Senior Endpoint Engineer

When you join Sunrise Senior Living, you will be able to use your unique skills to empower residents to live longer, healthier, and happier lives. Not only will you build meaningful relationships with residents, their families, and team members alike, you will also gain joy in serving others and deep fulfillment in your work. Explore how you can follow your passions and shed light on meaningful ways to serve, grow, and shine together.

Sunrise Senior Living was again certified as a Great Place to Work® by Activated Insights. This is the 8th time Sunrise has received this top culture and workplace designation, highlighting the special place Sunrise is to be a part of.

COMMUNITY NAME

Community Support Office

Job ID

2026-237245

JOB OVERVIEW

The Senior Endpoint Engineer is the technical owner for automatic provisioning and lifecycle management of Sunrise’s endpoint fleet. You will design and operate a zero-touch provisioning with secure, compliant images, policy management (Intune MDM/MAM) and endpoint protection (Microsoft Defender for Endpoint). You’ll drive device standards, packaging, patching, telemetry/analytics and Azure Virtual Desktop image/host pool operations. Continuously improving performance, reliability and security while reducing hands-on support.

RESPONSIBILITIES & QUALIFICATIONS

Essential Duties

As a part of the Sunrise team, supporting our Mission, Principles of Service and Core Values is a fundamental part of this job. Our foundational belief is the sacred value of human life. The unique responsibilities for this role include but are not limited to the essential functions listed as follows:

• Architect and run Windows Autopilot onboarding at scale (device enrollment, dynamic groups, deployment profiles, hardware hash workflows), delivering consistent, secure builds with minimal manual touch.
• Maintain gold images and configuration baselines (BitLocker, local admin strategy/LAPS, firewall, ASR rules, device control, credential guard, secure boot).
• Own configuration profiles, compliance policies, app protection policies, and Conditional Access alignment with Security; implement role-based access and segregation for admin operations.
• Ensure Defender for Endpoint onboarding, EDR, vulnerability management, and alerting are configured, tuned, and measured; drive remediation at scale.
• Deploy, configure, and maintain endpoint devices and associated software (Win32/MSIX packages, certificate, Wi-Fi, VPN profiles, browser policies).
• Lead Windows Update for Business and Autopatch strategy, update rings, and reporting; coordinate out-of-band security updates as needed.
• Own AVD image strategy (AIB or equivalent), FSLogix profiles, host pool scaling policies, monitoring and diagnostics, and session reliability; standardize app packaging for AVD.
• Automate Intune, Defender, and AVD via Microsoft Graph API, PowerShell, and Python; manage configurations in source control and implement peer review and change controls.
• Publish build standards, runbooks, packaging guides, and break-glass procedures; mentor Service Desk and Desktop teams.
• Maintain compliance in assigned required training and all training required by state/province or other regulating authorities as applicable to this role to ensure that Sunrise standards are always met.
• Perform other duties as assigned.

Core Competencies

• Excellent written and oral communication skills.
• Strong critical thinking, analytical reasoning, and thought leadership skills.
• Ability to bridge engineering, product, security, and operations teams to align on goals and foster shared responsibility.
• Project management skills.

Experience and Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed throughout this job description are representative of the knowledge, skills, and abilities required.

• Proven experience implementing Intune and Autopilot (or equivalent zero-touch MDM) for large Windows fleets, including dynamic assignments and deployment profiles.
• Deep knowledge of Microsoft Defender for Endpoint, BitLocker, ASR rules, device control, and endpoint hardening frameworks such as CIS Benchmarks.
• Hands-on experience with configuration and compliance policies, app protection, certificates (SCEP, PKCS, PFX), and Conditional Access alignment.
• Proficiency in PowerShell and Python with ability to automate via Microsoft Graph API and REST.
• Demonstrated results improving boot times, sign-in performance, reliability, and patch compliance using telemetry and service-level objectives.
• Strong understanding of TCP/IP, DNS, DHCP, Azure AD/Entra device states, RBAC, and group-based targeting.
• Five to eight or more years of experience in End-User Computing or Endpoint Engineering, with at least three years owning Intune and Defender in production environments.

ABOUT SUNRISE

Ready to take the next step and make a bigger impact than you ever imagined? As part of our team, you will help brighten the future for everyone at Sunrise and beyond. That is why we make it a priority to celebrate the unique ways you bring moments of togetherness and joy to everyone you serve. And when combined with the support, benefits, and growth opportunities we offer, the result is a career that PositivelyShines with everything you need to reach your goals – at work and in your life.

We also offer benefits and other compensation that include:

• Medical, Dental, Vision, Life, and Disability Plans
• Retirement Savings Plans
• Employee Assistant Program / Discount Program
• Paid time off (PTO), sick time, and holiday pay
• myFlexPay offered to get paid within hours of a shift
• Tuition Reimbursement
• In addition to base compensation, Sunrise may offer discretionary and/or non-discretionary bonuses. The eligibility to receive such a bonus will depend on the employee’s position, plan/program offered by Sunrise at the time, and required performance pursuant to the plan/program.
• Some benefits have eligibility requirements

Apply today to learn why Sunrise Senior Living is a certified Great Place to Work®

PRE-EMPLOYMENT REQUIREMENTS

Sunrise considers the health and safety of its residents, family members, and team members among its highest priorities. Employment with Sunrise is contingent upon completing and passing a drug test (which does not include marijuana) and Tuberculosis Test, and a physical evaluation and a background check where required. Covid-19 and Influenza vaccination may be required if mandated by applicable federal, state, and local laws and authorities.

COMPENSATION DISCLAIMER

Selected candidates will be offered competitive compensation based on geographic location of community/office, skills, experience, qualifications, and certifications/licenses (where applicable).