Global Infrastructure Manager

Job Title

Sr Cloud End User Computing Engineer

Location

New York, NY 10019-6064

Duration

6 months Contract to Hire

Salary

$160-$175 K

General Summary

The Sr Cloud End User Computing Engineer is responsible for designing, implementing and supporting systems that allow the firm to manage its endpoint computing devices from Microsoft’s Cloud offerings. Endpoints include: Windows PCs and Laptops, Smart Phones, Tablets, Printers, and portable storage media.

The Sr Cloud End User Computing Engineer is responsible to lead and scale our modern endpoint and application management strategy with a strong emphasis on Microsoft Intune application packaging, rollout, and lifecycle management. In this role, you’ll own the end-to-end delivery of applications to Windows (and optionally macOS/iOS/Android) endpoints, ensuring deployments are reliable, secure, and measurable—while improving user experience and reducing operational overhead.

The Sr Cloud End User Computing Engineer will partner closely with Security, Infrastructure, Service Desk, and Application Owners to deliver a consistent, cloud-first endpoint experience using Intune, Entra ID, Autopilot, and Microsoft Defender.

The Sr Cloud End User Computing Engineer is expected to have the ability to work independently and ensure availability at all times in a customer centric, high service level and continually evolving environment.

In this more advanced position the Sr Cloud End User Computing Engineer is expected to be versed in a broad area of Desktop Technologies and be the final internal escalation point for the technologies we support.

Principal Duties and Responsibilities

Intune Application Rollout & Lifecycle Management

• Own end-to-end application deployment in Intune: intake → packaging → testing → staged rollout → monitoring → support transition.
• Package and deploy applications using Win32 (.intunewin), MSI, Microsoft Store apps, and/or LOB apps, including install/uninstall detection logic.
• Design deployment strategies using pilot rings, phased rollouts, requirement rules, dependencies, supersedence, and available vs. required assignment models.
• Troubleshoot failed installs using Intune Management Extension logs, detection rules, return codes, dependency logic, and device context (user vs. system).
• Maintain and continuously improve application standards: naming conventions, versioning, dependency patterns, and documentation.
• Manage application updates and patch cadence (including third‑party, leveraging Patch My PC) and ensure alignment with vulnerability/patch programs.
• Develop and maintain packaging automation and reusable tooling using PowerShell (and optionally CI/CD).

Endpoint & Identity Integration

• Support Windows 10/11 modern management: configuration profiles, compliance policies, device restrictions, update rings, and policies.
• Integrate with Entra ID and Conditional Access to ensure policy‑driven access based on device compliance.
• Support/lead Windows Autopilot design and improvements (pre‑provisioning, enrollment status page, app sequencing).

Operational Excellence

• Build deployment dashboards and success metrics: install success rates, time‑to‑install, failure codes, adoption, rollback rates.
• Create runbooks and knowledge articles; mentor junior engineers and elevate L2/L3 support effectiveness.
• Participate in incident response for endpoint/app issues and drive root cause analysis and remediation.
• Collaborate with Security and Risk teams to ensure endpoints and apps meet compliance and audit requirements.

Required Technologies

• Azure/Entra/Intune
• MECM (Comanagement)
• OSD (Task Sequences and AutoPilot)
• PowerShell
• OneDrive
• Azure Virtual Desktop (Nerdio a plus)
• M365 Apps for Enterprise
• Business apps such as, Acrobat, iManage, Litera Compare, Litera Metdact, Zoom, etc.
• Security software such as, Defender, Threatlocker, Illumio, Global Protect.

Job Specifications

• 5+ years in EUC / Endpoint Engineering / Desktop Engineering with cloud‑based management ownership.
• 3+ years hands‑on with Microsoft Intune, with deep strength in application packaging and deployment.
• Strong proficiency in PowerShell for automation, packaging, detection logic, and remediation scripts.
• Win32 app deployment in Intune (IME)
• Application detection rules, requirement rules, dependencies, and uninstall behavior
• Troubleshooting app install failures and interpreting logs and return codes
• Solid understanding of Windows internals relevant to deployment (registry, services, scheduled tasks, file system permissions).
• Experience collaborating cross‑functionally with Security, Infrastructure, and Support teams.