Share this job
Endpoint Engineer | Systems Administrator
San Antonio, TX
Apply for this job

Endpoint Engineer | Systems Administrator

Location: San Antonio, TX (Hybrid On-Prem/Cloud Environment)

Clearance Level: Public Trust (ADP/IT-II) or Tier 3 Investigation (NACLC)


Program Overview:

The Defense Health Agency’s Domain and Directory Services Branch (DDSB) sustains a global IT enterprise serving over 200,000 users and 250,000 devices across 250+ military medical sites worldwide. Endpoint Engineering Services plays a critical role in enabling secure, reliable, and centrally managed endpoint operations across hybrid environments—spanning on-premises infrastructure, cloud, and SaaS platforms. The team develops engineering frameworks that ensure endpoint consistency, performance, compliance, and support for mission-critical medical readiness.


Summary:

The Endpoint System Admin is responsible for architecting, developing, and sustaining endpoint management and delivery solutions that meet DoD and DHA operational and security requirements. This includes designing compliant application packaging, security configurations, software deployments, and mobile device solutions across the hybrid DHA ecosystem. The engineer will also lead Tier 3/4 support efforts, drive endpoint automation and modernization initiatives, and provide technical leadership in support of RMF and Zero Trust alignment.


Key Responsibilities:

Application Integration & Enterprise Management:

  • Engineer and deploy endpoint management solutions (MECM, Intune, etc.) for both virtual and physical environments.
  • Package, test, and configure baseline applications and images for DHA endpoints.
  • Architect endpoint delivery frameworks to support centralized provisioning, patching, monitoring, and sustainment of services across hybrid (on-prem/cloud/SaaS) environments.
  • Engineer migration strategies from MECM to Intune and develop modern endpoint reporting capabilities.

Endpoint & Identity Security:

  • Validate endpoint compliance with DISA STIGs, DoDI 8510.01 (RMF), and NIST cybersecurity standards.
  • Conduct risk assessments and apply IA controls across all application and OS lifecycle stages.
  • Engineer and maintain endpoint configurations supporting Zero Trust, encryption, data-at-rest (DAR), and continuous monitoring.
  • Maintain artifacts in eMASS, including POA&Ms, risk assessments, and continuous monitoring documentation.

Desktop & Endpoint Engineering:

  • Build and maintain desktop OS images and standard software configurations for enterprise deployment.
  • Engineer solutions supporting task sequences, group policies, and profile/data management.
  • Modernize legacy configurations and support cloud-managed endpoints for improved user experience and performance.
  • Validate application compatibility and implement endpoint enhancements using industry best practices.

Mobile Engineering:

  • Design and implement mobile device provisioning, OS/firmware upgrades, and security configurations.
  • Develop transition plans for migrating MDM platforms while preserving user experience and enterprise controls.

Software Design & System Integration:

  • Research and develop system-level software solutions, including embedded systems and distribution frameworks.
  • Formulate operational specs and conduct in-depth requirement analyses to improve endpoint architectures.

Application Packaging & Automation:

  • Engineer, script, and deliver application packages using enterprise deployment tools.
  • Test application delivery using hypervisors and simulate endpoint software combinations.
  • Ensure compliance with DISA/NIST STIGs in application packaging and configuration management.
  • Maintain application baselines and automate patching and updates.

Preferred Tools & Technologies:

  • Microsoft MECM (SCCM), Intune, MDT, PowerShell
  • Windows Server OS, Windows 10/11
  • Hyper-V, Azure, Entra ID, GPO
  • ActivClient, eMASS, DISA STIG Viewer
  • SCAP Compliance Checker, NIST 800-series
  • Application packaging tools (AdminStudio, WiseScript, etc.)


Education & Certification Requirements (per DoD 8140 Qualification Matrices)

1) Microsoft Certified: Azure Administrator Associate or Windows Server Hybrid Administrator Associate

2) Any of the following...

  • Academic Education: Bachelor’s degree in information technology, Cybersecurity, or a related discipline.
  • OR Baseline: Cloud+ or GICSP or SSCP or Security+ or GSEC or GLSC or CISSP
  • OR DoD/Military Training: F07DZZ1 or M03385G or M10395B or M223854 or A-150-0045 now W-250-0750 or A-531-0021 or W-250-0750 or A-150-3400 now W-250-0750 or A-150-1980 or A-150-1202 or A-150-1203 or A-150-1250 or A-150-1855 / A-150-1940 or A-113-0205 or A-113-0175 or A-113-0018 or A-113-0382 or A-113-0027 or A-113-0383 or A-113-0175 or A-113-0202 or A-113-0233 or DISA-US1379




Apply for this job
Powered by