Endpoint Systems Engineer

The Endpoint Systems Engineer is a critical member of the IT infrastructure team, responsible for the lifecycle management of all endpoint devices across the organization. This role bridges security, operations, and automation — ensuring that every managed device remains compliant, current, and performing at its best. The ideal candidate is hands-on with RMM tooling, comfortable writing PowerShell automation, and thrives in a fast-paced managed services or enterprise IT environment.

Key Responsibilities

Endpoint Patching & Compliance

• Deploy, schedule, and validate OS and software patches across Windows/macOS endpoints using Kaseya VSA and Datto RMM
• Manage patch policies, rings, and compliance baselines through Microsoft Intune
• Generate regular patch compliance reports and present remediation plans for non-compliant devices
• Maintain patch SLAs and minimize exposure windows for critical CVEs

Application Management

• Package, deploy, and maintain third-party applications across the endpoint fleet via Intune and RMM tooling
• Manage application versioning, silent installs, and uninstall routines
• Monitor application health and ensure licensing compliance

Ticketing & Incident Management

• Triage, manage, and resolve endpoint-related tickets within ConnectWise Manage
• Document resolution steps clearly for knowledge base contribution
• Escalate complex issues appropriately while maintaining SLA commitments

Automation & Scripting

• Write and maintain PowerShell scripts to automate repetitive tasks such as software installs, system health checks, user provisioning, and reporting
• Develop and deploy scripts via RMM platforms at scale across managed endpoints

Asset & Documentation Management

• Maintain accurate endpoint inventory and configuration records through Liongard
• Ensure audit trails, change logs, and runbooks are up to date
• Contribute to internal IT documentation and SOPs

Security & Compliance

• Enforce endpoint security baselines (antivirus, EDR, encryption, MFA policies)
• Monitor for policy drift and remediate non-compliant devices proactively
• Collaborate with security teams on vulnerability management and endpoint hardening

Requirements:
• Experience in endpoint management, systems administration, or MSP role
• Hands-on experience with Kaseya VSA, Datto RMM, and/or Microsoft Intune
• Proficiency in PowerShell scripting for automation and system management
• Experience with ConnectWise (Manage or Automate) for ticketing and workflow
• Familiarity with Liongard or similar documentation/asset platforms
• Strong understanding of Windows endpoint management (Group Policy, MDM, registry)
• Knowledge of patch management best practices and vulnerability frameworks (e.g., CVSS)
• Excellent troubleshooting and communication skills

Preferred / Bonus Skills

• Experience in a Managed Service Provider (MSP) environment
• Microsoft certifications (MD-102, AZ-800, or similar)
• Familiarity with macOS endpoint management
• Experience with endpoint security tools (CrowdStrike, SentinelOne, Defender for Endpoint)
• Basic networking knowledge (DNS, DHCP, VPN)