IT Infra Engineer (Endpoint Management)

Job Description: Senior / IT Infra Engineer (Unified Endpoint Management)

Role Overview

We are seeking highly skilled and innovative engineer to join our transformative SSOE Programme that manages more than 350 schools across Singapore. This is an exceptional opportunity to shape the future of educational technology infrastructure and enhance the learning experience of more than 450,000 students and 35,000 education professionals.

As a Senior / IT Infra Engineer specializing in Unified Endpoint Management (UEM), you will design and scale our holistic device ecosystem. You will be responsible for the seamless migration and orchestration of a multi-platform environment including Windows, macOS, iOS (iPads), ChromeOS And Android. Your mission is two-fold: maintaining a hardened, high-performance environment for Enterprise users while architecting a flexible, resilient, and manageable digital learning space for Students. You will ensure that regardless of the hardware or the user, the experience is secure, automated, and ready for use from the moment the box is opened.

Key Responsibilities

• Multi-Platform Engineering & Orchestration
• Unified Management: Architect, migrate and maintain a "single pane of glass" management strategy using Microsoft Intune, Apple School Manager, and Google Admin Console to ensure seamless integrations.
• Zero-Touch Provisioning: Design and optimize automated deployment workflows—including Windows Autopilot, Apple School Manager (DEP), and Chrome Zero-Touch Enrollment—to eliminate manual imaging.
  • Platform Specialization: Windows: Manage physical hardware and Cloud PCs via modern MDM policies.
  • Apple: Oversee macOS and iPadOS configuration profiles and VPP app distribution.
  • ChromeOS: Manage fleet-wide policies and application delivery for Chromebooks.
  •  
  • Enterprise vs. Student Strategy
  • Enterprise Excellence: Implement "Zero Trust" security baselines, Conditional Access, and seamless SSO for corporate staff to ensure maximum productivity and data protection.

• Student Enablement: Design specialized configurations for student devices, focusing on Shared iPad setups, "Kiosk Mode" for high-stakes testing, and web-content filtering.
• Scale & Lifecycle: Manage the lifecycle of thousands of devices, from procurement and automated enrolment to remote wipe and decommissioning.
• Secure Endpoint Management
• Architect secure device compliance frameworks within Intune, ensuring only "healthy" and compliant devices (including Cloud PCs) can access corporate resources.
• Utilize tools such as KQL (Kusto Query Language) and Sentinel to build advanced security visualizations and monitoring workbooks, identifying anomalous behaviour across the M365 stack.
• Eliminate technical debt by transitioning legacy GPOs and security configurations to modern, cloud-based security baselines.
• Automation & Observability
• Automation: Engineer for scalability by building reusable automation and utilizing PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights.
• Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting.
• Fleet Analytics: Utilize KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate.
• Self-Service: Develop and maintain "Self-Service" portals for both staff and students to empower users and reduce helpdesk ticket volume.
• General Responsibilities
• Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements.
• Forecast budget needed to support the project initiatives and maintenance contracts.
• Ensure MOE’s related Technical Architecture are in compliance with IM8 and Agency’s IT Policies and Standards.
• Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services.

Leadership & Strategic Compliance

• Strategic Design: Develop global standards for device hardware, OS patch management, and application packaging.
• Cross-Functional Collaboration: Partner with Security, EdTech, and Operations teams to ensure device policies meet both regulatory compliance and educational outcomes.
• Mentorship: Act as the Tier 3 escalation point and mentor for junior engineers and campus technicians.

What We Are Looking For

• Deep UEM Expertise: Proven experience migrating and managing 1,000+ endpoints across Windows, Apple, and Chrome ecosystems.
• M365 Mastery: Advanced knowledge of Microsoft Intune (MEM) and its integration with Entra ID and Defender.
• Education-Specific Tech: Familiarity with Apple School Manager, Google for Education, and managing devices in a shared-user or classroom environment.
• Automation-First Mindset: Advanced proficiency in optimizing and automating cross-platform workflows using PowerShell scripting and MS Graph API.
• Security Mindset: Experience implementing Defender for Endpoint, Purview and other related security tools across diverse operating systems.
• Preferred Certifications: Microsoft Certified: Endpoint Administrator Associate (MD-102), Google Professional ChromeOS Administrator, ACSP (Apple Certified Support Professional).
• Proactive and dedicated individual with good leadership and multi-tasking capabilities as well as the ability to work independently without the need for close supervision.
• Experienced in contract and vendor management.
• Good communication skills, both oral and written, with the ability to pitch ideas and communicate effectively with stakeholders.
• Team player with strong organization and people handling skills.