Senior Systems Engineer - Workplace Engineering

Job Description

JOB SUMMARY

The Sr. Systems Engineer will be responsible for the design, implementation, and comprehensive management of all Intune features specifically related to Windows 365 (W365) Cloud PC environments. This role requires an expert understanding of Microsoft Intune and its integration with W365, emphasizing compliance, security, device configuration, and seamless user experiences. The ideal candidate will bring in-depth experience in endpoint management and possess the ability to lead, optimize, and support complex Intune configurations. This role involves closely managing policies, application deployment, access control, and all facets of device lifecycle management within the Intune environment to maximize the effectiveness of W365 Cloud PCs across the organization.

CANDIDATE PROFILE

Education and Experience

Required:
Undergraduate degree in an engineering or computer science discipline, or equivalent experience/certification.
7+ years in information technology, including:

o 5+ years implementing cloud-based SaaS/Daas solutions and virtualization platforms and technologies.
o 3+ years specializing in virtual desktop infrastructure (VDI), with a focus on Windows 365 (W365) and Intune.
o 5+ years of automation experience in infrastructure provisioning using scripting and automation technologies.
o 3+ years in Intune management, including policy creation, compliance settings, app deployment, and endpoint security configurations.
o 3+ year experience in creating, deploying, and managing IntuneWin and custom MSI packages for streamlined app deployment in W365 environments.
o 3+ years of Microsoft Endpoint Manager, with expertise in managing Windows Autopilot, Conditional Access Policies, and compliance policies according to industry best practices.
o 5+ years working with scripting languages, such as PowerShell, for automation and endpoint management.
o 2+ years experience with Agile methodologies, including sprints, JIRA, and creating user stories to align with business requirements and technical needs.

Other Required Capabilities

W365 & Intune Policy Management:
Design and enforce provisioning policies tailored for W365 Cloud PCs, enabling seamless enrollment, configuration, and compliance.
Manage Intune compliance policies specific to W365, ensuring Cloud PCs meet regulatory and internal standards.
Establish device configuration policies for security settings, user permissions, network profiles, and connectivity, ensuring consistent, secure configurations across all W365 devices.
Implement security baselines specifically crafted for W365 in Intune, aligning with industry best practices for enhanced device security.

Application Deployment & Management:
Oversee application deployment strategies through Intune to ensure applications are securely and efficiently delivered to W365 devices.
Develop and manage Intune app configuration policies for smooth app installation, updating, and removal across the W365 fleet.
Configure app protection policies for Microsoft and third-party applications within W365 to enhance data security and user productivity.
Custom Package Development: Design and build custom MSI and Intunewin packages for application deployment in Intune, ensuring compatibility and optimized installation processes for W365 Cloud PC environments.

Conditional Access & Security Policies:
Understanding of conditional access policies within Intune and Azure AD for W365, managing access based on compliance, user location, and risk-based criteria.
Manage and implement endpoint security settings within Intune, including antivirus, encryption, intrusion detection, and real-time monitoring.

User Experience & Profile Management:
Optimize user profile management through Intune, ensuring personalized, consistent user experiences across W365 devices.
Leverage Intune's user and device-based settings to streamline experiences, including device restrictions, personalization, and default settings.
Profile management and configure persistent user settings, reducing login times and improving overall user satisfaction.

Device Configuration & Compliance:
Design configuration profiles for W365 devices to manage essential settings such as Wi-Fi, VPN, certificates, and device restrictions.
Monitor compliance through Intune reporting, ensuring W365 devices align with corporate security policies and regulatory requirements.
Perform regular reviews and adjustments to security and compliance configurations to align with emerging threats and policy updates.

Automation & Optimization:
Develop automation strategies using Intune PowerShell scripts and APIs to streamline repetitive tasks, device enrollment, compliance checks, and system updates.
Continuously monitor device performance, leveraging Intune analytics to identify bottlenecks and optimize device settings, application responsiveness, and user workflows.
Optimize W365 device cost efficiency by managing device configurations, lifecycle policies, and usage analytics to minimize resource wastage.

Patch Management & Updates:
Coordinate and manage all OS and application updates across W365 environments through Intune, maintaining patch compliance and security posture.
Design update rings and rollout schedules for controlled, secure, and timely updates, ensuring minimal disruption to W365 users.
Implement and manage Intune policies for Windows Update for Business (WUfB) within W365, balancing update requirements with user productivity.

