Endpoint Automation Engineer (Intune, Entra ID, PowerShell)

Endpoint Automation Engineer (Intune, Entra ID, PowerShell) Duration: 3-6 Months Location: Santa Clara, CA (Onsite 5 days/week) Job Summary We are seeking an experienced and highly technical Endpoint Automation Engineer to lead the modernization and automation of our enterprise endpoint environment. This role requires advanced hands-on experience with PowerShell scripting, Microsoft Intune deployment and packaging, Microsoft Entra ID administration, and endpoint lifecycle automation. You will drive the implementation of zero-touch provisioning, security compliance, and operational efficiency while working closely with IT End User Services. Key Responsibilities Endpoint Automation & Intune Management Lead end-to-end deployment and configuration of Microsoft Intune in large-scale enterprise environments. Build automated workflows for device provisioning, compliance enforcement, and lifecycle management. Package and deploy applications using Win32, MSIX, and Line-of-Business app formats. Oversee Windows Autopilot deployments using custom PPKG and PSADT scripts for zero-touch provisioning. Design and maintain configuration profiles, compliance policies, and security baselines. Microsoft Entra ID Administration Provide expert-level administration of Microsoft Entra ID (Azure AD). Migrate LDAP-based applications to Entra SCIM for modern identity lifecycle management. Implement Conditional Access policies, RBAC, and identity governance features. Ensure compliance and identity security posture through proactive policy management. PowerShell Scripting & Workflow Automation Design, build, and maintain advanced PowerShell scripts for EUC automation. Automate tasks such as device onboarding, application deployment, compliance remediation, and reporting. Develop and maintain a secure, version-controlled PowerShell repository and contribute to CI/CD pipelines. M365, Azure Cloud, and Infrastructure as Code (IaC) Utilize advanced experience with Microsoft 365 services (Teams, SharePoint, Exchange, Defender, etc.) for endpoint integration and automation. Work with Azure cloud infrastructure to support device registration, automation, and security configurations. Leverage Infrastructure as Code (IaC) principles and tools (e.g., ARM templates, Bicep, Terraform) for scalable and repeatable infrastructure deployment and management. (IaC experience is preferred.) Endpoint Security & Compliance Align endpoint configurations to the CIS Benchmark for Windows 11 Enterprise. Ensure compliance across encryption (BitLocker), antivirus, firewall, anti-malware, and endpoint protection. Monitor and remediate non-compliant devices using automated and policy-based solutions. Collaboration with IT End User Services Serve as a Tier-3 escalation point for IT End User Services (EUS) for complex endpoint and automation issues. Partner with EUS to identify automation opportunities and streamline manual support tasks. Deliver guidance, documentation, and support workflows to enhance service delivery. Required Skills and Qualifications 5+ years of experience in modern endpoint management, automation, and cloud infrastructure. Deep, hands-on expertise in Microsoft Intune (including application packaging, compliance, and workflows). Strong experience with PowerShell scripting for enterprise-scale automation. Advanced knowledge of Microsoft Entra ID (Azure AD) including identity lifecycle, SCIM, RBAC, and Conditional Access. Solid experience with Windows 10/11 configuration, security, and management tools. Exposure to Microsoft 365 services in endpoint scenarios (e.g., Defender for Endpoint, M365 Security Center). Familiarity with Azure services is relevant to endpoint and automation. Experience with PPKG, PSADT, and Autopilot provisioning. Preferred Qualifications Microsoft Certifications: MD-102, AZ-104, SC-300, or AZ-400. Experience with Infrastructure as Code (IaC) using tools like ARM, Bicep, or Terraform. Familiarity with DevOps tools such as GitHub Actions, Azure DevOps, or equivalent for script deployment and version control. Knowledge of Microsoft Defender for Endpoint, Log Analytics, Sentinel, or similar platforms for monitoring and security automation.