Be inspired. Be valued. Belong. 

At Emory Healthcare we fuel your professional journey with better benefits, valuable resources, ongoing mentorship and leadership programs for all types of jobs, and a supportive environment that enables you to reach new heights in your career and be what you want to be.  We provide:

• Comprehensive health benefits that start day 1
• Student Loan Repayment Assistance & Reimbursement Programs
• Family-focused benefits
• Wellness incentives

Ongoing mentorship, development, leadership programs...and more!

*One day per week onsite*

Emory Healthcare is seeking an experienced and highly skilled Senior SCCM OSD / Intune Engineer to join the Windows Endpoint Engineering team. This senior-level role is responsible for architecting, implementing, and maintaining enterprise endpoint management solutions with deep expertise in Microsoft System Center Configuration Manager (SCCM) Operating System Deployment (OSD) and Microsoft Autopilot-driven modern provisioning via Microsoft Intune. 

As a senior contributor, this individual will serve as a subject matter expert across the full endpoint lifecycle — from zero-touch Autopilot provisioning to complex task sequence development, co-management strategy, and cloud-first modernization. The role requires independent ownership of critical engineering workstreams and the ability to influence platform direction across a fleet of 30,000+ endpoints in a large, complex healthcare environment. 

This position requires one onsite day per week at our Emory Northlake Campus and includes participation in after-hours maintenance and an on-call rotation supporting critical Tier 1 clinical environments. 

RESPONSIBILITIES:

OSD and Imaging Architecture: 

• Design, build, and maintain advanced SCCM task sequences for wipe-and-load, in-place upgrade, and bare-metal OSD scenarios across clinical and administrative endpoint personas 
• Manage the full imaging pipeline including DEV, TST, and PRD environments aligned to monthly Patch Tuesday cadence 
• Develop and maintain driver and firmware management strategies for Dell and specialty clinical hardware including radiology, cardiology, and WOW devices 
• Architect and enforce persona-based imaging standards (DSK, RAD, CAR) to reduce image sprawl and standardize endpoint builds across the enterprise 
• Lead validation and quality assurance processes for new image releases, coordinating with field technicians and clinical stakeholders 

Autopilot and Modern Provisioning:

• Architect and operationalize Windows Autopilot at scale for both new hardware enrollment and conversion of existing SCCM-managed devices
• Develop and maintain automated hardware hash collection and upload workflows using PowerShell and the Microsoft Graph API 
• Design zero-touch or near-zero-touch provisioning workflows for clinical environments, accounting for VPN dependencies, Imprivata integration, and domain join requirements 
• Lead co-management configuration and workload migration strategy, defining the path from SCCM-primary to Intune-first endpoint management 
• Build and maintain Autopilot deployment profiles, enrollment status page (ESP) configurations, and device group targeting in Entra ID 

Intune and Cloud Endpoint Management: 

• Develop and manage Win32 app packaging, deployment, and supersedence logic in Intune for clinical and administrative applications
• Administer compliance policies, configuration profiles, and Settings Catalog policies in Intune across hybrid-joined and Entra-joined endpoints 
• Manage BitLocker, LAPS, and Windows Hello for Business configurations through Intune for endpoint security compliance 
• Configure and maintain Windows Autopatch or equivalent patching strategies through Intune for cloud-managed devices 
• Troubleshoot Intune enrollment failures, policy conflicts, and Win32 app deployment issues at scale 

Patch Management and Third-Party Application Lifecycle: 

• Own Windows and third-party patch management operations using SCCM and Patch My PC (PMPC) across 30,000+ endpoints 
• Design and maintain ring-based patch deployment strategies with appropriate deferral windows for clinical environments 
• Monitor patch compliance across the fleet and produce reporting for engineering leadership and CISO-level stakeholders 
• Evaluate and recommend application packaging standards, supersedence strategies, and lifecycle processes for third-party software 

Identity, Security, and Clinical Integration: 

• Maintain and troubleshoot hybrid Entra ID join workflows, Conditional Access policies, and PRT-based authentication for endpoint access 
• Support Imprivata OneSign integration across shared clinical devices including WOWs, kiosks, and fixed workstations 
• Collaborate with clinical informatics and Epic teams to ensure local Hyperdrive deployments meet performance, authentication, and integration standards 
• Partner with the security team to align endpoint configurations with healthcare compliance frameworks including HIPAA and organizational security policy 

Automation, Scripting, and Engineering Excellence: 

• Develop production-quality PowerShell scripts for endpoint automation, remediation, and reporting; code must be self-contained, SCCM-compatible, and log to standardized paths 
• Contribute to the Endpoint Intelligence Program by building data pipelines and operational reporting from SCCM, Intune, and endpoint analytics sources 
• Document engineering standards, deployment runbooks, and architectural decisions to support team knowledge transfer and operational consistency 
• Serve as a senior technical resource and escalation point for endpoint engineering issues across the team 

What Success Looks Like:

• Zero-touch Autopilot provisioning operationalized for new and converted devices across the enterprise
• OSD pipeline running on a consistent monthly cadence with validated images in DEV, TST, and PRD
• Patch compliance rates meeting or exceeding organizational SLAs with minimal manual intervention
• Win32 app packaging standards documented and applied consistently across Intune deployments
• Engineering documentation current, accurate, and accessible to the full team
• Escalation issues resolved with root cause documentation and preventive recommendations provided to leadership

PREFERRED QUALIFICATIONS:

• 5 or more years of hands-on experience in enterprise endpoint management with a strong focus on SCCM OSD task sequence development and Intun
• Demonstrated experience architecting and deploying Windows Autopilot at scale including device hash collection, Autopilot profile configuration, and ESP design
• Expert-level proficiencyin SCCM including OSD, software distribution, patch management, collections, and co-management configuration 
• Strong experience with Intune including Win32 app packaging, compliance policies, Settings Catalog, and cloud-native device management
• Advanced PowerShell scripting ability with experience writing production automation for large enterprise environments
• Experience managing Windows imaging across diverse hardware including driver injection, firmware management, and persona-based build design
• Working knowledge of hybrid Entra ID environments, Conditional Access, and modern identity concepts
• Familiarity with Imprivata OneSignor equivalent shared workstation authentication solutions in clinical or highly regulated environments 
• Ability to work independently on complex, multi-phase engineering initiatives with minimal supervision
• Experience in a healthcare IT environment with understanding of clinical workflow considerations and downtime risk management
• Hands-on experience with Patch My PC (PMPC) for third-party patch management integrated with SCCM and Intune
• Familiarity with Epic Hyperdrive local client deployment, configuration, and support
• Experience with Azure DevOps using Agile methodologyand Kanban-based sprint execution 
• Microsoft certifications such as MD-102 (Endpoint Administrator), SC-300, or equivalent
• Experience contributing to or owning DEX or endpoint analytics reporting initiatives

MINIMUM QUALIFICATIONS:

• Bachelor's degree in computer science, Information Technology, or related discipline and five years Infrastructure server administration experience OR seven years of Infrastructure server engineering experience.

Emory is an equal opportunity employer, and qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law.

Emory Healthcare is committed to providing reasonable accommodations to qualified individuals with disabilities upon request. Please contact Emory Healthcare’s Human Resources at careers@emoryhealthcare.org. Please note that one week's advance notice is preferred.