L2 - Endpoint Engineer

🌍 Location: Fully Remote

📝 Engagement: Full-Time

⏰ Working Hours: Standard EST Business Hours

💰 Compensation: Competitive & Negotiable + 20 PTOs

💡 About Zazz

At Zazz.io, we build world-class custom digital solutions that power innovation across industries. With over 763 successful application releases, we’ve partnered with startups, Fortune 500 companies, and government agencies to deliver cutting-edge products in healthcare, finance, e-commerce, and entertainment.

Our mission is simple: turn bold ideas into impactful digital experiences.

🔐 The Opportunity

The L2 Endpoint Engineer plays a critical role in managing and securing client endpoints across Windows and macOS platforms. This role focuses on Microsoft 365 administration, Intune-based device management, security baseline enforcement, patching, backup integration (Acronis + Axcient), and maintaining compliance posture through NinjaOne and Microsoft tools. L2 acts as the primary operational layer between L1 support and L3/Technical Leads.

⚡ What You’ll Do

Microsoft 365 Administration

• Manage and maintain M365 tenants including Exchange Online, Intune, Defender for Endpoint, and Compliance Center.
• Configure Autopilot enrollment, device provisioning profiles, compliance policies, and Conditional Access to support Zero Trust enforcement.
• Manage and monitor Defender for Endpoint security baselines, including EDR, ASR rules, and DLP configurations.

Endpoint Security & Management

• Deploy and manage Acronis Cyber Protect agents on endpoints for patching, anti-malware, vulnerability scanning, and backups.
• Manage OS and 3rd-party application patching through NinjaOne and Acronis patching engines, ensuring compliance with MSP patching SLAs.
• Deploy and monitor Sophos and Huntress agents, ensuring telemetry is active and alerts are triaged/escalated properly.
• Manage macOS devices (via Kandji/Jamf or Intune), applying equivalent baseline and security policies where applicable.

Application & Policy Management

• Create and manage application deployment catalogs via Intune and NinjaOne for common productivity/security apps.
• Maintain device grouping, tagging, and policy assignments in NinjaOne & Intune for structured device management.

Automation & Remediation

• Develop and maintain PowerShell scripts for configuration, remediation, reporting, and repetitive tasks.
• Automate baseline enforcement using NinjaOne workflows and Intune scripts.

Compliance & Reporting

• Support HIPAA/SOC 2/GDPR compliance by ensuring devices meet encryption, patching, and baseline requirements.
• Assist vCIO and Security teams with device compliance reporting, Acronis vulnerability summaries, and DLP enforcement checks.

Onboarding & Documentation

• Perform structured endpoint onboarding including RMM, Intune, Acronis, Defender, and backup configuration.
• Maintain accurate and detailed endpoint documentation for each client in the centralized knowledge base (e.g., Hudu/Confluence).
• Escalate unresolved endpoint issues to Technical Lead or Security Consultant with complete RCA notes.

🛠 What You Bring

• 4–7 years of experience in endpoint and M365 administration in MSP or enterprise environments.
• Advanced Intune configuration: Autopilot, compliance policies, Conditional Access, Defender baselines.
• Hands-on experience with Acronis Cyber Protect endpoint modules (backup, patching, vulnerability).
• Strong understanding of Defender for Endpoint configuration, DLP, and attack surface reduction.
• Proficiency with NinjaOne policies, device grouping, and workflows.
• Strong scripting skills (PowerShell, remediation, and automation scenarios).
• Exposure to macOS device management.
• Ability to interpret compliance/security requirements and apply to endpoint policies (HIPAA, SOC 2, GDPR).
• Strong documentation discipline and structured troubleshooting approach.

Tools & Platforms

• Productivity & Identity: Microsoft 365 E3/E5, Intune, Entra ID, Defender for Endpoint, Compliance Center
• RMM: NinjaOne (policy enforcement, patching, automation)
• Backup & Security: Acronis Cyber Protect, Axcient, Sophos XDR/MDR, Huntress
• Apple MDM: Kandji / Jamf / Intune (as applicable)
• Automation: PowerShell, Intune scripting, NinjaOne workflows

💜 Why You’ll Love Working Here

• Be part of a remote-first, collaborative, high-performing team
• Lead innovative security projects for top-tier global clients
• Enjoy a culture that values your voice, ideas, and career growth