M365 Endpoint and Identity Administrator

SOLV Energy

M365 Endpoint & Identity Administrator responsible for managing SOLV Energy's Microsoft Intune setup. Overseeing endpoint management and security across Windows and macOS environments.

Posted 5/28/2026full-timeSan Diego • California, New Jersey, Oregon • 🇺🇸 United StatesMid-LevelSenior💰 $110,703 - $132,843 per yearWebsite

Tech Stack

Tools & technologies

CloudCyber SecurityMacOS

About the role

Key responsibilities & impact

Own the configuration, health, and roadmap of Microsoft Intune as SOLV Energy’s primary MDM platform, including device enrollment, compliance policies, configuration profiles, and endpoint security baselines across Windows and macOS
Author and maintain Intune configuration profiles, security baselines, and Settings Catalog policies, including Defender for Endpoint, BitLocker, FileVault, Attack Surface Reduction rules, tamper protection, and account lockout
Design and operate Windows Autopilot deployment profiles, Enrollment Status Page configuration, Autopilot device groups, and Entra-joined provisioning workflows for new and re-provisioned endpoints
Manage macOS enrollment, configuration, and compliance through Intune, including FileVault and device-pinned Conditional Access scenarios for managed and contractor-owned hardware
Build and maintain Intune application deployment packages, including detection rules, requirement rules, assignment scoping, and supersedence relationships
Own the enterprise endpoint patch management program across Windows (Microsoft Autopatch / Intune update rings) and macOS (Intune update policies), including ring design, pilot testing, production rollouts, deferral policies, and compliance reporting
Manage third-party application patching through Patch My PC (PMPC) Cloud, including publishing critical applications, enforcing automatic updates, configuring user-context vs system-context deployments, and triaging/remediating patch failures
Lead Conditional Access policy design and operation in partnership with Cybersecurity, including device-compliance, app-protection, sign-in risk, and named-location policies
Drive CVE remediation efforts for endpoints, including OS, driver, and firmware updates (e.g., Dell ControlVault, Dell Command Update, Apple Rapid Security Response), in coordination with Cybersecurity on vulnerability prioritization
Build and maintain executive-level patch compliance, device posture, and Intune health dashboards to support leadership visibility, SOX ITGC evidence, and audit readiness
Author and submit change management requests in Freshservice for all endpoint configuration, policy, and patching changes, including risk assessment, test evidence, rollback plan, and communication plan
Participate in the Change Advisory Board (CAB), presenting changes for review and securing approval prior to any production deployment. Pilot all Intune policy, Autopilot profile, and patch ring changes against a defined test group before broad release; validate rollback procedures
Develop and maintain PowerShell and Microsoft Graph automation for Intune reporting, policy auditing, bulk device operations, and lifecycle tasks
Collaborate with Cybersecurity, Infrastructure, and Service Desk teams to maintain a secure, compliant, and supportable end-user computing environment
Develop and maintain SOPs and runbooks for recurring operational processes such as Windows feature updates, monthly patch cycles, Autopilot onboarding, macOS enrollment, and incident response for endpoint outages
Support M&A integration activities for the Microsoft 365 and endpoint workstream, including tenant migrations, Intune policy alignment, and Autopilot onboarding for acquired entities
Monitor and respond to outages, trends, and global issues affecting the Microsoft 365 stack and managed endpoint fleet
Stay current on Microsoft Intune, Entra ID, Defender for Endpoint, and modern endpoint management roadmaps, evaluating new capabilities for fit within SOLV Energy’s environment

Requirements

What you’ll need

Bachelor’s degree in Information Technology, Computer Science, or equivalent experience
5 years minimum experience as a M365 System Administrator or equivalent combination of experience and education
Knowledge of major Microsoft cloudbased systems including Entra ID, M365, InTune, AutoPilot, Enterprise Mobility + Security, Defender ATP, etc.
Powershell scripting and automation
Hands-on experience with endpoint patch management, including Windows Autopatch, Intune update policies, and third-party patching tools (e.g., Patch My PC)
Familiarity with ITIL-based change management processes, including CAB submissions, risk assessments, and rollback planning
Experience with Freshservice for incident, change, and request management
Experience supporting M&A or tenant migration projects in a Microsoft 365 environment is a plus
Customer escalation and conflict resolution skills required
Resource planning and mitigation management
Excellent verbal and written communication skills
Energetic, enthusiastic, charismatic
Entrepreneurial spirit.

Benefits

Comp & perks

Employees (and their families) are eligible for medical, dental, vision, basic life and disability insurance.
Employees can enroll in our company’s 401(k) plan and are provided vacation, sick and holiday pay.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Microsoft IntuneWindows AutopilotPowerShellendpoint patch managementDefender for EndpointBitLockerFileVaultMicrosoft GraphConditional AccessCVE remediation

Soft Skills

customer escalationconflict resolutionresource planningmitigation managementverbal communicationwritten communicationenergeticenthusiasticcharismaticentrepreneurial spirit