Endpoint Engineer - UEM & Packaging

Position Summary

ProAmpac, a nearly $5 billion packaging company, is seeking an Endpoint Engineer to join our Cloud & Digital Workplace Services team. This is a 100% remote, hands-on engineering role not a helpdesk position. You will own our enterprise Unified Endpoint Management (UEM) platform (ManageEngine Endpoint Central), the application packaging library, and the Windows server OS patching program across a large, rapidly growing fleet.

ProAmpac is scaling through acquisition, scaling rapidly through acquisition across a large and growing number of manufacturing sites. You will be packaging legacy and modern applications from acquired companies, managing patch compliance across a large and rapidly growing server estate, and driving endpoint standards across the environment. Your counterpart on the team owns Intune and mobility both engineers cross-train on each other's primary platforms for full coverage.

What You'll Do

ManageEngine Endpoint Central UEM — Primary Platform

• Administer Endpoint Central as the primary owner across all managed Windows desktops and servers: device enrollment, configuration policy, software deployment, remote control, and compliance reporting.


• Monitor endpoint health, agent connectivity, and policy compliance at scale; investigate and resolve drift and non-compliance.


• Manage BIOS and firmware update testing and staged rollout; administer high-risk and outdated software remediation within defined SLAs.

Application Packaging & Deployment

• Own the enterprise application packaging library: build, test, version, and maintain deployment-ready packages for all managed software.


• Package applications in MSI, MSIX, IntuneWin, and scripted EXE silent wrapper formats; collaborate with vendors to obtain silent install parameters and resolve compatibility issues.


• Deploy applications via Endpoint Central and Intune; manage targeting, scheduling, and deployment rings to minimize user disruption.


• Establish and document packaging standards, testing procedures, and naming conventions.


• Support legacy application compatibility testing during OS upgrades and desktop refresh cycles.

OS Patch Management

• Own the Windows server OS patching program via Endpoint Central across a large and rapidly growing server estate: maintenance windows, patch rings, and deployment schedules.


• Coordinate patching schedules with Cloud Platform and Networking teams; monitor compliance and remediate failures within SLA.


• Track exceptions, escalate unresolved vulnerabilities, and support desktop OS patching.

Windows Desktop Lifecycle Management

• Manage the Windows workstation lifecycle from provisioning through retirement; coordinate hardware refresh cycles with procurement and the Service Desk.


• Support new workstation deployments with your Intune counterpart; ensure devices are enrolled, compliant, and configured before user handoff.

Endpoint Security Configuration

• Deploy and maintain endpoint security agents, encryption policy and key escrow, local administrator password management, and device control policies across managed devices.


• Apply and maintain endpoint hardening baselines across Windows platforms; coordinate with InfoSec on gap remediation.

Digital Signage — Skykit

• Support management of the enterprise digital signage platform (Skykit): device enrollment, content policy, and operational support across ProAmpac sites.

Asset Management

• Own endpoint asset data quality in Lansweeper; drive asset management process adherence by the Service Desk and maintain accurate lifecycle records.

Microsoft Intune — Cross-Training Coverage

• Maintain working proficiency in Intune to cover your counterpart during absences; assist with package deployment, compliance troubleshooting, and Autopilot support as needed.

Documentation & On-Call

• Create and maintain runbooks, SOPs, and change records in ServiceDesk Plus; participate in the Change Advisory Board (CAB).


• Participate in the Endpoint Engineering on-call rotation (~20% of the time) and provide Tier 2/3 escalation support.

What You'll Bring

• 3–5 years of enterprise endpoint engineering or systems administration experience focused on UEM or desktop/server management platforms.


• Hands-on experience with ManageEngine Endpoint Central, Microsoft SCCM/MECM, or a comparable enterprise UEM platform at scale.


• Strong application packaging experience: MSI, MSIX, and scripted silent-install deployments; ability to build and troubleshoot packages independently.


• Solid Windows Server OS patch management experience in an enterprise environment with a large server footprint.


• Working knowledge of Microsoft Intune for Windows device management and application deployment.


• Proficiency in PowerShell scripting for automation, reporting, and bulk remediation.


• Experience with encryption management, local administrator password management, and endpoint hardening baseline configuration.


• Strong troubleshooting skills across Windows 10/11 desktop and server environments.


• Self-motivated, detail-oriented, and able to manage concurrent tasks independently.


• Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent work experience.


• Preferred: Microsoft MD-102 (Endpoint Administrator Associate) certification or actively working toward it.


• Preferred: experience with enterprise application packaging or repackaging tools (e.g., PACE Suite, InstallShield, or equivalent).


• Preferred: familiarity with IGEL OS or thin client management platforms.


• Preferred: experience supporting manufacturing or multi-site industrial environments.

Why ProAmpac

• Join a nearly $5 billion packaging company scaling rapidly through acquisition with a major infrastructure modernization underway.


• Own a packaging practice and server patching program that will scale dramatically, this is a build role, not a maintain role.


• Clear path for skill development as our environment grows, you will work on real scale, not a stable steady-state environment.


• Professional development support including training and certification opportunities.

Location and Work Arrangement

This is a 100% remote position. Candidates must be based in the United States and able to work during US business hours. Eastern or Central time zones are preferred for team collaboration.

Travel: This position may require occasional travel (up to 20%) for site support and team meetings.

Additional Information

This role includes participation in a rotating on-call schedule to support endpoint infrastructure. Escalations for service-impacting issues may occur outside standard business hours (8am–6pm).

ProAmpac is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by applicable law. EEO – M/F/Disability/Vets

To apply, please submit your resume and cover letter.

#CORP