Job Description Summary

As the Enterprise PC Architect, you will be the primary visionary and technical authority for our global Windows and Mac ecosystem. You aren't just managing laptops; you are architecting a highly scalable, zero-trust "Productivity Platform." You will replace legacy imaging with true cloud-native provisioning, leverage real-time telemetry to preemptively fix issues, and ensure that our 100k+ node fleet remains compliant without hindering the user experience.

Job Description

Key Responsibilities

1. Global Scalability & Lifecycle (100k+ Nodes)

• Architectural Strategy: Design and maintain a "Cloud-First" endpoint strategy that scales to 100,000 nodes across global regions.

• Staged Rollouts (Rings): Define and govern deployment rings (Canary, Pilot, Broad) to ensure stability during OS updates and application pushes.

• Data-Driven Decisions: Use KQL (Kusto Query Language) to build custom workbooks and dashboards in Log Analytics, turning raw telemetry into actionable fleet health insights.

• Automation at Scale: Utilize Microsoft Graph API for bulk Intune object manipulation, automated policy assignments, and cross-tenant consistency.

2. Modern Provisioning (Intune / Autopilot)

• Zero-Touch Excellence: Mature the Windows Autopilot program to achieve a "shrink-wrap to productivity" experience.

• Frictionless Onboarding: Minimize the Enrollment Status Page (ESP) footprint by optimizing app blocking logic and offloading non-critical installs to post-provisioning phases.

• OEM Integration: Partner with hardware vendors to automate Hardware Hash harvesting and direct-to-employee shipping workflows.

3. Real-Time Operations (Tanium Ops)

• Fleet Hygiene: Architect Tanium workflows for real-time patching, vulnerability remediation, and software inventory.

• Instant Remediation: Design custom Tanium Sensors and Packages to identify and fix configuration drift (registry keys, file versions, or zombie processes) across the entire 100k fleet in seconds.

• Performance Monitoring: Leverage Tanium Performance telemetry to identify "noisy" apps or hardware bottlenecks before the user opens a ticket.

4. Security & Compliance (M365 E5)

• Identity-Driven Access: Design and manage complex Conditional Access (CA) policies that enforce device compliance as a prerequisite for accessing corporate data.

• Least Privilege: Implement Microsoft Endpoint Privilege Management (EPM) to eliminate local admin rights while providing a seamless "elevation on-demand" experience for developers and power users.

• Compliance Baselines: Maintain a "Continual Compliance" posture, using Intune and Tanium to verify security baselines (BitLocker, Defender, Firewall) in real-time.

5. Advanced Root Cause Analysis

• Beyond the "Reimage": Lead Tier 4 investigations into systemic issues. You are expected to dig into Intune Management Extension (IME) logs, event viewers, and ETL traces rather than defaulting to a factory reset.

• Telemetry Mastery: Proactively hunt for fleet-wide "silent failures" using Log Analytics and Tanium, ensuring that the "Root Cause" is identified and automated away.

6. Leadership Experience and Financial Management

• Strategic Technical Leadership: Proven experience leading cross-functional engineering teams to define and execute multi-generational hardware roadmaps, ensuring alignment with long-term corporate vision and market trends.

• Budget & P&L Management: Demonstrated proficiency in managing large budgets, including OPEX/CAPEX allocation, vendor contract negotiations, and cost-benefit analyses to ensure product development remains profitable without compromising quality.

• Operational Financial Oversight: Ability to collaborate with Finance and Supply Chain teams to optimize costs, track project burn rates, and implement cost-reduction strategies through strategic component sourcing and platform standardization.

7. Drive and support M&A activities related to DWP

• Due Diligence & Infrastructure Assessment: Proven ability to conduct comprehensive technical audits of an acquisition target’s endpoint environment—evaluating hardware lifecycles, fleet health, and security postures—to identify integration risks and estimate the total cost of ownership (TCO) for harmonizing disparate fleets.

• Post-Merger Integration (PMI) Strategy: Experience designing and executing scalable, unified "Day 1" and "Day 2" hardware deployment strategies that ensure seamless user transitions, including the standardization of global device personas and the consolidation of heterogeneous PC imaging and provisioning systems (e.g., Autopilot, Intune).

• Digital Workplace Transformation & Synergy Realization: Demonstrated expertise in aligning acquired technology stacks with the parent company’s Digital Workplace vision, focusing on optimizing vendor contracts and hardware supply chains to capture immediate cost synergies while improving the overall employee experience (EX).

Technical Requirements

• Expertise: Significant experience in Endpoint Engineering with proven experience in an Architect-level role managing 50k+ nodes.

• Scripting: Mastery of PowerShell and familiarity with C# / .NET for Graph API integrations.

• Cloud Stack: Deep expertise in the Microsoft 365 E5 suite (Intune, Defender for Endpoint, Entra ID).

• Remediation: Proven experience with Tanium (specifically Patch, Deploy, and Asset modules).

• Data: Proficient in KQL (Kusto) for querying Azure Resource Graph and Log Analytics.

Soft Skills

• User-Centric Design: You view "User Friction" as a technical bug that must be fixed.

• Strategic Communication: Ability to translate 100k-node data trends into executive-level summaries.

• Mentorship: A desire to upskill Tier 2/3 engineering teams to adopt an "Automate Everything" mindset.

Additional Information