AI Summary
ProAmpac is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role, not a helpdesk position. You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment.
Key Highlights
Endpoint Engineer for Cloud & Digital Workplace Services team
100% remote, hands-on engineering role
Manage Microsoft Intune, Windows Autopilot, mobile device management, and plant-floor mobility program
Key Responsibilities
Serve as the primary Intune administrator across Windows, iOS, iPadOS, and Android
Administer Conditional Access compliance integration with Entra ID
Manage application deployment via Intune
Design and maintain Autopilot deployment profiles and enrollment flows
Manage device registration, hardware hash import, and profile assignment
Troubleshoot Autopilot enrollment failures and maintain runbooks
Collaborate with the UEM & Packaging Engineer on app sequencing during provisioning
Administer Intune MDM/MAM for iOS, iPadOS, and Android corporate and BYOD devices
Manage Apple Business Manager integration with Intune
Configure app protection policies for BYOD scenarios
Manage mobile device lifecycle from provisioning through retirement
Troubleshoot mobile enrollment and compliance issues
Administer SOTI MobiControl for rugged Android handhelds, RF scanners, and terminals
Manage enrollment, configuration profiles, app deployment, and kiosk policies for plant-floor device groups
Troubleshoot plant-floor device issues
Support device staging for new site openings and plant expansions
Administer Jamf Pro for ~100 Mac devices
Provide Tier 2/3 support for macOS issues
Maintain macOS packaging workflows and runbooks
Manage IGEL OS thin client configuration, policy, and patching
Support thin client deployments for new sites
Maintain configuration standards and deployment runbooks
Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies
Apply and maintain endpoint hardening baselines across Windows, macOS, and mobile platforms
Support management of the enterprise digital signage platform (Skykit)
Own endpoint asset data quality in Lansweeper for all assigned device types
Drive asset management process adherence by the Service Desk
Maintain working proficiency in application packaging (MSI, IntuneWin) to build and deploy packages via Intune independently
Document and maintain runbooks, SOPs, and change records in ServiceDesk Plus
Participate in the Change Advisory Board (CAB)
Participate in the Endpoint Engineering on-call rotation
Technical Skills Required
Benefits & Perks
100% remote work
Clear path for skill development
Professional development support including training and certification opportunities
Nice to Have
Microsoft MD-102 (Endpoint Administrator Associate) certification
Experience with Jamf Pro for macOS device management
Experience with SOTI MobiControl or comparable plant-floor/rugged device management platforms
Experience with IGEL OS or thin client management platforms
Experience supporting manufacturing or multi-site industrial environments
Job Description
Description
Position Summary
ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role, not a helpdesk position. You will own Microsoft Intune, Windows Autopilot, mobile device management across iOS, iPadOS, and Android, and our plant-floor mobility program (SOTI MobiControl) across a rapidly growing multi-site manufacturing environment.
ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites. You will be enrolling and managing thousands of mobile and plant-floor devices, driving zero-touch workstation provisioning via Autopilot, and building out mobile management standards as new sites come online. Your counterpart on the team owns Endpoint Central and packaging both engineers cross-train on each other's primary platforms for full coverage.
What You'll Do
Microsoft Intune — Primary Platform
- Serve as the primary Intune administrator across Windows, iOS, iPadOS, and Android: MDM/MAM policies, compliance policies, configuration profiles, and application deployment.
- Administer Conditional Access compliance integration with Entra ID; monitor enrollment health and compliance dashboards and resolve failures across all supported platforms.
- Manage application deployment via Intune: IntuneWin packages, Microsoft Store apps, LOB apps, and app protection policies for corporate and BYOD devices.
- Design and maintain Autopilot deployment profiles and enrollment flows for zero-touch workstation provisioning across a growing fleet.
- Manage device registration, hardware hash import, and profile assignment; coordinate with procurement and the Service Desk for new device intake.
- Troubleshoot Autopilot enrollment failures and maintain runbooks for common failure scenarios.
- Collaborate with the UEM & Packaging Engineer on app sequencing during provisioning to ensure a complete, compliant out-of-box experience.
- Administer Intune MDM/MAM for iOS, iPadOS, and Android corporate and BYOD devices: enrollment, policy, app deployment, compliance, and remote actions.
