Desktop Engineering & Endpoint Management

Our patients are our number one priority! We're committed to giving children back their childhood!

Job Posting Title:

Location:

Additional Posting Details:

Monday - Friday

8:00am - 4:30pm

After-hours/weekend work - as needed - (patching, software deployment, vulnerability management)

Job Description:

This role is a senior, hands-on endpoint engineering position responsible for owning endpoint platforms, inventory accuracy, and endpoint risk management across the organization. Although the role reports into the Help Desk & End User Support Manager, it operates at a senior engineering and platform-ownership level, defining standards, leading modernization efforts, and reducing operational and security risk.

Endpoint Inventory & CMDB Management

Own endpoint inventory accuracy and lifecycle management across ServiceNow CMDB, Microsoft Intune, and KACE.
• Define authoritative data sources and reconcile discrepancies between systems.
• Design and maintain automated CMDB population and lifecycle workflows.
• Ensure accurate tracking of device ownership, status, and compliance.
• Partner with IT Asset Management, Security, and End User Support to ensure audit readiness and reliable reporting.

Endpoint Engineering, Standards & Risk Management

• Serve as the technical authority for endpoint configuration and standards.
• Design, build, and maintain gold images, including traditional and modern cloud-based builds.
• Establish and enforce endpoint security baselines aligned with organizational and industry standards.
• Proactively manage endpoint risk related to vulnerabilities, configuration drift, and unsupported platforms.

Endpoint Platform Ownership (KACE to Intune)

• Act as platform owner for KACE (current state) and Microsoft Intune (future state).
• Develop and execute a phased migration strategy from KACE to Intune.
• Migrate policies, applications, and patching with minimal end-user disruption.
• Reduce tool overlap and establish Intune as the primary endpoint management platform.

Patch Management & Compliance

• Own patching strategy for Windows, macOS, and third-party applications.
• Define patch SLAs based on risk and clinical impact.
• Automate patch deployment and compliance reporting.
• Partner with Information Security on vulnerability remediation and audits.

Modern Endpoint Strategy & Continuous Improvement

• Evaluate and recommend modern endpoint management solutions such as Windows Autopilot and cloud-based imaging.
• Identify opportunities to automate endpoint processes and improve deployment speed.
• Provide technical mentorship and escalation support to End User Support teams.

• 5+ years of experience in endpoint or desktop engineering.
• Hands-on experience with Microsoft Intune / Endpoint Manager.
• Hands-on experience with KACE.
• Strong experience with ServiceNow CMDB population, reconciliation, and lifecycle workflows.
• Experience managing Windows 10/11 enterprise environments, application packaging, and patch management.

Nice-to-Have Experience

• Experience with Absolute for device visibility and recovery.
• Experience with Armis for device discovery and risk insight.
• Experience managing macOS and iOS/iPadOS devices.
• Healthcare or other regulated industry experience.

Measures of Success

• Accurate and trusted endpoint inventory reflected in ServiceNow CMDB.
• Clearly defined and enforced endpoint standards.
• Reduced endpoint risk and improved patch compliance.
• Successful transition toward an Intune-first endpoint management model.
• Faster, more reliable device deployment and refresh cycles.
• Reduced escalations and improved End User Support efficiency.