Endpoint Systems Engineer

The Endpoint Systems Engineer is a critical member of the IT infrastructure team, responsible for the lifecycle management of all endpoint devices across the organization. This role bridges security, operations, and automation — ensuring that every managed device remains compliant, current, and performing at its best. The ideal candidate is hands-on with RMM tooling, comfortable writing PowerShell automation, and thrives in a fast-paced managed services or enterprise IT environment.

Key Responsibilities

Endpoint Patching & Compliance
Deploy, schedule, and validate OS and software patches across Windows/macOS endpoints using Kaseya VSA and Datto RMM
Manage patch policies, rings, and compliance baselines through Microsoft Intune
Generate regular patch compliance reports and present remediation plans for non-compliant devices
Maintain patch SLAs and minimize exposure windows for critical CVEs

Application Management

Package, deploy, and maintain third-party applications across the endpoint fleet via Intune and RMM tooling
Manage application versioning, silent installs, and uninstall routines
Monitor application health and ensure licensing compliance
Ticketing & Incident Management
Triage, manage, and resolve endpoint-related tickets within ConnectWise Manage
Document resolution steps clearly for knowledge base contribution
Escalate complex issues appropriately while maintaining SLA commitments
Automation & Scripting
Write and maintain PowerShell scripts to automate repetitive tasks such as software installs, system health checks, user provisioning, and reporting
Develop and deploy scripts via RMM platforms at scale across managed endpoints
Asset & Documentation Management
Maintain accurate endpoint inventory and configuration records through Liongard
Ensure audit trails, change logs, and runbooks are up to date
Contribute to internal IT documentation and SOPs
Security & Compliance
Enforce endpoint security baselines (antivirus, EDR, encryption, MFA policies)
Monitor for policy drift and remediate non-compliant devices proactively
Collaborate with security teams on vulnerability management and endpoint hardening

Requirements

Experience in endpoint management, systems administration, or MSP role
Hands-on experience with Kaseya VSA, Datto RMM, and/or Microsoft Intune
Proficiency in PowerShell scripting for automation and system management
Experience with ConnectWise (Manage or Automate) for ticketing and workflow
Familiarity with Liongard or similar documentation/asset platforms
Strong understanding of Windows endpoint management (Group Policy, MDM, registry)
Knowledge of patch management best practices and vulnerability frameworks (e.g., CVSS)
Excellent troubleshooting and communication skills
Preferred / Bonus Skills
Experience in a Managed Service Provider (MSP) environment
Microsoft certifications (MD-102, AZ-800, or similar)
Familiarity with macOS endpoint management
Experience with endpoint security tools (CrowdStrike, SentinelOne, Defender for Endpoint)
Basic networking knowledge (DNS, DHCP, VPN)