Microsoft Systems SME

DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. With a focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, DMI supports public sector agencies and commercial enterprises around the globe. Recognized as a Top Workplace, DMI is committed to delivering secure, efficient, and cost-effective solutions that drive measurable results. Learn more at www.dminc.com

DMI is seeking a Microsoft Systems SME to serve as the subject matter expert for Windows endpoint engineering at a federal agency client. In this role, you will lead the design, configuration, and lifecycle management of Windows workstations and Microsoft endpoint management services, ensuring secure, compliant, and well-documented deployments across the enterprise environment.

• →Engineer and maintain secure Windows workstation images incorporating approved security baselines, authentication agents, and VDI/remote access capabilities
• →Configure and maintain Microsoft Intune device compliance policies, configuration profiles, and conditional access requirements based on user role and device posture
• →Manage Windows Autopilot for automated device provisioning, registration, and lifecycle management
• →Implement and maintain OS and application patch management using Ivanti, KACE, and Intune/GPO-based orchestration; validate patches post-deployment and support rollback
• →Implement passwordless authentication and hardware-backed credentials, including YubiKey, CAC, and software keys for privileged and sensitive accounts
• →Maintain Windows device enrollment workflows and accurate asset inventory, including provisioning, reassignment, decommissioning, and secure wipe
• →Produce and maintain engineering documentation, runbooks, and change records for all Windows endpoint configurations

Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.

• Bachelor's degree in Information Technology, Cybersecurity, or a related field preferred 
• Education requirements may be waived based on professional experience, at the government’s discretion
• 8+ years of experience in Information Technology, Endpoint Engineering, or Cybersecurity
• 6+ years performing engineering (not help desk) functions in enterprise environments
• Expert-level proficiency with Microsoft Intune, including compliance policies, configuration profiles, and conditional access
• Hands-on experience with Windows Autopilot for device provisioning and lifecycle management
• Experience with Ivanti and/or KACE for OS and application patch management
• Experience with Group Policy Objects (GPO) for Windows endpoint configuration and security enforcement
• Experience implementing passwordless authentication and hardware-backed credentials (YubiKey, CAC, software keys)
• Experience working under formal change control, audit, and security governance processes

• Microsoft certifications in endpoint management or cloud administration (e.g., MD-102, MS-102)
• Experience with Microsoft Sentinel or equivalent SIEM for Windows endpoint telemetry ^
• Familiarity with hybrid identity environments integrating on-premises Active Directory with Entra ID