Senior Desktop Engineer

Company is seeking a Senior Desktop Engineer. The Senior Desktop Engineer is responsible for designing, implementing, and maintaining a secure, modern, and highly reliable Windows endpoint environment across both physical and virtual platforms. This role focuses on endpoint engineering, automation, security hardening, application validation, and self-service enablement.

The Senior Desktop Engineer operates with a high degree of independence and accountability, owning endpoint configuration, application deployment, patching, compliance, and OS lifecycle management. This role serves as a technical escalation point for the Technology Support Center (TSC) to deliver a consistent, high-quality end-user experience across physical devices and virtual platforms.

• Own and administer modern endpoint management platforms, including Microsoft Intune and Autopilot, with SCCM/MECM co-management where applicable.
• Design, implement, and maintain Autopilot provisioning workflows to enable secure, consistent, and low-touch device onboarding.
• Manage application packaging, deployment, and patching, including third-party application updates using Patch My PC.
• Plan, execute, and document application testing and validation for new deployments, updates, patches, and OS changes to ensure compatibility and stability prior to broad rollout.
• Develop and maintain regression testing practices for core applications and desktop configurations to prevent repeat issues.
• Design, implement, and maintain Windows Defender Application Control (WDAC) policies to control application execution and reduce endpoint attack surface.
• Define and enforce endpoint configuration standards, security baselines, and compliance policies using Intune configuration profiles, Group Policy, and related technologies.
• Plan, test, and execute Windows feature updates, quality updates, and application upgrade cycles following staged deployment and validation best practices.
• Act as a Level II/III escalation resource for complex endpoint and application issues, identifying root causes and driving permanent, documented fixes.
• Partner with the TSC to reduce escalations through improved tooling, automation, documentation, and self-service capabilities.
• Collaborate with Enterprise Application Engineers on the deployment and support of firmwide applications, including Microsoft 365, iManage, Litera, Adobe, and other business-critical platforms.
• Support and optimize Azure Virtual Desktop (AVD) with Nerdio, ensuring alignment between virtual and physical desktop performance and user experience.
• Maintain and enhance Microsoft Teams client behavior and capabilities, including policies, add-ins, plugins, and user experience considerations.
• Evaluate, test, and standardize desktop and laptop hardware, including drivers, firmware, BIOS configurations, and lifecycle planning.
• Perform advanced troubleshooting using logs, diagnostics, and monitoring tools; coordinate with vendors as needed.
• Support endpoint security initiatives, including WDAC, Bit Locker, Windows Firewall, and related controls.
• Mentor and support other Desktop team members, promoting engineering best practices, documentation, and knowledge sharing.
• Participate in limited after-hours support on an as-needed basis.
• Other duties as assigned.

The person in this role must be experienced in working effectively with IT developers, architects and external vendors in advocating on behalf of end users.

• Strong ownership mindset with the ability to operate independently and proactively
• Deep understanding of modern Windows endpoint management and security
• Ability to translate technical solutions into improved end-user experience
• Strong troubleshooting, analytical, and problem-solving skills
• Excellent communication skills with both technical and non-technical stakeholders
• Comfortable working in a fast-paced, enterprise environment with changing priorities
• Commitment to documentation, standardization, and continuous improvement
• Collaborative mindset and willingness to share knowledge across teams

• 5+ years of experience in desktop engineering, endpoint management, or infrastructure engineering
• Hands‑on experience with modern endpoint management tools, including Microsoft Intune and Autopilot, in a production environment
• Experience with application packaging, deployment, and patching solutions such as Patch My PC or equivalent tools
• Experience with SCCM / MECM, including application deployment and co‑management
• Proven experience supporting and maintaining enterprise desktop standards
• Experience supporting professional services environments preferred; legal industry experience a plus
• Microsoft or other relevant industry certifications are a plus
• Strong communication skills and the ability to work effectively with technical teams, firm users, and external partners in a fast‑paced environment

• Endpoint & Device Management:
  Microsoft Intune,…