Senior Modern Endpoint Engineer (Intune & Autopilot)

Who We Are: Jolera stands as a distinguished multinational Global Systems Integrator (GSI), a vanguard in delivering comprehensive and bespoke IT solutions to a diverse clientele, encompassing both direct customers and channel partners across the globe. We are driven by a commitment to excellence, leveraging a team of over 650 highly skilled professionals to design, implement, and manage technology systems that are not only effective and competitive but also scalable and value driven. Our comprehensive suite of services includes the creation of customized technology solutions tailored to specific business needs, in-depth IT assessments and strategic planning, meticulous IT device and infrastructure management, robust data backup and recovery solutions, seamless cloud and on-premise migrations, enterprise-grade security services, and round-the-clock, 24/7/365 quad-lingual end-user support. At Jolera, we believe in empowering organizations worldwide with innovative and reliable IT solutions, and we invite you to join us in this mission. Position Description We are seeking a Senior Modern Endpoint Engineer with deep hands-on expertise in Microsoft Intune and Windows Autopilot to support enterprise endpoint deployment engagements across our client base. The ideal candidate has a strong background in modern device management, cloud identity integration, and structured delivery within complex enterprise environments. This is a client-facing technical role requiring the ability to conduct assessments, produce designs, and implement and validate production-grade Autopilot and Intune solutions end-to-end. What You’ll Do Conduct targeted assessments of client Intune tenant configurations, including compliance policies, security baselines, application deployment structures, and existing Autopilot profiles. Review and validate client identity models (Hybrid vs. Entra ID joined), certificate deployment approaches, and network dependencies for on-premises and offsite provisioning scenarios including EAP-TLS. Design Windows Autopilot deployment profiles (Gen2) with Entra ID joined configuration and pre-provisioning workflows, aligned to client environment findings. Define Enrollment Status Page (ESP) behavior, Windows Security Baselines, device configuration profiles, and compliance policy frameworks. Configure application deployment within Intune, including install context, dependency sequencing, and provisioning-time vs. post-login behavior across pre-provisioned and user-assigned applications. Validate PKI integration (PKCS via Intune Certificate Connector) and confirm device certificate availability and EAP-TLS authentication for wired and wireless networks. Execute pilot deployments including pre-provisioning workflows, user sign-in validation, policy application, application installation, and certificate confirmation. Identify, document, and remediate issues encountered during pilot execution; perform fine-tuning and re-validation within agreed scope boundaries. Deliver structured knowledge transfer sessions covering Autopilot provisioning workflows, key Intune configuration components, and operational handover considerations. Produce high-level as-built documentation of implemented configurations and document outstanding risks and limitations. Coordinate with client IT teams and device vendors throughout engagements to manage responsibilities, validate inputs, and obtain approvals at key milestones. Who You Are 5+ years of experience in Microsoft endpoint management, with at least 3 years of hands-on Intune and Windows Autopilot deployment experience in enterprise environments. Deep working knowledge of Windows Autopilot Gen2 deployment profiles, pre-provisioning workflows, and device join types (Entra ID joined and Hybrid). Proven experience configuring Enrollment Status Pages, Windows Security Baselines, device configuration profiles, and compliance policies within Microsoft Intune. Hands-on experience with PKI integration in Intune environments, including PKCS certificate deployment via the Intune Certificate Connector and EAP-TLS network authentication. Solid understanding of Microsoft Entra ID (Azure AD), identity models in hybrid enterprise environments, and Conditional Access fundamentals. Experience managing application deployment in Intune including packaging context, dependency sequencing, and provisioning-time vs. post-login deployment behavior. Strong client-facing communication and documentation skills; able to present designs, obtain approvals, and lead knowledge transfer sessions for both technical and operational audiences. Structured approach to scoped project delivery — comfortable working within defined boundaries and documenting assumptions, risks, and out-of-scope items clearly. Preferred Qualifications Microsoft certifications such as MD-102 (Endpoint Administrator), MS-102, or AZ-104. Experience with Active Directory Certificate Services (ADCS) and PKI infrastructure administration. PowerShell scripting experience for Intune automation, bulk device operations, or reporting tasks. Familiarity with direct-ship and centralized device staging models in enterprise Autopilot deployments. Prior experience delivering endpoint management engagements in an MSP or GSI environment across multiple concurrent clients. Exposure to Microsoft Defender for Endpoint integration within Intune and security baseline hardening practices. At Jolera, we are committed to creating a diverse, equal and inclusive. Our goal is to attract and retain the best talent while embracing diversity in all its forms. We value and respect differences in ethnic background, gender, age, religion, identity, disability, or any other characteristic protected by applicable law.