Endpoint Engineering Architect

Job Seekers can review the Job Applicant Privacy Policy by clicking here ( .

Summary

Job Description

:

The Endpoint Engineering Architect is hands-on position responsible for engineering, automating, securing, and optimizing all end‑user compute platforms including laptops, desktops, thin clients, virtual desktops (AVD), and mobile devices. This role works with the Endpoint Engineering team as a technical lead to design and support the lifecycle processes—imaging, provisioning, patching, configuration, compliance, and monitoring—across Linux, Microsoft Windows, and mobile OS platforms.

The ideal candidate is deeply experienced in modern endpoint management, virtualization (AVD), image engineering, automated deployments, and mobility management, bringing strong technical leadership and an automation-first mindset.

Essential Functions

Endpoint Engineering & Platform Management

• Architect, deploy, and support endpoint solutions across Windows, Linux, macOS, Thin Clients, and Mobile Devices.
• Design, maintain, and optimize standardized OS images for multiple device types and deployment scenarios.
• Engineer and maintain automated installation workflows including or equivalent to Autopilot, Tanium Provisioning, XAVD provisioning via W365, AVD provisioning, PXE-based imaging, and other automated onboarding methods.
• Maintain and enhance patch management strategies (OS and application level) across platforms ensuring compliance, stability, and security.
• Manage endpoint configurations, policies, and compliance baselines across solutions such as or equivalent to Microsoft Intune, Workspace ONE / AirWatch, SOTI, or similar MDM/UEM platforms.
• Administer virtual desktop infrastructures, particularly Azure Virtual Desktop (AVD), ensuring performance, scale, security, and user experience meet business needs.

Automation, Tools & Infrastructure

• Experience in developing automation scripts and workflows using methods such as PowerShell, Bash, or JSON/REST APIs, or similar tools to streamline endpoint management processes.
• Integrate endpoint management platforms with cloud services, Azure Storage, Active Directory / Azure AD, certificate services, and identity/security tooling.
• Partner with security teams to implement standards for device compliance, identity, secure configurations, and hardening baselines.
• Engage in continuous improvement of device provisioning, self-healing capabilities, app delivery, and user experience.

Engineering Ownership & Collaboration

• Serve as subject matter expert (SME) for major endpoint technologies, providing guidance to operations, service desk, and cross-functional teams.
• Participate in roadmap planning for endpoint modernization, including cloud-based provisioning, hybrid AD → Azure AD Join transitions, and modernization of group policy landscapes.
• Contribute to vendor evaluations, hardware standards, and lifecycle planning (device recycling, employee buyback programs, etc.).
• Document engineering standards, technical designs, change control procedures, and knowledge-base content.
• Occasional site visits to view and evaluate technology usage on site maybe be requested for new technology/customers.

Additional Responsibilities

• Performs other duties as assigned.

Skills And Abilities

• E ndpoint management, engineering, systems administration, or equivalent technical role.
• Deep expertise in Windows OS engineering, including imaging, MDM provisioning, GPO/Intune configuration, patching, and troubleshooting.
• Strong experience with Linux endpoint management (Ubuntu, RHEL, or other enterprise distros).
• Hands‑on experience with mobile device management (MDM/UEM) using tools or equivalents to Workspace ONE / AirWatch, Intune, or SOTI.
• Strong proficiency in automation (PowerShell, etc.) and modern deployment technologies.
• Experience with Azure Virtual Desktop (AVD) engineering, scaling, performance optimization, and image management.
• Strong understanding of endpoint security concepts: compliance baselines, conditional access, identity management, certificate-based authentication, and vulnerability management.
• Solid knowledge of networking, DNS, DHCP, VPN clients, and cloud identity (Azure AD / Entra ID).

Preferred Skills

• Experience in hybrid AD → Azure AD migration models and policy modernizations.
• Experience integrating automation platforms with repositories such as Azure Storage or package management ecosystems (WinGet, or similar tools).
• Understanding of frontline-focused hardware (thin clients, low resource devices).
• Familiarity with large‑scale enterprise hardware lifecycle processes (procurement → deployment → recycling).
• Azure certifications: AZ‑104, AZ‑305, or specialty certifications in virtual desktop or endpoint management are a plus.
• Experience with DEX / enterprise monitoring and self-healing tooling (e.g., Tanium, NEXthink, etc.) - preferred .

Soft Skills

• Strong analytical, troubleshooting, and problem-solving abilities.
• Excellent communication with both technical and non‑technical stakeholders.
• Ability to work independently, manage multiple priorities, and influence engineering decisions.
• Provide technical leadership and assist fellow engineers on the Endpoint Engineering team.
• Continuous improvement mindset with passion for automation and efficiency.

What This Role Enables

• Modern, consistent, scalable endpoint experience across the enterprise.
• Reduced provisioning time and improved user onboarding through automation and imaging modernization.
• Increased endpoint reliability through strong patching, compliance, and self-healing efforts.
• Support for business initiatives through secure, high-performance end-user computing platforms.

Qualifications

• Bachelor's degree required Computer science, systems analysis or a related study, or equivalent experience
• Ten (10) years or more at least two IT disciplines in a client/server or service-oriented architecture (SOA) environment, including technical architecture, network management, application development, middleware, database management or operations. required
• Five (5) years or more Domain architecture required
• SOA design and implementation advanced required
• Software Development Life Cycle and Agile Development advanced required
• Enterprise Application Integration advanced preferred

Travel

DOT Regulated:

None

Job Category: Application Development, Delivery & Support

Compensation Information

The compensation offered to a candidate may be influenced by a variety of factors, including the candidate’s relevant experience; education, including relevant degrees or certifications; work location; market data/ranges; internal equity; internal salary ranges; etc. The position may also be eligible to receive an annual bonus, commission, and/or long-term incentive plan based on the level and/or type. Compensation ranges for the position are below:

Pay Type

Salaried

Minimum Pay Range

$135,000.00

Maximum Pay Range

$145,000.00

Benefits Information

For all Full-time positions only : Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax-advantaged 401(k) retirement savings plan.

For more information about benefits, click here ( to download the comprehensive benefits summary.

Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace.

All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.

Important Note

Some positions require additional screening that may include employment and education verification; motor vehicle records check and a road test; and/or badging or background requirements of the customer to which you are assigned.

Security Notice For Applicants

Ryder will only communicate with an applicant directly from a [@ryder.com] email address and will never conduct an interview online through a chat type forum, messaging app (such as WhatsApp or Telegram), or via an online questionnaire. During an interview, Ryder will never ask for any form of payment or banking details and will never solicit personal information outside of the formal submitted application through .

Should you have any questions regarding the application process or to verify the legitimacy of an interview or Ryder representative, please contact Ryder at [email protected] .

Current Employees

If you are a current employee at Ryder, please click here ( to log in to Workday to apply using the internal application process.

Job Seekers can review the Job Applicant Privacy Policy by clicking here ( .

\#wd