Troubleshooting & Support:
Act as the primary escalation point for troubleshooting complex issues within the Intune-managed W365 environment, utilizing Intune diagnostic and logging tools.
Collaborate with IT support teams to develop Intune documentation, training materials, and support resources specific to W365 Cloud PCs.
Engage in proactive monitoring, leveraging Intune alerts and reports to address potential issues before they impact end users.

Qualifications:
Experience: 5+ years managing Intune, with a strong focus on W365 Cloud PC, Microsoft Endpoint Manager, and Azure AD environments.
Experience with Agile methodologies, including participation in sprints and using JIRA for project management and issue tracking, is essential; this includes creating and refining user stories that translate business requirements into actionable tasks for the team, ensuring alignment with project goals and user needs."
Technical Skills:
Proficiency with Intune MDM/MAM, Conditional Access, PowerShell scripting, Windows Autopilot, and multi-factor authentication (MFA).
Security Expertise: Demonstrated knowledge in endpoint security policies within Intune, including device compliance, conditional access, threat protection, and automated patching.
Core Competencies: Strong analytical skills, with an ability to translate complex technical requirements into practical Intune configurations. Excellent written and verbal communication skills to support cross-functional collaboration.

Preferred:
Extensive experience with Intune for application deployment, policy management, compliance settings, endpoint security, and automation for large-scale environments.
Proven track record in W365 Cloud PC and Intune strategy development and implementation.
Advanced understanding of Azure AD integration, configuration profiles, and compliance reporting within the Intune ecosystem.
This role is suited for an Intune expert passionate about leveraging technology to create secure, seamless, and productive user experiences within a modern, cloud-based desktop environment. The Sr. System Engineer will drive innovation and deliver optimized VDI solutions for our growing digital workplace.

This role is suited for an Intune expert passionate about leveraging technology to create secure, seamless, and productive user experiences within a modern, cloud-based desktop environment. The W365 Architect will drive innovation and deliver optimized VDI solutions for our growing digital workplace.

CORE WORK ACTIVITIES

Provides engineering, oversight, governance, and tactical direction related to the cloud and workplace services that are required to enable the delivery of IT services
Provides input to the overall architecture, operational governance model
Research, designs, and tests components that are standards based, high performing, highly available, and secure in delivering the required business functionality
Educates internal and external users on the technologies to continually improve the knowledge and skill-base of the organization on how to operate and support the technology services
Participates in the evaluation and selection of service products
Supports analysis of the current environment to detect critical deficiencies and designs solutions for improvement
Utilizes capacity modeling to ensure systems have the necessary space and resources to perform the business strategy and goals.
Utilizes capability modeling to align systems strategy and planning with business strategy and goals
Consults with project teams to identify when it is necessary to modify services to accommodate project needs
Supports, implements, and promotes standard configuration and change management, processes and practices
Develop test plans, implementation plans, and project timelines for assigned projects
Leads Peer Design Reviews and Design Thinking sessions

Delivering Technology
Performs quantitative and qualitative analyses for service design processes and projects.
Participates with the Service Delivery and Transition teams in planning and coordinating implementation, reviewing quality control of systems functional design, usability, functionality, and implementation.
Coordinates with appropriate IT and vendor relation teams.
Acts as a 4th level of support to cloud and workplace products and platforms.
Provides early warning to leadership regarding degraded or missed service levels

IT Governance
Follows all defined standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
Maintains a proper balance between business and operational risk
Follows the defined project management standards and process

Managing Work, Projects, and Policies
Coordinates and implements work and projects as assigned.
Complies with Federal and State laws applying to procedures.
Generates and provides accurate and timely results in the form of reports, presentations, etc.
Analyzes information and evaluates results to choose the best solution and solve problems.
Manages the flow of questions and directs questions.

Supporting Operations

Works with team to put sustainable work processes and systems in place that support the execution of the strategy.
Establishes and maintains complete and up-to-date information to ensure accurate reporting.
Represents team in resolving situations.
Maintains and manages inventory and service operations.

Additional Responsibilities
Informs, updates, and provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.
Attends and participates in all relevant meetings.
Presents ideas, expectations, and information in a concise, organized manner.
Uses problem solving methodology for decision making and follow up.
Maintains positive working relations with internal customers and department managers.
Manages time effectively and conducts activities in an organized manner.
Performs other reasonable duties as assigned by manager.

The salary range for this position is $98,500 to $168,400 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus.

Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

The application deadline for this position is 28 days after the date of this posting, April 15, 2025.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

About the Team

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Job Description

JOB SUMMARY

The Sr. Systems Engineer will be responsible for the design, implementation, and comprehensive management of all Intune features specifically related to Windows 365 (W365) Cloud PC environments. This role requires an expert understanding of Microsoft Intune and its integration with W365, emphasizing compliance, security, device configuration, and seamless user experiences. The ideal candidate will bring in-depth experience in endpoint management and possess the ability to lead, optimize, and support complex Intune configurations. This role involves closely managing policies, application deployment, access control, and all facets of device lifecycle management within the Intune environment to maximize the effectiveness of W365 Cloud PCs across the organization.

CANDIDATE PROFILE

Education and Experience

Required:
Undergraduate degree in an engineering or computer science discipline, or equivalent experience/certification.
7+ years in information technology, including:

o 5+ years implementing cloud-based SaaS/Daas solutions and virtualization platforms and technologies.
o 3+ years specializing in virtual desktop infrastructure (VDI), with a focus on Windows 365 (W365) and Intune.
o 5+ years of automation experience in infrastructure provisioning using scripting and automation technologies.
o 3+ years in Intune management, including policy creation, compliance settings, app deployment, and endpoint security configurations.
o 3+ year experience in creating, deploying, and managing IntuneWin and custom MSI packages for streamlined app deployment in W365 environments.
o 3+ years of Microsoft Endpoint Manager, with expertise in managing Windows Autopilot, Conditional Access Policies, and compliance policies according to industry best practices.
o 5+ years working with scripting languages, such as PowerShell, for automation and endpoint management.
o 2+ years experience with Agile methodologies, including sprints, JIRA, and creating user stories to align with business requirements and technical needs.

Other Required Capabilities

W365 & Intune Policy Management:
Design and enforce provisioning policies tailored for W365 Cloud PCs, enabling seamless enrollment, configuration, and compliance.
Manage Intune compliance policies specific to W365, ensuring Cloud PCs meet regulatory and internal standards.
Establish device configuration policies for security settings, user permissions, network profiles, and connectivity, ensuring consistent, secure configurations across all W365 devices.
Implement security baselines specifically crafted for W365 in Intune, aligning with industry best practices for enhanced device security.

Application Deployment & Management:
Oversee application deployment strategies through Intune to ensure applications are securely and efficiently delivered to W365 devices.
Develop and manage Intune app configuration policies for smooth app installation, updating, and removal across the W365 fleet.
Configure app protection policies for Microsoft and third-party applications within W365 to enhance data security and user productivity.
Custom Package Development: Design and build custom MSI and Intunewin packages for application deployment in Intune, ensuring compatibility and optimized installation processes for W365 Cloud PC environments.

Conditional Access & Security Policies:
Understanding of conditional access policies within Intune and Azure AD for W365, managing access based on compliance, user location, and risk-based criteria.
Manage and implement endpoint security settings within Intune, including antivirus, encryption, intrusion detection, and real-time monitoring.

User Experience & Profile Management:
Optimize user profile management through Intune, ensuring personalized, consistent user experiences across W365 devices.
Leverage Intune's user and device-based settings to streamline experiences, including device restrictions, personalization, and default settings.
Profile management and configure persistent user settings, reducing login times and improving overall user satisfaction.

Device Configuration & Compliance:
Design configuration profiles for W365 devices to manage essential settings such as Wi-Fi, VPN, certificates, and device restrictions.
Monitor compliance through Intune reporting, ensuring W365 devices align with corporate security policies and regulatory requirements.
Perform regular reviews and adjustments to security and compliance configurations to align with emerging threats and policy updates.

Automation & Optimization:
Develop automation strategies using Intune PowerShell scripts and APIs to streamline repetitive tasks, device enrollment, compliance checks, and system updates.
Continuously monitor device performance, leveraging Intune analytics to identify bottlenecks and optimize device settings, application responsiveness, and user workflows.
Optimize W365 device cost efficiency by managing device configurations, lifecycle policies, and usage analytics to minimize resource wastage.

Patch Management & Updates:
Coordinate and manage all OS and application updates across W365 environments through Intune, maintaining patch compliance and security posture.
Design update rings and rollout schedules for controlled, secure, and timely updates, ensuring minimal disruption to W365 users.
Implement and manage Intune policies for Windows Update for Business (WUfB) within W365, balancing update requirements with user productivity.

