Endpoint Engineer - Modern Endpoint & Mobility

*Description** **Position Summary** ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role, not a helpdesk position. You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment. ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites. You will be enrolling and managing thousands of mobile and plant-floor devices, driving zero-touch workstation provisioning via Autopilot, and building out mobile management standards as new sites come online. Your counterpart on the team owns Endpoint Central and packaging both engineers cross-train on each other's primary platforms for full coverage. **What You'll Do** **Microsoft Intune — Primary Platform** + Serve as the primary Intune administrator across Windows, iOS, iPadOS, and Android: MDM/MAM policies, compliance policies, configuration profiles, and application deployment. + Administer Conditional Access compliance integration with Entra ID; monitor enrollment health and compliance dashboards and resolve failures across all supported platforms. + Manage application deployment via Intune: IntuneWin packages, Microsoft Store apps, LOB apps, and app protection policies for corporate and BYOD devices. **Windows Autopilot — Zero-Touch Deployment** + Design and maintain Autopilot deployment profiles and enrollment flows for zero-touch workstation provisioning across a growing fleet. + Manage device registration, hardware hash import, and profile assignment; coordinate with procurement and the Service Desk for new device intake. + Troubleshoot Autopilot enrollment failures and maintain runbooks for common failure scenarios. + Collaborate with the UEM & Packaging Engineer on app sequencing during provisioning to ensure a complete, compliant out-of-box experience. **Mobile Device Management — iOS, iPadOS & Android** + Administer Intune MDM/MAM for iOS, iPadOS, and Android corporate and BYOD devices: enrollment, policy, app deployment, compliance, and remote actions. + Manage Apple Business Manager integration with Intune; maintain DEP enrollment profiles and VPP app licensing. + Configure app protection policies for BYOD scenarios; manage mobile device lifecycle from provisioning through retirement. + Troubleshoot mobile enrollment and compliance issues; coordinate with Networking on WiFi and connectivity dependencies. **SOTI MobiControl — Plant-Floor Mobility** + Administer SOTI MobiControl for rugged Android handhelds, RF scanners, and terminals used in manufacturing and warehouse operations. + Manage enrollment, configuration profiles, app deployment, and kiosk policies for plant-floor device groups. + Troubleshoot plant-floor device issues; coordinate with plant operations and Networking on WiFi coverage and VLAN requirements. + Support device staging for new site openings and plant expansions. **macOS Management — Jamf Pro** + Administer Jamf Pro for ~100 Mac devices: enrollment, configuration profiles, patch management, application deployment, and compliance reporting. + Provide Tier 2/3 support for macOS issues; maintain macOS packaging workflows and runbooks. **Thin Client Management — IGEL OS** + Manage IGEL OS thin client configuration, policy, and patching in coordination with the Networking & Hardware Services team. + Support thin client deployments for new sites; maintain configuration standards and deployment runbooks. **Endpoint Security Configuration** + Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices. + Apply and maintain endpoint hardening baselines across Windows, macOS, and mobile platforms; coordinate with InfoSec on gap remediation. **Digital Signage — Skykit** + Support management of the enterprise digital signage platform (Skykit): device enrollment, content policy, and operational support across ProAmpac sites. **Asset Management** + Own endpoint asset data quality in Lansweeper for all assigned device types; drive asset management process adherence by the Service Desk. **Application Packaging — Cross-Training** + Maintain working proficiency in application packaging (MSI, IntuneWin) to build and deploy packages via Intune independently and to cover your counterpart when needed. **Documentation & On-Call** + Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB). + Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support. **What You'll Bring** + 3–5 years of enterprise endpoint engineering or systems administration experience focused on MDM, UEM, or modern device management platforms. + Strong Microsoft Intune experience: MDM/MAM policy design, compliance policies, configuration profiles, and application deployment across Windows and mobile platforms. + Hands-on Windows Autopilot experience: deployment profile design, enrollment flows, and troubleshooting in an enterprise environment. + Experience managing iOS/iPadOS and Android devices in an enterprise MDM environment, including Apple Business Manager and DEP enrollment. + Working application packaging experience for Intune: IntuneWin format and LOB app deployment at minimum. + Proficiency in PowerShell scripting for automation, reporting, and operational workflows. + Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration. + Strong troubleshooting skills across Windows 10/11, iOS, and Android platforms. + Self-motivated, detail-oriented, and able to manage concurrent tasks independently. + Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience. + Preferred: Microsoft MD-102 (Endpoint Administrator Associate) certification or actively working toward it. + Preferred: experience with Jamf Pro for macOS device management. + Preferred: experience with SOTI MobiControl or comparable plant-floor/rugged device management platforms. + Preferred: experience with IGEL OS or thin client management platforms. + Preferred: experience supporting manufacturing or multi-site industrial environments. **Why ProAmpac** + Join a nearly $5 billion packaging company scaling rapidly through acquisition with a major infrastructure modernization underway. + Own a packaging practice and server patching program that will scale dramatically, this is a build role, not a maintain role. + Clear path for skill development as our environment grows, you will work on real scale, not a stable steady-state environment. + Professional development support including training and certification opportunities. **Location and Work Arrangement** This is a 100% remote position. Candidates must be based in the United States and able to work during US business hours. Eastern or Central time zones are preferred for team collaboration. Travel: This position may require occasional travel (up to 20%) for site support and team meetings. **Additional Information** This role includes participation in a rotating on-call schedule to support endpoint infrastructure. Escalations for service-impacting issues may occur outside standard business hours (8am–6pm). ProAmpac is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by applicable law. EEO – M/F/Disability/Vets To apply, please submit your resume and cover letter. #CORP Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights ( notice from the Department of Labor. **Job Category:** Information Technology Full-Time

Created: 2026-04-03