- Manage Apple Business Manager integration with Intune; maintain DEP enrollment profiles and VPP app licensing.
- Configure app protection policies for BYOD scenarios; manage mobile device lifecycle from provisioning through retirement.
- Troubleshoot mobile enrollment and compliance issues; coordinate with Networking on WiFi and connectivity dependencies.
- Administer SOTI MobiControl for rugged Android handhelds, RF scanners, and terminals used in manufacturing and warehouse operations.
- Manage enrollment, configuration profiles, app deployment, and kiosk policies for plant-floor device groups.
- Troubleshoot plant-floor device issues; coordinate with plant operations and Networking on WiFi coverage and VLAN requirements.
- Support device staging for new site openings and plant expansions.
Interested in remote work opportunities in Development & Programming? Discover Development & Programming Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- Administer Jamf Pro for ~100 Mac devices: enrollment, configuration profiles, patch management, application deployment, and compliance reporting.
- Provide Tier 2/3 support for macOS issues; maintain macOS packaging workflows and runbooks.
- Manage IGEL OS thin client configuration, policy, and patching in coordination with the Networking & Hardware Services team.
- Support thin client deployments for new sites; maintain configuration standards and deployment runbooks.
- Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices.
- Apply and maintain endpoint hardening baselines across Windows, macOS, and mobile platforms; coordinate with InfoSec on gap remediation.
- Support management of the enterprise digital signage platform (Skykit): device enrollment, content policy, and operational support across ProAmpac sites.
- Own endpoint asset data quality in Lansweeper for all assigned device types; drive asset management process adherence by the Service Desk.
- Maintain working proficiency in application packaging (MSI, IntuneWin) to build and deploy packages via Intune independently and to cover your counterpart when needed.
- Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB).
- Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support.
- 3–5 years of enterprise endpoint engineering or systems administration experience focused on MDM, UEM, or modern device management platforms.
- Strong Microsoft Intune experience: MDM/MAM policy design, compliance policies, configuration profiles, and application deployment across Windows and mobile platforms.
- Hands-on Windows Autopilot experience: deployment profile design, enrollment flows, and troubleshooting in an enterprise environment.
- Experience managing iOS/iPadOS and Android devices in an enterprise MDM environment, including Apple Business Manager and DEP enrollment.
- Working application packaging experience for Intune: IntuneWin format and LOB app deployment at minimum.
- Proficiency in PowerShell scripting for automation, reporting, and operational workflows.
- Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration.
- Strong troubleshooting skills across Windows 10/11, iOS, and Android platforms.
- Self-motivated, detail-oriented, and able to manage concurrent tasks independently.
- Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience.
- Preferred: Microsoft MD-102 (Endpoint Administrator Associate) certification or actively working toward it.
- Preferred: experience with Jamf Pro for macOS device management.
- Preferred: experience with SOTI MobiControl or comparable plant-floor/rugged device management platforms.
- Preferred: experience with IGEL OS or thin client management platforms.
- Preferred: experience supporting manufacturing or multi-site industrial environments.
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Join a nearly $5 billion packaging company scaling rapidly through acquisition with a major infrastructure modernization underway.
- Own a packaging practice and server patching program that will scale dramatically, this is a build role, not a maintain role.
- Clear path for skill development as our environment grows, you will work on real scale, not a stable steady-state environment.
- Professional development support including training and certification opportunities.
This is a 100% remote position. Candidates must be based in the United States and able to work during US business hours. Eastern or Central time zones are preferred for team collaboration.
Travel: This position may require occasional travel (up to 20%) for site support and team meetings.
Additional Information
This role includes participation in a rotating on-call schedule to support endpoint infrastructure. Escalations for service-impacting issues may occur outside standard business hours (8am–6pm).
ProAmpac is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by applicable law. EEO – M/F/Disability/Vets
To apply, please submit your resume and cover letter.
#CORP
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.
Job Category: Information Technology
Full-Time
Similar Jobs
Explore other opportunities that match your interests
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Mid-Senior level
tapcart
United State
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Associate
agilegrid solutions
United State
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Mid-Senior level
retail success co
United State