Senior Intune / Endpoint Security Engineer
- Pay Rate: $84.87/hour, depending on experience
- Contract Length: 3 Months
- Location: Calgary, Alberta
Raise is currently hiring a Senior Intune / Endpoint Security Engineer on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client, is a major Canadian airline.
Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.
Description
The Intune / Endpoint Security Engineer in this role will lead the implementation of Windows endpoint hardening standards using Microsoft Security Baselines and CIS Benchmark recommendations. A primary focus of this contract is driving the migration of legacy Active Directory Group Policies (GPOs) to modern Microsoft Intune architecture, establishing a robust, cloud-native security posture for 's endpoint ecosystem.
Responsibilities
- 1. Security Baseline Implementation
- Assessment: Review current endpoint security posture against Microsoft Security Baselines.
- Risk Categorization: Evaluate CIS Benchmark recommendations and categorize controls based on risk, technical complexity, and business operational impact.
- Planning: Develop and execute phased implementation plans for CIS controls.
- Documentation: Document approved security exceptions and identify appropriate compensating controls.
- Maintenance: Establish long-term governance processes for future security baseline maintenance and updates.
- 2. GPO Migration & Modernization
- Analysis: Inventory and analyze existing legacy GPOs to identify duplicate, conflicting, deprecated, or obsolete policies.
- Mapping: Map legacy GPO settings directly to modern Microsoft Intune feature sets, including:
- Intune Settings Catalog
- Administrative Templates
- Endpoint Security Policies
- Security Baselines & Compliance Policies
- Profile Design: Architecture modular, scalable Intune configuration profiles.
- Validation: Test and validate policy parity between the legacy GPO environment and Microsoft Intune to ensure no coverage gaps.
- 3. Architecture & Governance
- Standards: Establish a clean baseline profile structure and standardized naming conventions.
- Deployment: Create ring-based policy deployment structures and comprehensive testing methodologies.
- Change Control: Implement strict change control management and rapid rollback processes.
- Enablement: Create operational runbooks and Tier 2/3 support documentation for operational handoff.
- Strategy: Define ongoing governance guidelines for continuous security configuration management.
- Qualifications
- 10+ years of enterprise-level endpoint management experience.
- 5+ years of dedicated engineering experience within Microsoft Intune (Microsoft Endpoint Manager).
- Proven track record of migrating large-scale enterprise environments from Active Directory GPOs to Microsoft Intune.
- Deep expertise implementing Microsoft Security Baselines and translating CIS Benchmark recommendations into technical policy.
- Strong experience designing modular configuration profiles from raw benchmark requirements.
- Advanced PowerShell scripting skills for endpoint automation, reporting, and custom remediation.
- Nice-to-Haves:
- Experience engineering in highly regulated or complex environments (e.g., Airline/Transportation, Healthcare, or Finance).
- Experience supporting specialized operational, field, or flight-line devices.
- Experience configuring and securing Kiosk / Shared devices or Microsoft Teams Rooms (MTR).
- Experience with Microsoft ConfigMgr (SCCM) modernization or co-management programs.
- Core Soft Skills:
- Ability to safely drive significant security infrastructure changes across diverse business units without impacting flight operations or guest experiences.
- Clear written and verbal communication skills to explain complex security configurations to both technical teams and business leadership.
- Strong analytical skills to assess how security restrictions might impact end-user productivity.
- Proven capability to lead discussions, align disparate technical teams, and build consensus around modern security standards.
- Education and Certifications
- Bachelor's degree or a 2-year technical diploma in Computer Science, Information Technology, Cybersecurity, Network Engineering, or a closely related field.
- Relevant Microsoft Certifications: MD-102 (Endpoint Administrator), SC-300 (Identity and Access), SC-100 (Cybersecurity Architect), or AZ-500 (Azure Security Engineer).
Additional Information
- Our client asks that candidates provide 2 Endorsements/References at the time of application: ( this could be a colleague/manager that worked with you on Recent Projects that relate to this role Ask them to provide a Quick Endorsement – testimonial in point form of your accomplishment / value added) to highlight your skills for this role
Looking for meaningful work? We can help!
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or hello@raiserecruiting.com.
#WES
#LI-SC1