Technical Support Specialist

Job Description

Job Description L3 / SME Endpoint Architect (SCCM / Intune / MEM)

Role Overview

The L3 Endpoint SME is responsible for end-to-end ownership, architecture, and optimization of endpoint management platforms, including Microsoft Endpoint Configuration Manager (SCCM) and Microsoft Intune (MEM).

This role acts as the highest technical escalation point, drives platform stability, automation, and modernization (Intune-first strategy), and ensures secure, compliant, and scalable endpoint management across the enterprise.

Key Responsibilities

Platform Ownership & Architecture

• Own the design, architecture, and roadmap for:
• SCCM (ConfigMgr)
• Microsoft Intune (MDM/MAM)
• Co-management (SCCM + Intune)
• Drive transition towards cloud-first endpoint management (Intune-first approach)
• Define standards for:
• Device configuration
• Application deployment
• Patch management
• Compliance & security baselines
  
  

Advanced Troubleshooting & Escalation (L3)

• Act as final escalation point for complex endpoint issues:
• Patch failures across large device groups
• Application deployment failures (complex packaging/detection issues)
• Co-management conflicts (SCCM vs Intune workloads)
• Policy conflicts (GPO, Intune, security baselines)
• Perform deep-dive troubleshooting using:
• SCCM logs (CAS.log, WUAHandler.log, AppEnforce.log, etc.)
• Intune diagnostics & device logs
• Engage Microsoft/OEM support with detailed diagnostics
  
  

Patch Management Strategy & Governance

• Define and govern enterprise patching strategy:
• Monthly patch cycles
• Emergency patching (zero-day vulnerabilities)
• Patch rings and deployment groups
• Ensure high compliance (>9598%) across environment
• Align patching with security and audit requirements
  
  

Application Packaging Strategy & Engineering

• Define standards and frameworks for:
• Application packaging (MSI, EXE, Win32 apps)
• Detection methods and deployment logic
• Review and approve complex application packages
• Drive automation and standardization in packaging
  
  

Policy & Compliance Management

• Design and implement:
• Intune configuration profiles
• Compliance policies
• Conditional access integration
• Resolve conflicts between:
• GPO vs Intune policies
• Legacy vs modern management approaches
• Ensure endpoint compliance with security baselines and audit controls
  
  

Automation & Modernization

• Lead automation initiatives using:
• PowerShell (advanced scripting expected)
• Graph API (preferred)
• Automate:
• Patch deployments
• Application rollouts
• Compliance remediation
• Drive adoption of:
• Autopilot
• Zero-touch provisioning
• AIOps (where applicable)
  
  

Monitoring, Reporting & Optimization

• Define KPIs and dashboards for:
• Patch compliance
• Application deployment success
• Device health and compliance
• Identify and eliminate:
• Deployment failures
• Recurring incidents
• Optimize infrastructure:
• SCCM site performance
• Distribution point efficiency
• Intune sync performance
  
  

Security & Compliance Alignment

• Work closely with security teams to:
• Implement endpoint security baselines
• Support vulnerability management (patch SLAs)
• Ensure readiness for:
• Internal/external audits
• Compliance frameworks
  
  

Leadership & Stakeholder Management

• Provide technical leadership to L1 & L2 teams
• Review technical quality of incident resolution
• Lead technical discussions with client stakeholders
• Present:
• Improvement roadmap
• Platform health reports
• Risk and mitigation plans
  
  

Required Skills & Qualifications

Technical Expertise (Non-Negotiable)

• Deep hands-on experience in:
• SCCM (ConfigMgr) architecture, troubleshooting, performance tuning
• Microsoft Intune (MEM) device management, compliance, app deployment
• Strong expertise in:
• Windows 10/11 management
• Azure AD / Entra ID
• Group Policy (GPO)
  
  

Advanced Skills

• Strong scripting expertise:
• PowerShell (mandatory)
• Graph API (good to have)
• Experience with:
• Windows Autopilot
• Co-management design & optimization
• Windows Update for Business (WUfB)
  
  

Process & Governance

• Strong ITIL understanding:
• Incident, Problem, Change Management
• Experience in:
• CAB discussions
• RCA reviews
• Audit and compliance reporting
  
  

Soft Skills

• Strong decision-making during critical issues
• Ability to simplify complex technical issues for business stakeholders
• Ownership mindset with proactive problem-solving
• Ability to challenge and improve existing setups (not just maintain)
  
  

Experience & Education

• 710+ years of experience in endpoint management / EUC engineering
• 3+ years in L3 / SME / Architect role
• Bachelor's degree in IT or related field
• Certifications (strongly preferred):
• Microsoft Endpoint Administrator (MD-102)
• Azure Administrator (AZ-104)
  
  

Qualifications

Graduation

Range Of Year Experience-Min Year

7

Range Of Year Experience-Max Year

10