporate and BYOD devices.
- Design and maintain Autopilot deployment profiles and enrollment flows for zero-touch workstation provisioning across a growing fleet.
- Manage device registration, hardware hash import, and profile assignment; coordinate with procurement and the Service Desk for new device intake.
- Troubleshoot Autopilot enrollment failures and maintain runbooks for common failure scenarios.
- Collaborate with the UEM & Packaging Engineer on app sequencing during provisioning to ensure a complete, compliant out-of-box experience.
- Administer Intune MDM/MAM for iOS, iPadOS, and Android corporate and BYOD devices: enrollment, policy, app deployment, compliance, and remote actions.
- Manage Apple Business Manager integration with Intune; maintain DEP enrollment profiles and VPP app licensing.
- Configure app protection policies for BYOD scenarios; manage mobile device lifecycle from provisioning through retirement.
- Troubleshoot mobile enrollment and compliance issues; coordinate with Networking on WiFi and connectivity dependencies.
- Administer SOTI MobiControl for rugged Android handhelds, RF scanners, and terminals used in manufacturing and warehouse operations.
- Manage enrollment, configuration profiles, app deployment, and kiosk policies for plant-floor device groups.
- Troubleshoot plant-floor device issues; coordinate with plant operations and Networking on WiFi coverage and VLAN requirements.
- Support device staging for new site openings and plant expansions.
- Administer Jamf Pro for ~100 Mac devices: enrollment, configuration profiles, patch management, application deployment, and compliance reporting.
- Provide Tier 2/3 support for macOS issues; maintain macOS packaging workflows and runbooks.
- Manage IGEL OS thin client configuration, policy, and patching in coordination with the Networking & Hardware Services team.
- Support thin client deployments for new sites; maintain configuration standards and deployment runbooks.
- Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices.
- Apply and maintain endpoint hardening baselines across Windows, macOS, and mobile platforms; coordinate with InfoSec on gap remediation.
- Support management of the enterprise digital signage platform (Skykit): device enrollment, content policy, and operational support across ProAmpac sites.
- Own endpoint asset data quality in Lansweeper for all assigned device types; drive asset management process adherence by the Service Desk.
- Maintain working proficiency in application packaging (MSI, IntuneWin) to build and deploy packages via Intune independently and to cover your counterpart when needed.
- Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB).
- Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support.
- 3–5 years of enterprise endpoint engineering or systems administration experience focused on MDM, UEM, or modern device management platforms.
- Strong Microsoft Intune experience: MDM/MAM policy design, compliance policies, configuration profiles, and application deployment across Windows and mobile platforms.
- Hands-on Windows Autopilot experience: deployment profile design, enrollment flows, and troubleshooting in an enterprise environment.
- Experience managing iOS/iPadOS and Android devices in an enterprise MDM environment, including Apple Business Manager and DEP enrollment.
- Working application packaging experience for Intune: IntuneWin format and LOB app deployment at minimum.
- Proficiency in PowerShell scripting for automation, reporting, and operational workflows.
- Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration.
- Strong troubleshooting skills across Windows 10/11, iOS, and Android platforms.
- Self-motivated, detail-oriented, and able to manage concurrent tasks independently.
- Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience.
- Preferred: Microsoft MD-102 (Endpoint Administrator Associate) certification or actively working toward it.
- Preferred: experience with Jamf Pro for macOS device management.
- Preferred: experience with SOTI MobiControl or comparable plant-floor/rugged device management platforms.
- Preferred: experience with IGEL OS or thin client management platforms.
- Preferred: experience supporting manufacturing or multi-site industrial environments.
- Join a nearly $5 billion packaging company scaling rapidly through acquisition with a major infrastructure modernization underway.
- Own a packaging practice and server patching program that will scale dramatically, this is a build role, not a maintain role.
- Clear path for skill development as our environment grows, you will work on real scale, not a stable steady-state environment.
- Professional development support including training and certification opportunities.
This is a 100% remote position. Candidates must be based in the United States and able to work during US business hours. Eastern or Central time zones are preferred for team collaboration.
Travel: This position may require occasional travel (up to 20%) for site support and team meetings.
Additional Information
This role includes participation in a rotating on-call schedule to support endpoint infrastructure. Escalations for service-impacting issues may occur outside standard business hours (8am–6pm).
ProAmpac is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by applicable law. EEO – M/F/Disability/Vets
To apply, please submit your resume and cover letter.
#CORP
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.
Job Category: Information Technology
Full-Time