Endpoint Systems Engineer (Windows 11, MECM, PowerShell Automation, Intune, Citrix VDI)

You will be responsible for designing, building, and maintaining enterprise endpoint platforms while driving automation and operational efficiency. Working across infrastructure, security, and desktop teams, you will ensure endpoint stability, security compliance, and scalable deployment practices., Endpoint Management & Deployment

• Design, build, and maintain Windows 11 enterprise images (persistent and non-persistent).
• Manage application packaging and deployment via MECM.
• Support co-managed environments (MECM + Intune).
• Administer Citrix VDI (MCS) task sequences and template management.
• Manage enterprise laptop driver life cycle across endpoint estates.

PowerShell & Automation

• Develop and maintain PowerShell automation scripts for deployments, compliance, and reporting.
• Deliver infrastructure automation solutions that reduce manual effort and improve reliability.
• Manage Git-based version control workflows for infrastructure changes.
• Leverage PowerShell App Deployment Toolkit (PSADT) for scalable application deployments.

Patch & Vulnerability Management

• Own end-to-end endpoint patch management across the client environment.
• Maintain Windows 11 gold images and VDI templates.
• Remediate vulnerabilities using tools such as Tenable.
• Produce compliance and audit reporting dashboards.

Security & Compliance

• Administer endpoint security platforms such as SentinelOne and Microsoft Defender.
• Enforce BitLocker, Credential Guard, LAPS, and least-privilege policies.
• Investigate and remediate non-compliant devices.

Active Directory & Policy Administration

• Administer Active Directory, Group Policy, AppLocker, and configuration baselines.
• Manage Windows 11 compliance policies, configuration profiles, and device targeting strategies.

Applicants must be eligible to work in the specified location

Endpoint Systems Engineer (Windows 11, MECM, PowerShell Automation, Intune, Citrix VDI)

We are seeking an experienced Endpoint Systems Engineer with strong PowerShell Scripting and infrastructure automation expertise to manage and secure a large-scale enterprise endpoint environment. This role focuses on Windows 11 estate management, endpoint compliance, patching, and automation across a modern co-managed environment., * Strong hands-on experience with Microsoft Endpoint Configuration Manager (MECM).

• Proven experience managing Windows 11 enterprise builds and compliance.
• Advanced PowerShell Scripting with demonstrable automation outcomes.
• Enterprise patch management across large endpoint estates.
• Experience with endpoint security platforms and vulnerability remediation.
• Active Directory and Group Policy administration.
• Understanding of Azure AD/Entra ID and modern identity controls.
• Experience working in regulated or governance-driven environments.
• Experience with Git workflows for infrastructure changes.
• Familiarity with PSADT.
• Advanced MECM collections and query design.
• Exposure to VMware vSphere.
• Relevant Microsoft Endpoint certifications desirable.

Candidate Profile

• Strong attention to detail with excellent troubleshooting skills.
• Proactive in identifying automation and compliance improvements.
• Comfortable collaborating across infrastructure, security, and desktop teams.
• Clear communicator with strong documentation practices.
• Structured, organised, and delivery-focused.