Job description

ABOUT KALLES GROUP: Everyone deserves to be secure. Our mission at Kalles Group is to help secure the future for companies of all shapes and sizes. While our expertise spans multiple disciplines, our method remains consistent: building trust and relationship with people -- whether you are a client, a consultant, or--in this case--a candidate. No matter what role you come from--whether you're an executive or just starting your career-you can expect our highest level of attention and respect. We want to find the right fit for each role, but we also want you to find the right fit for your career. We believe the best way to show you what our team is like is to treat you like you're already a part of it. We hope you'll consider joining our team of experienced professionals who are building their careers at Kalles Group—and having fun while doing it. We are seeking a Microsoft Solutions Architect with strong engineering delivery capabilities to lead and complete a complex migration from Microsoft Endpoint Configuration Manager (SCCM) to Microsoft Intune and Entra ID. This individual will operate in a dual capacity—owning both the high-level architectural strategy and the hands-on, detailed engineering execution—to bring this in-flight project to a successful conclusion. This role is ideal for a resource with deep experience in Microsoft’s modern endpoint management ecosystem, strong hybrid identity knowledge, and the ability to lead client scoping conversations, map out technical plans, and implement solutions directly with precision and accountability. WHAT YOU WILL DO: Architecture & Planning • Lead scoping and technical discovery sessions with client stakeholders to assess SCCM, Intune, and hybrid Entra ID configurations. • Design the end-state modern endpoint management and identity architecture, incorporating zero trust principles, Windows Autopilot, and mobile device management best practices. • Develop a migration strategy and execution plan for transitioning remaining SCCM workloads to Microsoft Intune, including app deployments, compliance policies, configuration profiles, and enrollment workflows. • Define the technical roadmap for hybrid join, cloud policy alignment, and phased deprecation of legacy tooling. Engineering Delivery & Execution • Directly perform detailed level engineering tasks, including configuring Intune policies, compliance rules, application packaging, and deployment profiles. • Build and manage Windows Autopilot deployment profiles and deployment workflows, including device registration, white-glove provisioning (as needed), and hybrid/Entra join integration. • Execute complex hybrid identity configurations in Entra ID, including Conditional Access, hybrid join, SSO, MFA, and device lifecycle governance. • Engineer and optimize co-management scenarios, resolving overlaps and dependencies between SCCM and Intune. • Analyze, migrate, and replace legacy Group Policy Objects (GPOs) using Policy Analytics and PowerShell automation. • Troubleshoot device enrollment issues, Autopilot provisioning errors, app deployment failures, and compliance/reporting anomalies. Documentation, Handoff, and Support • Produce comprehensive technical documentation, SOPs, and engineering-level implementation guides for IT operations and support teams. • Collaborate with infrastructure, desktop, and security teams to ensure integration, operational stability, and support readiness during and after migration. • Deliver technical coaching and knowledge transfer sessions to client engineering and support resources. ABOUT YOU: • Your values: • Integrity: You believe in doing the right thing, even when it's uncomfortable, seemingly inefficient, or costly. • Purposefulness: You have a desire to serve others with your skillset and an openness to continuous learning and growth. • Ownership: You stick to your commitments, follow up with action, and seek clarity in communication & expectations. Your experience: • 10+ years of experience with Microsoft infrastructure, including direct engineering of endpoint and identity solutions. • Proven track record designing and executing SCCM-to-Intune migrations, including device onboarding, app delivery, and co-management. • Hands-on experience configuring and deploying Windows Autopilot in both Azure AD Join and Hybrid Join scenarios. • Expert-level knowledge of Microsoft Intune, including compliance policies, configuration profiles, app protection, and device lifecycle management. • Expertise with Microsoft Entra ID (Azure AD), including hybrid identity architecture, Conditional Access, and governance. • Strong PowerShell scripting skills for automating deployment, device configuration, and policy migration tasks. • Experience supporting hybrid cloud environments and distributed user bases, preferably within manufacturing or industrial sectors. Preferred Certifications: • Microsoft Certified: Endpoint Administrator Associate • Microsoft Certified: Identity and Access Administrator Associate • Microsoft Certified: Azure Solutions Architect Expert Key Attributes: • Capable of owning the full technical lifecycle from architecture to hands-on execution. • Strong client-facing presence with consultative communication and leadership skills. • Highly organized and analytical, with structured problem-solving ability and focus on delivery. • Comfortable working in partially completed or undocumented environments, reverse-engineering where necessary. • Able to design, build, and validate Windows Autopilot deployments aligned to enterprise operational requirements. WHAT WE OFFER: • Salary range for this role is $140,000-$180,000 per year, dependent on experience. • Medical, dental, vision plans. • 401(k) • 3 weeks of Paid Time Off, PLUS 8 paid company holidays and 2 flexible holidays for anything you want to celebrate! • Work/life balance – we know there’s more to life than work! We encourage our team to pursue other passions, get outside, and spend time with family. We work with clients and consultants to set expectations for a manageable workload. LOCATION: This role can be remote. HOW TO APPLY: Please fill out the form below (including uploading your most recent resume) and we'll be in touch! We know imposter syndrome can be a barrier to many great applicants. We hope you'll still consider applying. That's why we've made the application process as short and simple as possible. Even if you're not a fit for the role, you can expect to hear back from us! We want you to have the best experience as a candidate, so please feel free to share feedback at any stage of the process to talent@kallesgroup.com. Kalles Group is an equal-opportunity employer and does not discriminate on the basis of creed, nationality, race, ethnicity, disability, gender, or other protected class.

Requirements