Endpoint Engineer (Computer Engineering, Senior Associate)

Summary

The MIL Corporation is looking for an Endpoint Engineer (Computer Engineering, Senior Associate). The Endpoint Engineer is responsible for designing, implementing, securing, and maintaining workstation and device configurations across Windows and macOS environments. The role focuses on imaging, patching, device enrollment, compliance enforcement, telemetry engineering, and lifecycle management in support of secure endpoint operations. This position does not provide routine help desk services; it delivers engineering-level solutions and support for escalated or complex endpoint issues.

This position currently requires an on-site schedule. Schedule is subject to change based on company/contract requirements.

This position is currently unfunded and is being posted in anticipation of a future contract award and funding approval. We are proactively identifying and engaging with qualified candidates. While candidates may be contacted for pre-screening, any hiring decisions will be contingent upon funding availability and final program requirements or client approval.

Responsibilities

Workstation Imaging & Configuration Engineering

• Design, build, and maintain secure, standardized workstation images for Windows and macOS supporting onsite, remote, and VDI users.
• Integrate security agents, authentication mechanisms, telemetry collectors, and baseline configurations into images.
• Maintain image automation toolchains (Ivanti, KACE, JAMF, or equivalent), including testing, validation, rollback, and version control.
• Publish image versions, maintain release documentation, and validate image integrity prior to production use.

Endpoint Baseline & Compliance Management

• Engineer secure macOS and Windows endpoint baselines, ensuring enforcement of approved security controls.
• Use Ivanti, KACE, and Intune to manage patching, version control, configuration drift remediation, and application deployment.
• Monitor endpoint compliance, detect deviations, and implement corrective actions.
• Document baseline standards, deployment procedures, and remediation workflows.

Patching & Vulnerability Remediation

• Engineer and operate patch management workflows for OS and thirdparty apps.
• Coordinate Intune/GPO-based patching for Windows and validate postpatch functionality (VDI connectivity, authentication, agent health, application compatibility).
• Implement automation to reduce manual intervention and accelerate patch deployment (MTTR reduction).

Device Enrollment, Provisioning & Lifecycle Engineering

• Implement and maintain enrollment workflows for Intune, Windows Autopilot, Apple Business Manager, and JAMF.
• Ensure devices meet baseline and conditional access requirements before receiving network access.
• Integrate provisioning and enrollment processes with asset inventory systems to maintain accurate devicetouser associations.
• Support full device lifecycle operations: provisioning, reassignment, secure wipe, and decommissioning.
• Maintain or automate onboarding/offboarding checklists.

Authentication & Identity-Linked Endpoint Controls

• Implement passwordless authentication and hardware-backed credentials (YubiKeys, CAC, or equivalent).
• Strengthen device registration, enrollment integrity, and identity/device correlation.

Telemetry, Logging & Monitoring Engineering

• Ensure endpoint logging and telemetry (Windows Event Logs, macOS Unified Logs, EDR/AV, network activity) are properly generated and ingested by SIEM/EDR platforms.
• Maintain log-forwarding, parsing, and normalization rules to support threat detection, incident response, and forensic investigations.
• Monitor health and status of imaging, patching, enrollment, and compliance workflows.
• Support forensic collections and maintain audit trails for engineering changes.

Engineering Documentation & Knowledge Transfer

• Produce engineering runbooks for imaging, patching, enrollment troubleshooting, recovery, and remediation workflows.
• Maintain a living knowledge base and provide periodic training to Service Desk, IAM, and SOC teams.
• Document change activities, remediation plans, validation reports, and operational procedures.

Travel

Travel expectations will be confirmed upon contract award and may vary based on customer and project requirements

Required Qualifications

• 10+ years of professional work experience
• 8+ years in IT, Endpoint Engineering, or Cybersecurity.
• 6+ years engineering in enterprise environments (not help desk).
• Experience with formal change control, audit, and security governance.
• Windows & macOS imaging, automation, and integration with VDI, EDR, authentication, and logging agents.
• Ivanti and/or KACE for patching, configuration management, drift remediation, and reporting.
• Microsoft Intune and Windows Autopilot for provisioning and compliance enforcement.
• JAMF Pro for macOS management.
• Endpoint logging and telemetry engineering for SIEM/EDR ingestion.
• Experience implementing passwordless or hardware-backed authentication.

Desired Qualifications

• Experience with ZeroTrust Endpoint Architecture - familiarity with modern ZeroTrust frameworks and secure endpoint access patterns (e.g., conditional access tuning, device trust scoring).
• Automation & Scripting Proficiency - hands-on experience automating endpoint workflows using PowerShell, Python, Bash, or similar languages to reduce manual effort and support fleetwide changes.
• Experience with CrossPlatform Endpoint Security Hardening - demonstrated ability to interpret CIS benchmarks, DISA STIGs, or similar standards and translate them into practical, scalable workstation configurations.
• Exposure to Enterprise VDI Optimization - knowledge of optimizing Windows/macOS images, agents, and policies for environments using VDI platforms such as VMware Horizon, Citrix, or Azure Virtual Desktop.
• Familiarity with LargeScale Asset Management & CMDB Accuracy Initiatives - experience contributing to asset reconciliation or device lifecycle accuracy efforts across distributed enterprises.

Education

Bachelor's degree in IT, Cybersecurity, or related discipline (or equivalent experience).

Clearance

Active Top Secret (TS) clearance.

Compensation

The MIL Corporation values your contributions and offers a range of benefits to support your overall well-being. We are pleased to offer a comprehensive range of benefits to our full-time employees which include health, life, disability, and retirement plans, as well as paid time off, opportunities for professional growth and tuition assistance. Additional benefits and incentives may also apply, which will be communicated during the hiring process.

For this position, the projected compensation range is $143,000 - $157,000 per year. This estimate represents the typical salary range and is just one part of MIL's complete compensation package. Final salary for this position is determined based on factors such as individual qualifications, education, experience, and contractual limitations. Learn more on the MIL Careers page.

Why MIL?

The MIL Corporation (MIL) is a dynamic workforce of industry professionals who deliver world-class solutions in cyber, engineering, financial management, and information technology - and we are looking for candidates like you! MIL offers opportunities for professionals at all stages of their careers, from early-career candidates to experienced industry professionals. We are known for a collaborative, people-first culture where employees are supported, valued, and encouraged to grow. This commitment to our people and our work is reflected in the industry and workplace awards MIL has received over the years.

• 2021 - 2024, Top Workplaces USA award (Energage)
• 2017 - 2025 Top Workplaces Award, Greater Washington Area (The Washington Post)
• 2018 - 2025 Certified Great Workplace, Great Place to Work
  • 2021 - 2025, Best Workplaces in Consulting & Professional Services
  • 2021 Fortune Best Workplaces for Millennials
  • 2018 Fortune, Great Place to Work: Best Place to Work for Diversity
• 2017, 2020 - 2025 Top Workplace Award, South Carolina (Greenville Business Magazine, Columbia Business Monthly, and Charleston Business Magazine)
• 2025 Corporate Partnership Award, Association of Fundraising Professionals, Maryland Chapter
• 2025 Moxie Award, GovCon Category
• 2024 Patriot Award, Employer Support of the Guard and Reserve (ESGR), Department of Defense
• 2022 Freedom Award, Employer Support of the Guard and Reserve (ESGR), Department of Defense
• 2018, Above & Beyond Award, Employer Support of the Guard and Reserve (ESGR), Department of Defense

If your goal is to help the federal government deploy leading technologies, improve financial management, or defend the nation in cyberspace, MIL welcomes you. Become a part of something greater, where you, the people, make the difference.

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law.