Who We Are
Oncourse Home Solutions, also operated as American Water Resources, is a trusted home protection provider helping homeowners across the country protect what matters most. We are a $500 million organization backed by private equity firm Apax Partners, serving 2 million customers across 43 states. We partner with 25+ utilities and municipalities (and growing!) to provide customized solutions tailored to any community - delivering real value where people live. We help homeowners protect the essential systems that keep their homes running - from HVAC, appliances, and electrical to water, sewer, gas lines, and more - so they can avoid the stress and financial impact of unexpected repairs. Our work helps homeowners stay safe, comfortable, and confident in their homes every day.
At Oncourse, our people are what makes that possible. We call ourselves SUPERs - Successful, United, Progressive, Empathetic, and Reliable - because that’s how we show up for our customers and for each other. We invest in our employees through competitive benefits, an inclusive culture, and employee-led resource groups that strengthen connection, community, and belonging across the company.
As an equal opportunity employer, our employment decisions are based on business needs, job requirements and individual qualifications without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, ancestry, marital status, parental status, mental or physical disability, military or veteran status, or any other basis protected by federal, state, or local law. Oncourse Home Solutions is committed to recruiting and retaining talented applicants and to providing all employees with a workplace free from discrimination and/or harassment.
Position Summary
The Sr. Digital Workspace Engineer owns the full lifecycle of Oncourse Home Solutions' enterprise endpoint environment — spanning Windows and macOS devices, identity-driven access controls, M365 security tooling, and automation-first operations. This is a senior hands-on technical role operating at the intersection of endpoint engineering, cybersecurity, and operational delivery.
The role requires deep expertise across Microsoft Intune, Jamf Pro, Microsoft Entra ID, Defender for Endpoint, and Microsoft Purview, paired with the stakeholder presence to support VIP users, contact center operations, and executive leadership. The engineer will design and operate endpoint platforms that are resilient, secure by design, and automated at every opportunity.
Located at our office in Naperville, IL. Our office environment is a key driver of our company culture and employee experience, so a regular in-office hybrid model (generally T-TH in office and M & F remote) is required.
Responsibilities include but are not limited to:
- Endpoint Lifecycle Management. Architect, package, and deploy standardized Windows and macOS images using Autopilot, Intune, and Jamf Pro. Manage the full MDM lifecycle for corporate and BYOD devices across iOS, Android, and macOS — including enrollment, compliance profiles, and MAM app protection policies. Own Autopilot end-to-end (ESP tuning, all deployment models), zero-touch large-scale rollouts, OS update cadences, app packaging, and CIS/NIST endpoint hardening.
- Identity and Conditional Access. Design, implement, and maintain Microsoft Entra ID Conditional Access policies aligned to Zero Trust principles. Manage device compliance policies, identity-based controls, and privileged access workstation (PAW) configurations.
- M365 Security Operations. Administer Microsoft Defender for Endpoint (MDE) — threat and vulnerability management, ASR rules, and EDR. Operate Microsoft Purview for DLP, information protection labels, and eDiscovery workflows in support of legal and compliance requirements.
- Scripting and Automation. Build and maintain PowerShell and Python automation scripts for endpoint provisioning, patch compliance reporting, configuration drift remediation, and security telemetry. Reduce manual toil through automated workflows integrated with Intune, Jamf, and M365 APIs.
- Networking and Connectivity. Support enterprise networking functions relevant to endpoint connectivity: DNS, DHCP, VPN, NAC, and firewall policy. Work with network teams on Meraki wireless policy and endpoint segmentation. Troubleshoot certificate-based authentication issues.
- Contact Center and Critical Operations. Provide engineering-level support for contact center endpoint environments — VDI, softphone/CCaaS integrations, and specialized peripherals — ensuring zero-downtime availability for customer-facing functions.
- VIP and Executive Support. Deliver white-glove endpoint experience for executive leadership and board-level stakeholders. Communicate complex technical issues clearly and professionally. Lead stakeholder-facing briefings on endpoint health, security posture, and platform roadmap.
- AI Tooling and Governance. Support enterprise deployment and governance of AI productivity tools (Microsoft Copilot for M365) — ensuring endpoint readiness, data classification policy alignment, and compliance with the organization's AI governance framework.
- Security Hardening and Compliance. Own endpoint security hardening standards across all device platforms via Intune and Jamf configuration profiles. Remediate vulnerability scan findings. Support NYDFS Part 500 and PCI DSS endpoint-related control evidence collection.
- Asset Management and CMDB. Own the full IT asset lifecycle for all managed endpoints — procurement through decommission. Maintain CMDB accuracy via MDM integration (Intune, Jamf), conduct asset audits, enforce software license compliance, and support hardware refresh forecasting with data-driven reporting.
- On-Call Support. Participate in on-call rotation for after-hours critical endpoint incidents affecting contact center, executive, or production systems.
We're Excited if this is You!
Experience and Qualifications of the Role:
- 7+ years of enterprise endpoint engineering experience in mid-to-large organizations.
- Deep hands-on expertise with Microsoft Intune (MEM) — MDM and MAM policy design, compliance, app deployment, Autopilot (device registration, ESP tuning, User-Driven / Self-Deploying / Pre-Provisioning models), zero-touch large-scale rollouts, and mobile platform enrollment (iOS, Android, macOS).
