Systems Engineer IV - Endpoint Management

Overview Please note this position is based in our Phoenix, AZ Support Office. The Sytems Engineer IV - Endpoint Management leads the strategy, design, deployment, and ongoing management of enterprise mobile and endpoint solutions across Windows, macOS, iOS, and Android platforms. This role is the primary subject matter expert for Mobile Device Management (MDM), Mobile Application Management (MAM), and zero-touch device enrollment programs. You will define BYOD, COPE, and COBO policies, enforce mobile security and compliance posture, and collaborate closely with the security team on zero -trust endpoint strategy. In addition, you will mentor junior engineers and drive continuous improvement across the endpoint lifecycle. Overview of Responsibilities Design, deploy, and manage enterprise MDM/MAM platforms (Microsoft Intune, Kandji/SOTI ) with a primary focus on mobile fleet management across iOS, Android, Windows, and macOS. Architect and administer zero-touch enrollment programs including Apple Business Manager (ABM/DEP), Android Enterprise (Zero-Touch ) and Windows Autopilot. I mplement, and enforce BYOD, COPE, and COBO device policies aligned with corporate security standards and regulatory requirements. Design and manage mobile app protection policies, app configuration profiles, and conditional access policies via Microsoft Intune and Entra ID. Collaborate with the security team to enforce zero-trust endpoint principles, including device compliance, identity-based access, and continuous monitoring. Manage endpoint security controls, patch management, software deployment, and compliance policy frameworks across all device types. Diagnose and resolve complex technical issues across the endpoint stack (hardware, OS, application, MDM policy) including escalated tier 3 incidents. Perform root cause analysis on endpoint and mobile incidents and implement corrective and preventive measures. Create and maintain comprehensive documentation for mobile/endpoint architecture, enrollment procedures, policy configurations, and operational runbooks. Provide leadership, coaching, and mentoring to junior engineers and support staff; act as a technical escalation point across the endpoint practice. Evaluate emerging mobile and endpoint technologies, vendors, and industry trends; provide recommendations to leadership. Qualifications Knowledge, Skills & Abilities Bachelor's degree in Computer Science , Information Technology, or equivalent professional experience. 5+ years in endpoint engineering or device management roles, with at least 2 years focused on mobile endpoint management (Android at scale). Deep proficiency with MDM/MAM platforms: Microsoft Intune (required), Kandji , and/or SOTI . Hands-on experience with Apple Business Manager (ABM), Android Enterprise and Windows Autopilot enrollment programs. Strong understanding of Conditional Access, Entra ID (Azure AD) device compliance, and app protection policies. Proficiency in scripting and automation: PowerShell (required), Bash, and/or Python for endpoint lifecycle automation. Solid understanding of BYOD, COPE, and COBO program design, legal/privacy considerations, and policy enforcement. Familiarity with endpoint security frameworks (CIS Benchmarks, NIST, DISA STIGs) and patch management best practices. Excellent problem-solving, analytical, and written/verbal communication skills. Core Competencies Mobile-First Mindset: Approaches endpoint strategy with mobile as a primary platform, not an afterthought. Security Orientation: Integrates security thinking into every aspect of device and application lifecycle management. Communication: Clearly conveys technical concepts to both technical and non-technical stakeholders; actively listens and collaborates. Customer Focus: Prioritizes end-user experience and business needs while maintaining security and compliance standards. Driving for Results: Sets measurable goals, pursues continuous improvement, and delivers outcomes with a sense of urgency. Positive Approach: Demonstrates a constructive attitude in challenging situations and inspires others with a forward-looking outlook. #LI-NA1 Benefits In addition to a rewarding career, Sprouts offers a comprehensive program to help support you and your family. These programs include: Competitive pay Sick time plan that you can use to support you or your immediate families health Vacation accrual plan Opportunities for career growth 15% discount for you and one other family member in your household on all purchases made at Sprouts Flexible schedules Employee Assistance Program (EAP) 401(K) Retirement savings plan with a generous company match Company paid life insurance Contests and appreciation events throughout the year full of prizes, food and fun! Eligibility requirements may apply for the following benefits: Bonus based on company and/or individual performance Affordable benefit coverage, including medical, dental and vision Health Savings Account with company match Pre-tax Flexible Spending Accounts for healthcare and dependent care Company paid short-term disability coverage Paid parental leave for both mothers and fathers Paid holidays Get Paid Every Day! Sprouts Farmers Market offers DailyPay - if you’re hired as an eligible employee, you’ll be able to transfer