Endpoint Engineer

OUR LEADERSHIP PHILOSOPHY
At Lighthouse Credit Union, we believe all individuals, regardless of position level, are considered leaders. By providing a framework that balances clarity with adaptability, our Leadership Competencies aim to foster a culture of continuous growth and agile leadership. Lighthouse Credit Union is committed to embracing change, nurturing leadership talent, and ensuring our performance management practices are aligned with our vision of fostering a resilient and forward-thinking organization. As such, we all hold ourselves accountable to the following:

LEADERSHIP COMPETENCIES

Demonstrates Interpersonal Awareness & Skills
A cornerstone of our collaborative work environment, this competency emphasizes effective communication, relationship building and teamwork. It also supports creating a positive work environment that values individual contributions and fosters teamwork. As an individual leader, you will demonstrate active listening, clear communication and contribute beneficially to team dynamics.

Embraces Change & Learning
This competency focuses on adaptability, personal development and the advocacy and embracing of progressive change.You will be challenged to explore continuous learning opportunities to achieve excellence and foster a culture of growth and innovation. As an individual leader, you will actively engage in personal development, embrace change enthusiastically and support team members in their growth. You will also demonstrate flexibility and adaptability in response to changing circumstances.

Utilizes Critical & Creative Thinking
Underlining the importance of innovative problem solving, challenging the status quo and strategic thinking, this competency is vital for driving excellence and leadership. This competency challenges team members to take initiative beyond one's immediate responsibilities. As an individual leader, you will actively look for and share opportunities for improvement, show open-mindedness to new ideas and professionally challenge inefficient processes. You will also actively contribute to defining solutions and promoting innovation.

Takes Personal Ownership

This competency focuses on taking responsibility for performance goals, proactive collaboration and accountability. It highlights the significance of each team member taking ownership of their role and contributions while demonstrating leadership qualities regardless of their position. As an individual leader, you will be actively engaged in setting and achieving performance goals, take responsibility for personal action and decisions and seek opportunities for self-improvement and skill development.

POSITION SUMMARY
The Endpoint Engineer is responsible for the design, implementation, and end-to-end ownership of Lighthouse Credit Union's endpoint management platform across Windows, macOS, and iOS devices. This role leads the engineering and operation of a modern management strategy centered on Microsoft Intune within a hybrid Active Directory and Entra ID environment that is actively transitioning away from legacy tool. Intune serves as the authoritative platform for configuration, compliance, and policy enforcement. The Endpoint Engineer drives the migration of legacy Group Policy and traditional imaging (MDT) into identity-based, zero-touch provisioning and standardized configuration baselines. This is a platform engineering and ownership role-not a device administration or ticket-processing position. The Endpoint Engineer establishes standards, builds automation, eliminates manual processes, and empowers the Service Desk through documentation, knowledge transfer, and training. The role is accountable for endpoint consistency, security posture, and the overall end-user experience across both assigned-user and shared workstation environments.

ESSENTIAL FUNCTIONS & RESPONSIBILITIES

Endpoint Architecture & Intune Engineering
* Designs and maintains enterprise endpoint configuration standards using Microsoft Intune as the primary management authority.
* Serves as the technical subject matter expert for Autopilot provisioning and deployment workflows, Hybrid Entra ID join scenarios, Configuration Profiles, Settings Catalog policies, and custom OMA-URI configuration, device compliance policies integrated with Conditional Access, Windows update strategy including update rings and Autopatch, macOS Platform SSO and identity-driven authentication, BitLocker and FileVault escrow and recovery, shared workstation and multi-user device configurations.

Device Lifecycle & Automation
* Engineers zero-touch provisioning and standardized rebuild workflows.
* Develops automation, scripting, and remediation processes to enforce configuration compliance and reduce manual intervention.
* Designs and maintains lifecycle workflows for new device provisioning, re-provisioning and reset, hardware replacement, secure retirement.
* Managers Device Drivers.
* Supports coexistence with MDT where required while actively reducing reliance on imaging.

Application Management
* Owns enterprise application deployment across Windows, macOS, and iOS platforms.
* Packages and deploys .Msi, .PKG, and .intunewin applications.
* Manages applications in various repositories (Microsoft Store, App Store, Company Portal, etc).
* Maintains github repositories of endpoint scripts.
* Develops assignment strategies and update cadences.
* Troubleshoots deployment failures and policy conflicts.
* Maintains standardized packaging methodology and documentation.

