Desktop Engineer

Role Summary

Desktop Engineer to serve as the L3 escalation point for endpoint and user support within a hybrid Microsoft environment. Central to maintaining a secure, reliable, and well-managed computing experience for employees across the organization. The engineer will handle advanced troubleshooting, modern device management with Intune, identity and authentication support, and deep Windows client diagnostics. The role requires a cloud-first mindset and the ability to operate in a hybrid environment, collaborating with Infrastructure, Cybersecurity, and Applications teams to improve end-user computing stability, security, and efficiency.

Responsibilities

• Package, deploy, and maintain Win32 applications through Microsoft Intune
• Build and update remediation scripts, configuration profiles, and compliance policies
• Troubleshoot Autopilot enrollments, ESP issues, and device identity inconsistencies
• Ensure consistent device hygiene, lifecycle management, and operational readiness
• Troubleshoot hybrid identity issues involving Entra ID, Azure AD Connect, and device join states
• Support user and device identity lifecycle processes
• Resolve authentication failures, directory sync issues, and group-based access concerns
• Contribute to identity-related troubleshooting improvements and best practices
• Provide advanced troubleshooting for Exchange Online, Teams, SharePoint, and OneDrive
• Diagnose and resolve mail flow problems, permission conflicts, and policy inconsistencies
• Support configuration and lifecycle management of M365 Groups
• Assist with cross-service issues affecting collaboration and user productivity
• Diagnose OS, driver, performance, profile, and Windows Update issues using advanced tools
• Analyze event logs and system telemetry to determine root causes
• Identify recurring endpoint issues and recommend corrective actions
• Support imaging and Autopilot health by addressing underlying system issues
• Develop and maintain PowerShell scripts for support, remediation, and automation
• Use JSON and basic Graph API calls when necessary
• Identify opportunities to reduce manual work and improve consistency
• Apply endpoint hardening practices and configuration standards
• Perform initial triage of endpoint security alerts before escalation
• Work closely with the Cybersecurity team on incident workflows and risk mitigation
• Maintain device and user compliance with organizational policies
• Troubleshoot DNS, VPN clients, Wi-Fi issues, and routing-related symptoms
• Determine whether issues originate from the endpoint or the broader network
• Assist users with connectivity problems affecting productivity
• Use OEM diagnostic tools to identify potential hardware faults
• Distinguish hardware failures from software or configuration issues
• Coordinate RMAs, warranty service requests, and device replacements
• Validate device health and readiness following repair or replacement
• Act as an escalation point for L1 and L2 support teams
• Document troubleshooting procedures, runbooks, and best practices
• Collaborate with Infrastructure, Cybersecurity, and Applications teams
• Contribute to continuous improvement of endpoint-related processes

Skills

• 5+ years supporting Windows endpoints in an enterprise environment
• Experience with Microsoft Intune app deployment, policy management, and device troubleshooting
• Strong troubleshooting skills across OS, identity, and Microsoft 365 services
• PowerShell scripting skills for automation and remediation workflows
• Solid understanding of hybrid Entra ID / Azure AD identity concepts
• Experience diagnosing hardware issues and coordinating warranty repairs
• Familiarity with DNS, VPN, and Wi-Fi troubleshooting
• Strong written and verbal communication skills

Qualifications

• Required: 5+ years supporting Windows endpoints in an enterprise environment
• Required: Experience with Microsoft Intune app deployment, policy management, and device troubleshooting
• Required: Strong troubleshooting skills across OS, identity, and Microsoft 365 services
• Required: PowerShell scripting skills for automation and remediation workflows
• Required: Solid understanding of hybrid Entra ID / Azure AD identity concepts
• Required: Experience diagnosing hardware issues and coordinating warranty repairs
• Required: Familiarity with DNS, VPN, and Wi-Fi troubleshooting
• Required: Strong written and verbal communication skills
• Preferred: Experience with Defender for Endpoint
• Preferred: Background in hybrid AD DS + Entra ID environments
• Preferred: Exposure to regulated industry environments (biotech, pharma, etc.)
• Preferred: Experience supporting modern endpoint and collaboration ecosystems