Sr. SCCM OSDIntune Engineer

Be inspired. Be valued. Belong.

At Emory Healthcare we fuel your professional journey with better benefits valuable resources ongoing mentorship and leadership programs for all types of jobs and a supportive environment that enables you to reach new heights in your career and be what you want to be. We provide:

• Comprehensive health benefits that start day 1
• Student Loan Repayment Assistance & Reimbursement Programs
• Family-focused benefits
• Wellness incentives

Ongoing mentorship development leadership more!

*One day per week onsite*

Emory Healthcare isseekingan experienced and highly skilled Senior SCCM OSD / Intune Engineer to join the Windows Endpoint Engineering team. This senior-level roleis responsible forarchitecting implementing andmaintainingenterprise endpoint management solutions with deepexpertisein Microsoft System Center Configuration Manager (SCCM) Operating System Deployment (OSD) and Microsoft Autopilot-driven modern provisioning via Microsoft Intune.

As a senior contributor this individual will serve as a subject matter expert across the full endpoint lifecycle from zero-touch Autopilot provisioning to complex task sequence development co-management strategy and cloud-first modernization. The role requires independent ownership of critical engineering workstreams and the ability to influence platform direction across a fleet of 30000 endpoints in a large complex healthcare environment.

This position requires one onsite day per week at our Emory Northlake Campus and includes participation in after-hoursmaintenance and an on-call rotation supporting critical Tier 1 clinical environments.

RESPONSIBILITIES:

OSD and Imaging Architecture:

• Design build andmaintainadvanced SCCM task sequences for wipe-and-load in-place upgrade and bare-metal OSD scenarios across clinical and administrative endpoint personas
• Manage the full imaging pipeline including DEV TST and PRD environments aligned to monthly Patch Tuesday cadence
• Develop andmaintaindriver and firmware management strategies for Dell and specialty clinical hardware including radiology cardiology and WOW devices
• Architect and enforce persona-based imaging standards (DSK RAD CAR) to reduce image sprawl and standardize endpoint builds across the enterprise
• Lead validation and quality assurance processes for new image releases coordinating with field technicians and clinical stakeholders

Autopilot and Modern Provisioning:

• Architect and operationalize Windows Autopilot at scale for both new hardware enrollment and conversion of existing SCCM-managed devices
• Develop andmaintainautomated hardware hash collection and upload workflows using PowerShell and the Microsoft Graph API
• Design zero-touch or near-zero-touch provisioning workflows for clinical environments accounting for VPN dependencies Imprivata integration and domain join requirements
• Lead co-management configuration and workload migration strategy defining the path from SCCM-primary to Intune-first endpoint management
• Build and maintain Autopilot deployment profiles enrollment status page (ESP) configurations and device group targeting in Entra ID

Intune and Cloud Endpoint Management:

• Develop and manage Win32 app packaging deployment and supersedence logic in Intune for clinical and administrative applications
• Administer compliance policies configuration profiles and Settings Catalog policies in Intune across hybrid-joined and Entra-joined endpoints
• Manage BitLocker LAPS and Windows Hello for Business configurations through Intune for endpoint security compliance
• Configure andmaintainWindows Autopatch or equivalent patching strategies through Intune for cloud-managed devices
• Troubleshoot Intune enrollment failures policy conflicts and Win32 app deployment issues at scale

Patch Management and Third-Party Application Lifecycle:

• Own Windows and third-party patch management operations using SCCM and Patch My PC (PMPC) across 30000 endpoints
• Design andmaintainring-based patch deployment strategies withappropriate deferralwindows for clinical environments
• Monitor patch compliance across the fleet and produce reporting for engineering leadership and CISO-level stakeholders
• Evaluate and recommend application packaging standards supersedence strategies and lifecycle processes for third-party software

Identity Security and Clinical Integration:

• Maintain and troubleshoot hybrid Entra ID join workflows Conditional Access policies and PRT-based authentication for endpoint access
• Support ImprivataOneSignintegration across shared clinical devices including WOWs kiosks and fixed workstations
• Collaborate with clinical informatics and Epic teams to ensure local Hyperdrive deployments meet performance authentication and integration standards
• Partner with the security team to align endpoint configurations with healthcare compliance frameworks including HIPAA and organizational security policy

Automation Scripting and Engineering Excellence:

• Develop production-quality PowerShell scripts for endpoint automation remediation and reporting; code must be self-contained SCCM-compatible and log to standardized paths
• Contribute to the Endpoint Intelligence Program by building data pipelines and operational reporting from SCCM Intune and endpoint analytics sources
• Document engineering standards deployment runbooks and architectural decisions to support team knowledge transfer and operational consistency
• Serve as a senior technical resource and escalation point for endpoint engineering issues across the team

What Success Looks Like:

• Zero-touch Autopilot provisioning operationalized for new and converted devices across the enterprise
• OSD pipeline running on a consistent monthly cadence with validated images in DEV TST and PRD
• Patch compliance rates meeting or exceeding organizational SLAs with minimal manual intervention
• Win32 app packaging standards documented and applied consistently across Intune deployments
• Engineering documentation currentaccurate and accessible to the full team
• Escalation issues resolved with root cause documentation and preventive recommendations provided to leadership

PREFERRED QUALIFICATIONS:

• 5 or more years of hands-on experience in enterprise endpoint management with a strong focus on SCCM OSD task sequence development and Intun
• Demonstrated experience architecting and deploying Windows Autopilot at scale including device hash collection Autopilot profile configuration and ESP design
• Expert-levelproficiencyin SCCM including OSD software distribution patch management collections and co-management configuration
• Strong experience with Intune including Win32 app packaging compliance policies Settings Catalog and cloud-native device management
• Advanced PowerShell scripting ability with experience writing production automation for large enterprise environments
• Experience managing Windows imaging across diverse hardware including driver injection firmware management and persona-based build design
• Working knowledge of hybrid Entra ID environments Conditional Access and modern identity concepts
• Familiarity with ImprivataOneSignor equivalent shared workstation authentication solutions in clinical or highly regulated environments
• Ability to work independently on complex multi-phase engineering initiatives with minimal supervision
• Experience in a healthcare IT environment with understanding of clinical workflow considerations and downtime risk management
• Hands-on experience with Patch My PC (PMPC) for third-party patch management integrated with SCCM and Intune
• Familiarity with Epic Hyperdrive local client deployment configuration and support
• Experience with Azure DevOps using Agilemethodologyand Kanban-based sprint execution
• Microsoft certifications such as MD-102 (Endpoint Administrator) SC-300 or equivalent
• Experience contributing to or owning DEX or endpoint analytics reporting initiatives

MINIMUM QUALIFICATIONS:

• Bachelors degree in computer science Information Technology or related discipline and five years Infrastructure server administration experience OR seven years of Infrastructure server engineering experience.

Emory is an equal opportunity employer and qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability protected veteran status or other characteristics protected by state or federal law.

Emory Healthcare is committed to providing reasonable accommodations to qualified individuals with disabilities upon request. Please contact Emory Healthcares Human Resources at . Please note that one weeks advance notice is preferred.