Endpoint Engineer - Modern Endpoint & Mobility
Posted 2026-05-06Position Summary
ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role, not a helpdesk position. You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment.
ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites. You will be enrolling and managing thousands of mobile and plant-floor devices, driving zero-touch workstation provisioning via Autopilot, and building out mobile management standards as new sites come online. Your counterpart on the team owns Endpoint Central and packaging both engineers cross-train on each other's primary platforms for full coverage.
What You'll Do
Microsoft Intune — Primary Platform
Serve as the primary Intune administrator across Windows, iOS, iPadOS, and Android: MDM/MAM policies, compliance policies, configuration profiles, and application deployment.
Administer Conditional Access compliance integration with Entra ID; monitor enrollment health and compliance dashboards and resolve failures across all supported platforms.
Manage application deployment via Intune: IntuneWin packages, Microsoft Store apps, LOB apps, and app protection policies for corporate and BYOD devices.
Windows Autopilot — Zero-Touch Deployment
Design and maintain Autopilot deployment profiles and enrollment flows for zero-touch workstation provisioning across a growing fleet.
Manage device registration, hardware hash import, and profile assignment; coordinate with procurement and the Service Desk for new device intake.
Troubleshoot Autopilot enrollment failures and maintain runbooks for common failure scenarios.
Collaborate with the UEM & Packaging Engineer on app sequencing during provisioning to ensure a complete, compliant out-of-box experience.
Mobile Device Management — iOS, iPadOS & Android
Administer Intune MDM/MAM for iOS, iPadOS, and Android corporate and BYOD devices: enrollment, policy, app deployment, compliance, and remote actions.
Manage Apple Business Manager integration with Intune; maintain DEP enrollment profiles and VPP app licensing.
Configure app protection policies for BYOD scenarios; manage mobile device lifecycle from provisioning through retirement.
Troubleshoot mobile enrollment and compliance issues; coordinate with Networking on WiFi and connectivity dependencies.
SOTI MobiControl — Plant-Floor Mobility
Administer SOTI MobiControl for rugged Android handhelds, RF scanners, and terminals used in manufacturing and warehouse operations.
Manage enrollment, configuration profiles, app deployment, and kiosk policies for plant-floor device groups.
Troubleshoot plant-floor device issues; coordinate with plant operations and Networking on WiFi coverage and VLAN requirements.
Support device staging for new site openings and plant expansions.
macOS Management — Jamf Pro
Administer Jamf Pro for ~100 Mac devices: enrollment, configuration profiles, patch management, application deployment, and compliance reporting.
Provide Tier 2/3 support for macOS issues; maintain macOS packaging workflows and runbooks.
Thin Client Management — IGEL OS
Manage IGEL OS thin client configuration, policy, and patching in coordination with the Networking & Hardware Services team.
Support thin client deployments for new sites; maintain configuration standards and deployment runbooks.
Endpoint Security Configuration
Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices.
Apply and maintain endpoint hardening baselines across Windows, macOS, and mobile platforms; coordinate with InfoSec on gap remediation.
Digital Signage — Skykit
- Support management of the enterprise digital signage platform (Skykit): device enrollment, content policy, and operational support across ProAmpac sites.
Asset Management
- Own endpoint asset data quality in Lansweeper for all assigned device types; drive asset management process adherence by the Service Desk.
Application Packaging — Cross-Training
- Maintain working proficiency in application packaging (MSI, IntuneWin) to build and deploy packages via Intune independently and to cover your counterpart when needed.
Documentation & On-Call
- Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB).
- Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support.
What You'll Bring
3–5 years of enterprise endpoint engineering or systems administration experience focused on MDM, UEM, or modern device management platforms.
Strong Microsoft Intune experience: MDM/MAM policy design, compliance policies, configuration profiles, and application deployment across Windows and mobile platforms.
Hands-on Windows Autopilot experience: deployment profile design, enrollment flows, and troubleshooting in an enterprise environment.
Experience managing iOS/iPadOS and Android devices in an enterprise MDM environment, including Apple Business Manager and DEP enrollment.
Working application packaging experience for Intune: IntuneWin format and LOB app deployment at minimum.
Proficiency in PowerShell scripting for automation, reporting, and operational workflows.
Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration.
Strong troubleshooting skills across Windows 10/11, iOS, and Android platforms.
Self-motivated, detail-oriented, and able to manage concurrent tasks independently.
Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience.
Preferred: Microsoft MD-102 (Endpoint Administrator Associate) certification or actively working toward it.
Preferred: experience with Jamf Pro for macOS device management.
Preferred: experience with SOTI MobiControl or comparable plant-floor/rugged device management platforms.
Preferred: experience with IGEL OS or thin client management platforms.
Preferred: experience supporting manufacturing or multi-site industrial environments.
Why ProAmpac
- Join a nearly $5 billion packaging company scaling rapidly through acquisition with a major infrastructure modernization underway.
- Own a packaging practice and server patching program that will scale dramatically, this is a build role, not a maintain role.
- Clear path for skill development as our environment grows, you will work on real scale, not a stable steady-state environment.
- Professional development support including training and certification opportunities.
Location and Work Arrangement
This is a 100% remote position. Candidates must be based in the United States and able to work during US business hours. Eastern or Central time zones are preferred for team collaboration.
Travel: This position may require occasional travel (up to 20%) for site support and team meetings.
Additional Information
This role includes participation in a rotating on-call schedule to support endpoint infrastructure. Escalations for service-impacting issues may occur outside standard business hours (8am–6pm).
ProAmpac is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by applicable law. EEO – M/F/Disability/Vets
To apply, please submit your resume and cover letter.
#CORP