Endpoint Architect
Description:
Job Details
Kraft Group - Foxborough, MA
Full Time
Bachelor's
Day
Technical/Analytics
Description
SUMMARY:
The Endpoint Architect will own endpoint strategic planning & architecture development, systems engineering, script development, application and OS deployment, operations & maintenance of user endpoints, remediating endpoint vulnerabilities, and developing a modern application management approach. This role plays a critical role in modernizing and securing the organization’s endpoint environment which consists of 2k endpoints.
The role supports all TKG companies, including but not limited to TKG (Gillette Stadium Campus Companies), RWG, RWCB and residential locations. This position will also be part of the Systems Administration team that supports infrastructure servers, Active Directory, and O365, as well as the associated applications and tool sets.
DUTIES AND RESPONSIBILITIES
Endpoint Management & Operations
Develop the strategy and architecture of endpoint management systems for the organization.
Develop and execute security enhancements for endpoint management platforms like SCCM, Intune, and PatchMyPC, focusing on reducing technical debt.
Provide situational awareness on the threat landscape and take a leadership role in defining and implementing the techniques, tactics, and procedures associated with those threats. Analyze platform (SCCM, Intune, and PatchMyPC) errors and warnings and design/implement remediations. Develop goals related to endpoint vulnerability management and compliance.
Serve as a core member and trusted subject matter expert, collaborating on decisions and actions related to remediating vulnerabilities.
Independently research, test, and implement Automatic Deployment Rules (ADRs) for browsers, Adobe, and other third-party tools.
Migration and Consolidation
Plan and execute the integration of Intune with existing SCCM infrastructure.
Evaluate legacy GPO and Intune policies for effectiveness and efficiency. Develop new policies and/or revisions to address policy gaps as appropriate.
Streamline the organization’s application landscape by consolidating and packaging applications.
Development, Deployment, and Customization
Rearchitect application packaging and deployment processes to include ensuring that only approved applications are installed on endpoints.
Develop scripts for solution deployment and vulnerability remediation.
Package, test, deploy, and support new applications, updates, and operating systems in compliance with TKG technology standards, ensuring compatibility with existing services.
Design and implement policies in Intune and GPO to harden endpoints and streamline management.
Escalation and Troubleshooting
Identify and escalate concerns to Sr. Management regarding endpoint security deficiencies or enhancements that need to be addressed.
Partner with teammates and IT teams to test and resolve deployment or policy-related issues with an emphasis on creating a stable, secure and optimized endpoint environment for the organization.
Provide advanced technical support to resolve complex issues related to operating systems, endpoint applications, and images.
Utilize scripting and deployment expertise to address widespread endpoint issues
Other Duties Special projects and assignments as business dictates including but not limited to
Plan, implement, and ensure regular systems maintenance tasks such as endpoint patching and server reboot schedules
Active Directory management and administration for users, groups, and other objects in AD.
Support of Okta, single sign on/multi-factor solution/remote access solutions.
Ticket queue management and problem resolution.
Required to participate in on-call (after-hours) support rotation and to participate in onsite stadium event support rotation (concerts, football games, soccer games, etc.)
Responsible for the creation, maintenance and control of all personally identifiable information or any other information protected by Confidentiality and Privacy Standards (see Mass Regulations on Personal Identity Regulations and HIPAA).
SUPERVISORY RESPONSIBILITIES
This position has no supervisory responsibilities
SKILLS AND QUALIFICATIONS
Bachelor’s degree in information technology or relevant experience
7+ years of experience managing enterprise endpoints on a large scale (1000+ clients).
Strong experience with Windows Server, Active Directory, GPO, and DNS
Experience creating and updating Windows 10/11 desktop Images.
Well versed in windows scripting (PowerShell, VBS)
Strong experience with SCCM, and Intune
Experience with patch management software (PatchMyPC, SolarWinds, etc)
Experience with Exchange Online, Office365, MS Teams, Azure AD and various cloud technologies
Experience creating deploying, and managing policies and software packages using products such as Intune and SCCM
Knowledge of MSI packages, including distribution, customization via transforms. (InstallShield Admin Studio experience preferred)
Experience with VMWare, O365, and Okta SSO
Strong oral, written, and interpersonal communication skills.
Strong documentation skills.
PHYSICAL DEMANDS
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
WORK ENVIRONMENT
The noise level in the work environment is usually moderate
Fast-paced office environment
Working hours may vary with the demands of the business, projects, and event schedules throughout the year.
Periodic on-call coverage.
CERTIFICATES, LICENSES, REGISTRATIONS
None required.
OTHER DUTIES
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
This company is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.
#LI-KG