Sr Intune Endpoint Engineer

Company: Stefanini Group
Location: Gibbsboro
Posted on: April 1, 2026

Job Description:

Details: Stefanini Group is looking for Sr. Intune Endpoint Engineer for a globally recognized company!For interested applicants, click the apply button or you may reach out to Alfher Hidalgo at (248) 728-2627/ Alfher .Hidalgo@stefanini.com for faster processing. Thank you! We're hiring a Senior Intune Endpoint Engineer to take ownership of a partially migrated Intune tenant and bring it to a stable, predictable, and auditable state. This role requires someone who is deeply hands-on with Intune internals (IME behavior, detection logic, precedence/conflicts, filters, ESP), strong in Win32 app packaging, and disciplined about testing, rollout rings, and documentation. Core Responsibilities Stabilization, Troubleshooting, and Intune 'Internals' Own day-to-day engineering and escalation for Intune: policies, apps, enrollment, compliance, and updates. Troubleshoot when policies/apps don't apply using a structured approach (assignment/scoping, filters, licensing, device state, IME logs, MDM diagnostics, event logs). Diagnose and remediate policy conflicts and precedence issues across configuration profiles, security baselines, compliance policies, scripts, and (where applicable) co-management/GPO overlap. Perform deep Windows troubleshooting when needed (Event Viewer, Services, Scheduled Tasks, registry, MDM diagnostics) to resolve issues without reimaging. Win32 App Packaging, Detection, and Automation Package and deploy complex Windows applications (non-MSI installers, multiple components, prerequisites) using Win32 app model. Build reliable detection rules, install/uninstall logic, versioning, and logging standards; manage supersedence and dependencies. Create repeatable packaging standards (folder structure, log locations, naming/versioning conventions) and automate where possible with PowerShell and Graph. Autopilot and Provisioning Design, implement, and test Autopilot deployments (deployment profiles, ESP, device naming, dynamic groups, required apps, enrollment flows). Establish a repeatable Autopilot test plan and acceptance criteria before expanding scope. Update Rings, Feature Management, and Verification Implement and manage Windows Update for Business: update rings, feature update policies, quality updates, deadlines, and safeguards. Verify what is actually happening on devices (Intune reporting device-side validation) and troubleshoot update compliance gaps. Governance, Change Control, and Documentation Implement operational maturity: change control, peer review (where applicable), pilot rings, rollback plans, and post-change validation. Maintain documentation that supports auditability and long-term maintainability: runbooks, standards, 'why' behind configurations, and conflict-avoidance guidance. Produce drift detection and baseline comparison outputs (e.g., export Intune objects, compare to a golden baseline, report differences). Security Layering Without Collisions Partner with Security/IAM to layer WUfB Defender compliance baselines Conditional Access in a way that avoids conflicting settings and unintended lockouts. Ensure endpoint security posture is strong while maintaining usability and operational stability. Details: Required Qualifications 5 years in endpoint engineering/EUC with significant enterprise Intune ownership. Proven experience stabilizing or cleaning up a partially migrated / inconsistent Intune environment. Strong knowledge of: Intune Management Extension (IME) behavior, Win32 app processing, and log-based troubleshooting Policy assignment/scoping, filters, and conflict resolution Autopilot ESP design and troubleshooting Windows Update for Business rings and feature update control Strong Windows 10/11 troubleshooting skills (Event Viewer, services, scheduled tasks, registry, MDM diagnostics). Strong PowerShell skills used routinely for automation, reporting, and troubleshooting (Graph API preferred). Ability to write clear documentation and operate with disciplined change control. Preferred Qualifications Co-management (ConfigMgr/SCCM) experience and understanding of how it can shadow or override Intune behavior. Defender for Endpoint and endpoint security policy experience (BitLocker, ASR, firewall, security baselines). macOS and/or mobile management experience (iOS/iPadOS, Android Enterprise). PKI/cert profiles (SCEP/PKCS), Wi-Fi/VPN profiles, and enterprise networking integrations. Certifications (nice to have): MD-102, Azure/Entra, Security certs. LI-AH1 LI-REMOTE

Keywords: Stefanini Group, Hackensack , Sr Intune Endpoint Engineer, IT / Software / Systems , Gibbsboro, New Jersey