Troubleshooting & Support:
Act as the primary escalation point for troubleshooting complex issues within the Intune-managed W365 environment, utilizing Intune diagnostic and logging tools.
Collaborate with IT support teams to develop Intune documentation, training materials, and support resources specific to W365 Cloud PCs.
Engage in proactive monitoring, leveraging Intune alerts and reports to address potential issues before they impact end users.

Qualifications:
Experience: 5+ years managing Intune, with a strong focus on W365 Cloud PC, Microsoft Endpoint Manager, and Azure AD environments.
Experience with Agile methodologies, including participation in sprints and using JIRA for project management and issue tracking, is essential; this includes creating and refining user stories that translate business requirements into actionable tasks for the team, ensuring alignment with project goals and user needs."
Technical Skills:
Proficiency with Intune MDM/MAM, Conditional Access, PowerShell scripting, Windows Autopilot, and multi-factor authentication (MFA).
Security Expertise: Demonstrated knowledge in endpoint security policies within Intune, including device compliance, conditional access, threat protection, and automated patching.
Core Competencies: Strong analytical skills, with an ability to translate complex technical requirements into practical Intune configurations. Excellent written and verbal communication skills to support cross-functional collaboration.

Preferred:
Extensive experience with Intune for application deployment, policy management, compliance settings, endpoint security, and automation for large-scale environments.
Proven track record in W365 Cloud PC and Intune strategy development and implementation.
Advanced understanding of Azure AD integration, configuration profiles, and compliance reporting within the Intune ecosystem.
This role is suited for an Intune expert passionate about leveraging technology to create secure, seamless, and productive user experiences within a modern, cloud-based desktop environment. The Sr. System Engineer will drive innovation and deliver optimized VDI solutions for our growing digital workplace.

This role is suited for an Intune expert passionate about leveraging technology to create secure, seamless, and productive user experiences within a modern, cloud-based desktop environment. The W365 Architect will drive innovation and deliver optimized VDI solutions for our growing digital workplace.

CORE WORK ACTIVITIES

Provides engineering, oversight, governance, and tactical direction related to the cloud and workplace services that are required to enable the delivery of IT services
Provides input to the overall architecture, operational governance model
Research, designs, and tests components that are standards based, high performing, highly available, and secure in delivering the required business functionality
Educates internal and external users on the technologies to continually improve the knowledge and skill-base of the organization on how to operate and support the technology services
Participates in the evaluation and selection of service products
Supports analysis of the current environment to detect critical deficiencies and designs solutions for improvement
Utilizes capacity modeling to ensure systems have the necessary space and resources to perform the business strategy and goals.
Utilizes capability modeling to align systems strategy and planning with business strategy and goals
Consults with project teams to identify when it is necessary to modify services to accommodate project needs
Supports, implements, and promotes standard configuration and change management, processes and practices
Develop test plans, implementation plans, and project timelines for assigned projects
Leads Peer Design Reviews and Design Thinking sessions

Delivering Technology
Performs quantitative and qualitative analyses for service design processes and projects.
Participates with the Service Delivery and Transition teams in planning and coordinating implementation, reviewing quality control of systems functional design, usability, functionality, and implementation.
Coordinates with appropriate IT and vendor relation teams.
Acts as a 4th level of support to cloud and workplace products and platforms.
Provides early warning to leadership regarding degraded or missed service levels

IT Governance
Follows all defined standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
Maintains a proper balance between business and operational risk
Follows the defined project management standards and process

Managing Work, Projects, and Policies
Coordinates and implements work and projects as assigned.
Complies with Federal and State laws applying to procedures.
Generates and provides accurate and timely results in the form of reports, presentations, etc.
Analyzes information and evaluates results to choose the best solution and solve problems.
Manages the flow of questions and directs questions.

Supporting Operations

Works with team to put sustainable work processes and systems in place that support the execution of the strategy.
Establishes and maintains complete and up-to-date information to ensure accurate reporting.
Represents team in resolving situations.
Maintains and manages inventory and service operations.

Additional Responsibilities
Informs, updates, and provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.
Attends and participates in all relevant meetings.
Presents ideas, expectations, and information in a concise, organized manner.
Uses problem solving methodology for decision making and follow up.
Maintains positive working relations with internal customers and department managers.
Manages time effectively and conducts activities in an organized manner.
Performs other reasonable duties as assigned by manager.

The salary range for this position is $98,500 to $168,400 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus.

Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

The application deadline for this position is 28 days after the date of this posting, April 15, 2025.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

About the Team

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.