Senior Endpoint Engineer (R&D Specialist)

Location: DHA locations in and around San Antonio, TX

Clearance Required: Public Trust (ADP/IT-II) or Tier 3 Investigation (NACLC)

The Senior Endpoint Engineer/R&D Specialist is responsible for architecting, developing, and sustaining endpoint management and delivery solutions that meet DoD and DHA operational and security requirements. This includes designing compliant application packaging, security configurations, software deployments, and mobile device solutions across the hybrid DHA ecosystem. The engineer will also lead Tier 3/4 support efforts, drive endpoint automation and modernization initiatives, and provide technical leadership in support of RMF and Zero Trust alignment.

KEY RESPONSIBILITIES

Application Integration & Enterprise Management:

• Engineer and deploy endpoint management solutions (MECM, Intune, etc.) for both virtual and physical environments.
• Package, test, and configure baseline applications and images for DHA endpoints.
• Architect endpoint delivery frameworks to support centralized provisioning, patching, monitoring, and sustainment of services across hybrid (on-prem/cloud/SaaS) environments.
• Engineer migration strategies from MECM to Intune and develop modern endpoint reporting capabilities.

Endpoint & Identity Security:

• Validate endpoint compliance with DISA STIGs, DoDI 8510.01 (RMF), and NIST cybersecurity standards.
• Conduct risk assessments and apply IA controls across all application and OS lifecycle stages.
• Engineer and maintain endpoint configurations supporting Zero Trust, encryption, data-at-rest (DAR), and continuous monitoring.
• Maintain artifacts in eMASS, including POA&Ms, risk assessments, and continuous monitoring documentation.

Desktop & Endpoint Engineering:

• Build and maintain desktop OS images and standard software configurations for enterprise deployment.
• Engineer solutions supporting task sequences, group policies, and profile/data management.
• Modernize legacy configurations and support cloud-managed endpoints for improved user experience and performance.
• Validate application compatibility and implement endpoint enhancements using industry best practices.

Mobile Engineering:

• Design and implement mobile device provisioning, OS/firmware upgrades, and security configurations.
• Develop transition plans for migrating MDM platforms while preserving user experience and enterprise controls.

Software Design & System Integration:

• Research and develop system-level software solutions, including embedded systems and distribution frameworks.
• Formulate operational specs and conduct in-depth requirement analyses to improve endpoint architectures.

Application Packaging & Automation:

• Engineer, script, and deliver application packages using enterprise deployment tools.
• Test application delivery using hypervisors and simulate endpoint software combinations.
• Ensure compliance with DISA/NIST STIGs in application packaging and configuration management.
• Maintain application baselines and automate patching and updates.

Preferred Tools & Technologies:

• Microsoft MECM (SCCM), Intune, MDT, PowerShell
• Windows Server OS, Windows 10/11
• Hyper-V, Azure, Entra ID, GPO
• ActivClient, eMASS, DISA STIG Viewer
• SCAP Compliance Checker, NIST 800-series
• Application packaging tools (AdminStudio, WiseScript, etc.)

Education & Certification Requirements (per DoD 8140 Qualification Matrices)

1) Microsoft Certified: Cyber Security Architect Expert or Azure Solutions Architect Expert

2) Any of the following...

• Academic Education: Bachelor’s degree in information technology, Cybersecurity, or a related discipline.
• OR Baseline: GCLD or CCE or CASP+ or CEH or GLSC or CISSP