Systems Administrator (Modern Desktop, AVD & Security)

Aardwolf Consulting LLC is seeking an experienced Systems Administrator to join our infrastructure team supporting a major Federal Government customer. This role is pivotal in managing the agency’s transition to a modern endpoint environment known as the "Client of the Future" (COF).

You will serve as the technical lead for a hybrid fleet of physical devices (Surface/NUCs) and cloud-virtualized endpoints (Azure Virtual Desktop). You will drive configuration via Microsoft Intune, ensure strict security compliance (POA&M/Defender), and support AI adoption, all within an Agile framework.

Core Responsibilities

1. Modern Endpoint & AVD Management

• Physical Fleet Management: Oversee the lifecycle, imaging, and onboarding of physical endpoints, specifically Microsoft Surface Pro tablets, ASUS NUCs, and 5G-enabled devices.
• Azure Virtual Desktop (AVD): Manage AVD Host Pools and Session Hosts, ensuring they are enrolled in and managed by Microsoft Intune just like physical devices.
• Intune Engineering: Troubleshoot complex Company Portal issues (app visibility, uninstall failures) and manage device policy conflicts across both physical and virtual (AVD) endpoints.
• Configuration Integrity: Maintain drive mappings, FSLogix profiles, and consistent user experiences across local "COF" devices and AVD sessions.

2. Security Operations & Federal Compliance

• Vulnerability Management: Utilize Microsoft Defender for Endpoint (TVM/KQL) to identify high/critical vulnerabilities across physical and AVD environments.
• Audit Readiness (POA&M): Maintain rigorous daily documentation of remediation actions to satisfy Federal POA&M (Plan of Action and Milestones) requirements.
• Hardening: Implement application whitelisting (e.g., Calabrio, Developer tools) and validate trusted publisher/certificate paths.

3. Agile Project Management & Documentation

• Sprint Workflow: Actively participate in team sprints using Jira to track planned engineering work (e.g., AVD image updates, software rollouts) separate from reactive support tickets.
• Knowledge Base: Create and maintain technical "How-To" guides, meeting artifacts, and system documentation in Confluence to ensure cross-team knowledge sharing.
• Reporting: Translate outcomes from high-level technical syncs (Security/Prevuln) into actionable Jira stories.

4. Software Deployment & AI Readiness

• Packaging: Prepare and deploy applications (e.g., Microsoft Visio) using Intune Win32 packaging, employing custom detection rules to ensure deployment success on both NUCs and AVD.
• Copilot Enablement: Support the rollout of Microsoft Copilot for Edge, including testing licensing capacity, validating behavior, and documenting governance/uninstall criteria.
• Change Management: Execute off-hours rollouts and manage user communications to minimize disruption.

5. Service Management (ITSM) & Advanced Troubleshooting

• Root Cause Diagnostics: Go beyond basic fixes by utilizing Windows Event Viewer, Registry Editor, and log analysis (Intune Management Extension logs) to diagnose OS stability issues and application crashes.
• Incident Resolution: Open, update, and resolve ServiceNow (SNOW) incidents related to endpoint performance, connectivity, and software errors.

Requirements:
Clearance

• Public Trust

Education & Experience

• Education: Bachelor’s Degree in Computer Science, Information Technology, or a related field is required.
• Experience: Minimum of 6 years of relevant professional experience in systems administration or endpoint engineering.
• Substitution Policy:
• Relevant experience exceeding the minimum shown may be substituted for education (e.g., 10+ years of experience in lieu of a Bachelor's degree).
• Likewise, education exceeding the minimum shown may be substituted for relevant experience (e.g., a Master's degree may substitute for 2 years of professional experience).

Technical Skills

• Microsoft Intune: Expert capability in modern management, Win32 app packaging, and compliance policies.
• Azure Virtual Desktop (AVD): Experience managing AVD images, Host Pools, and multi-session Windows 10/11 environments via Intune.
• Core Windows Troubleshooting: Mastery of Event Logs (System/Application/Security), Registry manipulation, Service dependencies, and Intune Management Extension (IME) log analysis.
• Security Tools: Proficiency with Microsoft Defender, KQL querying, and the Federal "Prevuln" lifecycle.
• Hardware: Deep experience troubleshooting Windows 10/11 on Surface and ASUS NUC hardware (drivers, UEFI, firmware).
• Agile Suite: Hands-on experience with Jira (sprints/boards) and Confluence.

Professional Skills

• Communication: Strong ability to coordinate between technical teams (Security Ops, Device Management) and non-technical stakeholders.
• Documentation: Disciplined approach to maintaining audit trails and compliance logs.

Preferred Qualifications

• Prior experience supporting Federal Government agencies or working in a government contracting environment.
• Familiarity with Developer environments (VSCode, WSL configurations).
• Certifications in Microsoft Modern Desktop (MD-102), Azure Virtual Desktop (AZ-140), or Security (SC-200).

Benefits:
• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development
• Work From Home