Endpoint Engineer (Systems Administrator

A1FED Incorporated
San Antonio, United States of America
24 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

San Antonio, United States of America

Tech stack

Application Integration Architecture
Application Packaging
Azure
Mobile Application Development
Software as a Service
Configuration Management
Computer Security
System Configuration
Firmware
Hyper-V
Identity and Access Management
System Center Configuration Manager
Windows Server
Powershell
Zero Trust Network Access
Software Deployment
Software Engineering
Software Systems
Systems Integration
Microsoft Deployment Toolkit
Sysadmin
Microsoft InTune
Information Technology
Deployment Automation
Data Management
Scap Compliance Checker

Job description

The Endpoint System Admin is responsible for architecting, developing, and sustaining endpoint management and delivery solutions that meet DoD and DHA operational and security requirements. This includes designing compliant application packaging, security configurations, software deployments, and mobile device solutions across the hybrid DHA ecosystem. The engineer will also lead Tier 3/4 support efforts, drive endpoint automation and modernization initiatives, and provide technical leadership in support of RMF and Zero Trust alignment., Application Integration & Enterprise Management:

  • Engineer and deploy endpoint management solutions (MECM, Intune, etc.) for both virtual and physical environments.
  • Package, test, and configure baseline applications and images for DHA endpoints.
  • Architect endpoint delivery frameworks to support centralized provisioning, patching, monitoring, and sustainment of services across hybrid (on-prem/cloud/SaaS) environments.
  • Engineer migration strategies from MECM to Intune and develop modern endpoint reporting capabilities.

Endpoint & Identity Security:

  • Validate endpoint compliance with DISA STIGs, DoDI 8510.01 (RMF), and NIST cybersecurity standards.
  • Conduct risk assessments and apply IA controls across all application and OS lifecycle stages.
  • Engineer and maintain endpoint configurations supporting Zero Trust, encryption, data-at-rest (DAR), and continuous monitoring.
  • Maintain artifacts in eMASS, including POA&Ms, risk assessments, and continuous monitoring documentation.

Desktop & Endpoint Engineering:

  • Build and maintain desktop OS images and standard software configurations for enterprise deployment.
  • Engineer solutions supporting task sequences, group policies, and profile/data management.
  • Modernize legacy configurations and support cloud-managed endpoints for improved user experience and performance.
  • Validate application compatibility and implement endpoint enhancements using industry best practices.

Mobile Engineering:

  • Design and implement mobile device provisioning, OS/firmware upgrades, and security configurations.
  • Develop transition plans for migrating MDM platforms while preserving user experience and enterprise controls.

Software Design & System Integration:

  • Research and develop system-level software solutions, including embedded systems and distribution frameworks.
  • Formulate operational specs and conduct in-depth requirement analyses to improve endpoint architectures.

Application Packaging & Automation:

  • Engineer, script, and deliver application packages using enterprise deployment tools.
  • Test application delivery using hypervisors and simulate endpoint software combinations.
  • Ensure compliance with DISA/NIST STIGs in application packaging and configuration management.
  • Maintain application baselines and automate patching and updates.

Requirements

  • Microsoft MECM (SCCM), Intune, MDT, PowerShell
  • Windows Server OS, Windows 10/11
  • Hyper-V, Azure, Entra ID, GPO
  • ActivClient, eMASS, DISA STIG Viewer
  • SCAP Compliance Checker, NIST 800-series
  • Application packaging tools (AdminStudio, WiseScript, etc.)

Education & Certification Requirements (per DoD 8140 Qualification Matrices)

  1. Microsoft Certified: Azure Administrator Associate or Windows Server Hybrid Administrator Associate

  2. Any of the following...

  • Academic Education: Bachelor's degree in information technology, Cybersecurity, or a related discipline.
  • OR Baseline: Cloud+ or GICSP or SSCP or Security+ or GSEC or GLSC or CISSP
  • OR DoD/Military Training: F07DZZ1 or M03385G or M10395B or M223854 or A-150-0045 now W-250-0750 or A-531-0021 or W-250-0750 or A-150-3400 now W-250-0750 or A-150-1980 or A-150-1202 or A-150-1203 or A-150-1250 or A-150-1855 / A-150-1940 or A-113-0205 or A-113-0175 or A-113-0018 or A-113-0382 or A-113-0027 or A-113-0383 or A-113-0175 or A-113-0202 or A-113-0233 or DISA-US1379

Apply for this position