Endpoint Engineer (Systems Administrator)

Location: DHA locations in and around San Antonio, TX

Clearance Required: Public Trust (ADP/IT-II) or Tier 3 Investigation (NACLC)

The Endpoint System Admin is responsible for architecting, developing, and sustaining endpoint management and delivery solutions that meet DoD and DHA operational and security requirements. This includes designing compliant application packaging, security configurations, software deployments, and mobile device solutions across the hybrid DHA ecosystem. The engineer will also lead Tier 3/4 support efforts, drive endpoint automation and modernization initiatives, and provide technical leadership in support of RMF and Zero Trust alignment.

KEY RESPONSIBILITIES

Application Integration & Enterprise Management:

• Engineer and deploy endpoint management solutions (MECM, Intune, etc.) for both virtual and physical environments.
• Package, test, and configure baseline applications and images for DHA endpoints.
• Architect endpoint delivery frameworks to support centralized provisioning, patching, monitoring, and sustainment of services across hybrid (on-prem/cloud/SaaS) environments.
• Engineer migration strategies from MECM to Intune and develop modern endpoint reporting capabilities.

Endpoint & Identity Security:

• Validate endpoint compliance with DISA STIGs, DoDI 8510.01 (RMF), and NIST cybersecurity standards.
• Conduct risk assessments and apply IA controls across all application and OS lifecycle stages.
• Engineer and maintain endpoint configurations supporting Zero Trust, encryption, data-at-rest (DAR), and continuous monitoring.
• Maintain artifacts in eMASS, including POA&Ms, risk assessments, and continuous monitoring documentation.

Desktop & Endpoint Engineering:

• Build and maintain desktop OS images and standard software configurations for enterprise deployment.
• Engineer solutions supporting task sequences, group policies, and profile/data management.
• Modernize legacy configurations and support cloud-managed endpoints for improved user experience and performance.
• Validate application compatibility and implement endpoint enhancements using industry best practices.

Mobile Engineering:

• Design and implement mobile device provisioning, OS/firmware upgrades, and security configurations.
• Develop transition plans for migrating MDM platforms while preserving user experience and enterprise controls.

Software Design & System Integration:

• Research and develop system-level software solutions, including embedded systems and distribution frameworks.
• Formulate operational specs and conduct in-depth requirement analyses to improve endpoint architectures.

Application Packaging & Automation:

• Engineer, script, and deliver application packages using enterprise deployment tools.
• Test application delivery using hypervisors and simulate endpoint software combinations.
• Ensure compliance with DISA/NIST STIGs in application packaging and configuration management.
• Maintain application baselines and automate patching and updates.

Preferred Tools & Technologies:

• Microsoft MECM (SCCM), Intune, MDT, PowerShell
• Windows Server OS, Windows 10/11
• Hyper-V, Azure, Entra ID, GPO
• ActivClient, eMASS, DISA STIG Viewer
• SCAP Compliance Checker, NIST 800-series
• Application packaging tools (AdminStudio, WiseScript, etc.)

Education & Certification Requirements (per DoD 8140 Qualification Matrices)

1) Microsoft Certified: Azure Administrator Associate or Windows Server Hybrid Administrator Associate

2) Any of the following...

• Academic Education: Bachelor’s degree in information technology, Cybersecurity, or a related discipline.
• OR Baseline: Cloud+ or GICSP or SSCP or Security+ or GSEC or GLSC or CISSP
• OR DoD/Military Training: F07DZZ1 or M03385G or M10395B or M223854 or A-150-0045 now W-250-0750 or A-531-0021 or W-250-0750 or A-150-3400 now W-250-0750 or A-150-1980 or A-150-1202 or A-150-1203 or A-150-1250 or A-150-1855 / A-150-1940 or A-113-0205 or A-113-0175 or A-113-0018 or A-113-0382 or A-113-0027 or A-113-0383 or A-113-0175 or A-113-0202 or A-113-0233 or DISA-US1379