
Windows Engineer
Posted 2 days ago

Posted 2 days ago
This is a fully remote position, open to applicants in District of Columbia.
• Design, manage, and secure Windows workstation images catering to both on-site and remote/VDI users.
• Develop Windows endpoint baselines, policy settings, compliance configurations, and patch orchestration strategies utilizing approved Microsoft technologies.
• Oversee and enhance Microsoft Intune, Windows Autopilot, Group Policy, and related endpoint compliance and configuration measures.
• Assist in the implementation of passwordless authentication, hardware-backed credentials (such as YubiKeys, CAC, software keys), and additional safeguards for privileged and sensitive accounts.
• Integrate endpoint enrollment and conditional access controls with Entra ID / Active Directory to ensure secure configuration of devices prior to granting access.
• Facilitate device lifecycle operations, including provisioning, compliance enforcement, reassignment, and decommissioning for Windows endpoints.
• Design and verify Windows endpoint logging, monitoring, and telemetry, encompassing Windows Event Logs, endpoint agents, and SIEM/EDR forwarding.
• Coordinate Intune/GPO-based patch orchestration, policy enforcement, and remediation of Windows configuration discrepancies.
• Create documentation, standards, runbooks, validation artifacts, and technical guidance pertinent to the Microsoft endpoint environment.
• Assist with escalated incident response, troubleshooting, and audit activities involving Windows devices and Microsoft-managed endpoint services.
• Bachelor’s degree in IT, Cybersecurity, or a related field is preferred; equivalent experience is acceptable.
• Must hold an active or interim Top Secret security clearance.
• 8 years of experience in IT, Endpoint Engineering, or Cybersecurity.
• 6 years of experience executing engineering functions within enterprise environments.
• Experience working under formal change control, audit, and security governance processes.
• Proficient in Microsoft Intune for provisioning, compliance, configuration profiles, and enforcement of security policies.
• Familiarity with Windows Autopilot for automated provisioning and device lifecycle management.
• Experience with Group Policy Objects (GPO) for Windows configuration and policy deployment.
• Knowledge of Entra ID / Active Directory integration, conditional access, and device/user association workflows.
• Experience in building and maintaining Windows workstation images.
• Experience integrating Windows images with VDI, EDR, authentication tools, and logging agents.
• Proven ability to manage Windows patch orchestration, baseline enforcement, and remediation of configuration drift.
• Experience in validating patch deployments and supporting rollback procedures.
• Experience in implementing passwordless authentication and hardware-backed credentials.
• Familiarity with configuring and maintaining Windows Event Logs and forwarding telemetry to SIEM/EDR platforms such as Microsoft Sentinel.
• Experience in monitoring enrollment, patch status, compliance posture, and operational failures across Windows endpoints.
• Experience supporting audit readiness, forensic support, and technical validation reporting.
• Competitive salary and performance-based incentives.
• Comprehensive health, dental, and vision insurance.
• Generous paid time off and holiday policy.
• Opportunities for professional development and continuous learning.
• Engaging work environment with a focus on collaboration and innovation.
Twilio
ControlPoint Technologies, Inc.
Weekday (YC W21)
Get handpicked remote jobs straight to your inbox weekly.