Monitoring, Security & Performance
* Collaborates with Cybersecurity and Infrastructure teams to ensure endpoint protection tooling functions effectively without degrading user experience.
* Monitors compliance, update posture, and device health across the fleet.
* Evaluates performance impact of endpoint security agents and optimize configuration accordingly.

Documentation & Enablement
* Creates and maintains engineering-level documentation and operational procedures.
* Trains Service Desk and IT staff on endpoint workflows and tools.
* Acts as escalation point for advanced endpoint issues and perform root cause analysis.

JOB SPECIFICATIONS
* Extensive enterprise experience engineering and operating Microsoft Intune across Windows, macOS, and iOS, including Configuration Profiles, Settings Catalog, and custom OMA-URI policy configuration.
* Experience managing hybrid Active Directory and Entra ID environments and migrating endpoint management from Group Policy and imaging (MDT) to modern management and Autopilot provisioning.
* Proven ability to design device compliance, update management, and security configuration standards integrated with identity and Conditional Access.
* Strong multi-platform application packaging and deployment experience, including msi, PKG, and intunewin applications.
* Experience developing automation, scripting, and remediation solutions to enforce configuration consistency and reduce manual operational effort.
* Advanced troubleshooting skills across identity, policy precedence, device configuration, and multi-user/shared workstation scenarios.

EDUCATION, TRAINING & EXPERIENCE
* High school diploma or GED required.
* 3+ years experience managing Endpoint Devices in a Medium or larger corporate environment.
* Extensive enterprise experience administering Microsoft Intune across Windows, macOS, and iOS.
* Strong experience with Configuration Profiles, Settings Catalog, and custom OMA-URI policy creation.
* Experience operating hybrid Active Directory and Entra ID joined environments.
* Demonstrated migration of Group Policy settings into Intune.
* Experience with Autopilot and modern device lifecycle management.
* Multi-platform application packaging and deployment experience.
* Experience creating automation or remediation solutions for endpoint configuration.
* Ability to design standards and operational processes, not just execute tasks.
* Advanced troubleshooting across identity, policy, and device configuration layers.
* MacOS Platform SSO implementation experience preferred.
* Windows Autopatch and update ring design experience preferred.
* Shared workstation or frontline device management experience preferred.
* Experience in regulated or security-sensitive environments preferred.

WORK ARRANGEMENT: The working arrangement for this position is hybrid or remote. Hybrid work is an opportunity to find the right balance between working in the office and remotely, especially if it supports individual success and the needs of our organization. Hybrid schedules are determined by the hiring manager based on business unit needs and may vary by department. Although a remote work
arrangement may be authorized, those working in a remote position should expect occasional travel to headquarters or other business locations as necessary for work purposes.

We know life doesn't pause when you're at work - and your benefits shouldn't either. At Lighthouse Credit Union, we offer real support for real life, with perks that help you stay healthy, grow your future, and take care of what matters most.

* Student Loan & Tuition Assistance - Whether you're paying off debt or going back to school, we help lighten the load.

* Employee Loan Discounts - Get access to lower rates on personal loans, just for being part of the team.

* Weekly Paychecks - Because waiting two weeks shouldn't be the norm.

* 401(k) with Employer Match & Profit Sharing - We invest in your future with generous contributions and immediate vesting.

* Lighthouse Leave Program - Paid time off for major life moments, from welcoming a child to caring for a loved one.

* Volunteer Time Off (VTO) - Give back to your community with paid time to serve.

* PTO + Paid Federal Holidays - Rest, recharge, and celebrate without worry.

* Balanced Schedule - All branches close by 5pm and on Sundays - no late nights or unpredictable shifts.

* Comprehensive Medical, Dental & Vision Plans - Coverage that starts quickly and fits your needs.

* HSA/FSA Options - Save pre-tax dollars for everyday health expenses.

* Discounted Pet Insurance - Because furry family members deserve care too.

* Employee Assistance Program (EAP) - Free, confidential support for life's challenges - available 24/7.

* Annual Bonus Program - Celebrate your wins, your teammates' successes, and the Credit Union's growth - together.

* Engagement Groups - Join communities like Pride at Work, Women in Leadership, Book Club, and more.

* Ongoing Training & Career Growth - We invest in your development from day one.

* Annual Summit & Team Outings - Celebrate wins and connect with coworkers across the organization.

LIGHTHOUSE CREDIT UNION IS AN EQUAL OPPORTUNITY EMPLOYER