- Proven MDM expertise across corporate-owned and BYOD programs — iOS, Android, and macOS enrollment, compliance policies, conditional access for mobile, and Intune App Protection Policies (MAM without enrollment).
- Deep hands-on expertise with Jamf Pro — smart groups, policies, packages, Jamf Connect, and remote management.
- Proficiency in Microsoft Entra ID: device registration, hybrid join, Conditional Access, named locations, sign-in risk policies, and Privileged Identity Management (PIM) for just-in-time administrative access governance.
- Proven expertise in M365 E5 security: Microsoft Defender for Endpoint (MDE), Microsoft Purview (DLP, Information Protection, eDiscovery), and Defender Vulnerability Management.
- Strong scripting capability in PowerShell (required) and Python (required) — endpoint automation, API integrations, compliance reporting.
- Hands-on experience with enterprise image packaging and remote OS deployment — Windows Autopilot, MDT, WDS, or equivalent macOS workflows — with capability executing large-scale device rollouts across distributed and remote workforce environments.
- Working knowledge of enterprise networking: TCP/IP, DNS, DHCP, VPN, NAC, certificate services, and firewall policy coordination.
- Experience supporting contact center or other high-availability critical-function endpoint environments.
- Demonstrated ability to manage executive and VIP stakeholders — executive-ready written, verbal, and presentation skills.
- Familiarity with AI productivity tools in enterprise environments (e.g., Microsoft Copilot for M365, AI governance frameworks).
- Strong understanding of security hardening principles: CIS Benchmarks, NIST SP 800-70, DISA STIGs, or equivalent.
- Experience in regulated industries (financial services, healthcare, or insurance) strongly preferred.
- Proven background scaling endpoint environments for remote or distributed workforces — zero-touch provisioning, remote wipe/reset, and multi-region device management.
- Hands-on ITAM and CMDB experience — device lifecycle tracking, software license compliance, asset auditing, and MDM-to-CMDB integration for automated inventory.
- Proficiency with ServiceNow (ITAM/CMDB/Asset Management modules preferred) or Jira Service Management for change governance and asset record management.
Nice to Have
- Hands-on experience with Cisco Meraki wireless infrastructure (SSID policy, device tagging, network segmentation).
- Familiarity with SIEM/EDR integrations: Microsoft Sentinel, CrowdStrike, or equivalent.
- Experience with Microsoft Entra ID PIM (Privileged Identity Management) and PAM.
- Exposure to Zero Trust Network Access (ZTNA) or SSE/SASE platforms.
Education:
- Bachelor's degree in Information Technology, Computer Science, or related field — or equivalent professional experience.
Certificates, Licenses, Registrations:
- MD-102: Microsoft Certified — Modern Desktop Administrator Associate
- SC-200: Microsoft Certified — Security Operations Analyst Associate
- SC-400: Microsoft Certified — Information Protection Administrator Associate
- SC-300: Microsoft Certified — Identity and Access Administrator Associate
- Jamf 200 or Jamf 300 Certification
- CompTIA Security+ or equivalent security foundation certification
We offer a compelling total rewards package that includes a competitive base salary and comprehensive benefits to support your total wellbeing. The base pay range for this position is $112,080 - $168,120 USD Annual. The specific pay offered will depend on qualifications, experience, education and skill set. The compensation offered may also include an annual performance-based bonus, sales incentive plan or commission target.
Our benefits include, but are not limited to, healthcare, life insurance, paid time off, retirement, commuter benefits, and education reimbursement. Exact compensation may vary based on skills, experience, and location.
Join our SUPER Team and Enjoy Amazing Benefits!
- Competitive Compensation: We value your hard work and are proud of our competitive pay for performance philosophy.
- Comprehensive Health Coverage: Medical, dental, and vision insurance options, plus paid short-term and long-term disability coverage.
- 401(k) Plan with 4% Company Match: Secure your future with our robust retirement plan.
- Generous Paid Time Off: Take the time you need to recharge and relax.
- Education Assistance Program: Invest in your growth and development with our support.
- FSA/HSA Options: Flexible spending and health savings accounts to manage your transportation and dependent care expenses.
- Employee Wellness: Access to EAP, health, legal, and financial resources to support your overall well-being.
- Vibrant Company Culture: Monthly Townhalls, employee recognition programs, and Employee Business Resource Groups (EBRGs) to keep you engaged and connected.
Competencies:
Problem Solving - Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.
Customer Focus - Is dedicated to meeting the expectations and requirements of internal and external customers; gets firsthand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.
Priority Setting - Spends his/her time and the time of others on what's important; quickly zeros in on the critical few and puts the trivial many aside; can quickly sense what will help or hinder accomplishing a goal; eliminates roadblocks; creates focus.
Drives Results - Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.
Process Management - Good at figuring out the processes necessary to get things done; knows how to organize people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can't; can simplify complex processes; gets more out of fewer resources.
Developing Direct Reports & Others - Provides challenging and stretching tasks and assignments; holds frequent development discussions; is aware of each direct report's career goals; constructs compelling development plans and executes them; pushes direct reports to accept developmental moves; is a people builder.
Managing and Measuring Work - Clearly assigns responsibility for tasks and decisions; sets clear objectives and measures; monitors process, progress, and results; designs feedback loops into work.
Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.
