Lead Workplace Services Engineer

We are only hiring US Citizen or US Resident for this position. You must provide proof of US Citizenship or US Permanent Residency prior to scheduling an interview. This is an Independent Contractor position. We are seeking a Workplace Services Engineer to lead the engineering and security of our enterprise endpoint environment. This role focuses on the "engineering" of deployment systems, specifically Operating System Deployment (OSD), automated patching lifecycles, and third-party application management. You will act as the bridge between security requirements and technical execution, ensuring our fleet remains compliant and highly performant. The ideal candidate has a deep understanding of deployment logic and security reporting, with the ability to translate vulnerability data into automated remediation workflows.

Key Responsibilities:

Deployment Engineering (OSD): Architect and govern zero-touch Operating System Deployment (OSD) task sequences. Manage the lifecycle of boot images and driver packages to support a diverse hardware environment. Automated Patching (ADRs): Design and maintain Automatic Deployment Rules (ADRs) within

SCCM/MECM

to ensure a consistent, phased roll-out of Windows updates and security patches across all environments.

Third-Party Patch Management:

Manage and automate the deployment of third-party application updates (e.g., Chrome, Adobe, etc.) using enterprise-level patching tools to ensure a closed-loop remediation process.

Security Analysis & Reporting:

Regularly review and analyze vulnerability reports and security compliance data. Identify trends in endpoint health and develop actionable plans to address gaps in the security posture.

Modern Management Integration:

Support the transition to modern provisioning workflows using Microsoft Intune and Windows Autopilot, ensuring co-management stability.

Vulnerability Remediation:

Interpret findings from security scanning platforms to build and deploy targeted remediation scripts (PowerShell) and configuration changes.

Endpoint Health & Automation:

Utilize PowerShell and WQL to automate collection management and build custom reports that track deployment success and security compliance.

Qualifications:

Education:

Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent enterprise experience.

Experience:

Minimum of 5+ years of experience in enterprise endpoint engineering, with a heavy focus on deployment automation and security remediation.

Technical Skills Required:

Proven expertise in building and managing

SCCM/MECM OSD

task sequences and boot images. Hands-on experience configuring and troubleshooting Automatic Deployment Rules (ADRs). Strong background in third-party application patching and packaging. Proficiency in PowerShell for automation and remediating security findings. Ability to analyze enterprise security reports and translate them into technical tasks. Familiarity with Intune and Autopilot in a co-managed environment.

Certifications:

Relevant industry certifications (e.g., MD-102: Endpoint Administrator, or security-focused certifications) are preferred.

Soft Skills:

Analytical Mindset:

Ability to look at a security report and methodically plan a remediation strategy.

Strategic Thinking:

Focus on long-term automation rather than one-off manual fixes.

Communication:

Clear ability to report on security status and technical progress to both technical teams and management.

Job Type:

Contract Pay:

$135,200.00 - $166,400.00 per year

Work Location:

In person