the money you’ve already earned at no extra cost, and get it the next business day, for free . We offer DailyPay so you don’t have to wait for payday to access the money you’ve already worked for. With DailyPay, you can see how much you’ve made every day and you can transfer your money any time before payday. You can learn more by visiting https://www.dailypay.com/partners/sprouts-farmers-market/ . Why Sprouts Grow with us! If you have a passion for inspiring people and a flair for fresh food, consider applying for a job at Sprouts! With a focus on customer service, our neighborhood grocery stores offer high-quality, farm fresh produce, natural meats, plenty of scoop-your-own bulk goods and much more in a fun, friendly, old-fashioned farmer’s market setting. Come grow your career in healthy living with a fast-paced, rapidly growing company and teams that pride themselves on empowering others along their journey. At Sprouts, we’re committed to fostering an inclusive, respectful, and caring workplace culture. Our Team Member Resource Groups (TMRGs) create spaces for connection, support, and growth. Every team member is welcome to join one or more of our five groups: Inspiring Women at Sprouts Rainbow Alliance at Sprouts Sabor at Sprouts Soul at Sprouts Honored to Serve at Sprouts Together, these groups celebrate diversity and empower our team to thrive. The above statements are intended to describe the general nature and level of the work being performed by people assigned to this work. This is not an exhaustive list of all duties, responsibilities, and requirements. Sprouts’ management reserves the right to amend and change duties, responsibilities, and requirements to meet business and organizational needs as necessary. Sprouts will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Chance in Hiring Ordinance. California Residents: We collect information in accordance with California law, please see here for more information. Design, deploy, and manage enterprise MDM/MAM platforms (Microsoft Intune, Kandji/SOTI ) with a primary focus on mobile fleet management across iOS, Android, Windows, and macOS. Architect and administer zero-touch enrollment programs including Apple Business Manager (ABM/DEP), Android Enterprise (Zero-Touch ) and Windows Autopilot. I mplement, and enforce BYOD, COPE, and COBO device policies aligned with corporate security standards and regulatory requirements. Design and manage mobile app protection policies, app configuration profiles, and conditional access policies via Microsoft Intune and Entra ID. Collaborate with the security team to enforce zero-trust endpoint principles, including device compliance, identity-based access, and continuous monitoring. Manage endpoint security controls, patch management, software deployment, and compliance policy frameworks across all device types. Diagnose and resolve complex technical issues across the endpoint stack (hardware, OS, application, MDM policy) including escalated tier 3 incidents. Perform root cause analysis on endpoint and mobile incidents and implement corrective and preventive measures. Create and maintain comprehensive documentation for mobile/endpoint architecture, enrollment procedures, policy configurations, and operational runbooks. Provide leadership, coaching, and mentoring to junior engineers and support staff; act as a technical escalation point across the endpoint practice. Evaluate emerging mobile and endpoint technologies, vendors, and industry trends; provide recommendations to leadership. Knowledge, Skills & Abilities Bachelor's degree in Computer Science , Information Technology, or equivalent professional experience. 5+ years in endpoint engineering or device management roles, with at least 2 years focused on mobile endpoint management (Android at scale). Deep proficiency with MDM/MAM platforms: Microsoft Intune (required), Kandji , and/or SOTI . Hands-on experience with Apple Business Manager (ABM), Android Enterprise and Windows Autopilot enrollment programs. Strong understanding of Conditional Access, Entra ID (Azure AD) device compliance, and app protection policies. Proficiency in scripting and automation: PowerShell (required), Bash, and/or Python for endpoint lifecycle automation. Solid understanding of BYOD, COPE, and COBO program design, legal/privacy considerations, and policy enforcement. Familiarity with endpoint security frameworks (CIS Benchmarks, NIST, DISA STIGs) and patch management best practices. Excellent problem-solving, analytical, and written/verbal communication skills. Core Competencies Mobile-First Mindset: Approaches endpoint strategy with mobile as a primary platform, not an afterthought. Security Orientation: Integrates security thinking into every aspect of device and application lifecycle management. Communication: Clearly conveys technical concepts to both technical and non-technical stakeholders; actively listens and collaborates. Customer Focus: Prioritizes end-user experience and business needs while maintaining security and compliance standards. Driving for Results: Sets measurable goals, pursues continuous improvement, and delivers outcomes with a sense of urgency. Positive Approach: Demonstrates a constructive attitude in challenging situations and inspires others with a forward-looking outlook. #LI-NA1