Sr. Platform Engineer, Endpoint (Hybrid - Seattle, WA)

A Senior Engineer is a key member of the Nordstrom Technology organization, applying engineering principles to design, build, and maintain technology products and solutions that drive amazing customer and employee experiences. As a Senior Engineer on the Productivity and Collaboration team, you will own the end-to-end lifecycle of client endpoint platforms (Windows client and server operating systems, macOS, mobile devices, and virtual desktop infrastructure) including securing, configuring, and automating these environments through expert scripting and tooling.

You will act as a subject matter expert and technical leader, driving endpoint reliability, security posture, and productivity improvements across Nordstrom. You bring deep hands-on expertise with Microsoft and Apple endpoint management platforms, along with experience managing Intune-enrolled mobile devices and virtual desktop environments, and strong scripting and automation skills that allow you to build scalable, repeatable solutions rather than one-off fixes.

Endpoint Management & Configuration

• Design, build, and maintain configurations for Windows client and server operating systems, macOS, mobile, and virtual desktop endpoint platforms
• Develop and maintain device configuration profiles, compliance policies, and conditional access rules in Microsoft Intune and MECM/SCCM
• Deploy and maintain Virtual Desktop Infrastructure (VDI) environments, including management of VM images, user profile configurations, and the supporting platforms that maintain the health and operation of those environments
• Own the deployment pipeline for operating system images, application packaging, and patch management across all client endpoint platforms
• Architect and implement MDM/UEM solutions that enforce security baselines while preserving end-user productivity
• Lead endpoint hardening initiatives including CIS benchmark alignment, zero-trust policy enforcement, and certificate lifecycle management
   

Vulnerability Remediation

• Partner with the Security team to triage, prioritize, and remediate endpoint vulnerabilities across the Windows, macOS, mobile, and virtual desktop fleet in accordance with SLA targets
• Develop and maintain automated remediation scripts and Intune remediation packages to detect and resolve CVEs, misconfigurations, and compliance gaps at scale without manual intervention
• Operate and tune endpoint detection tooling to maintain continuous visibility into the vulnerability posture of the fleet
• Track remediation progress, report on vulnerability metrics and trends, and drive closure of open findings through coordination with application owners
   

Scripting & Automation

• Write robust PowerShell, Python, or Bash scripts to automate endpoint provisioning, compliance remediation, VDI image management, software deployment, and configuration drift detection
• Build and maintain automation pipelines for endpoint lifecycle events (enrollment, reconfiguration, decommission) using Intune Graph API, MECM task sequences, and CI/CD tooling
• Develop scripts and tools that surface endpoint health telemetry into monitoring platforms such as New Relic
• Maintain code in source control (GitHub), apply code review practices, and document automation libraries for team reuse
• Identify manual, repetitive operational tasks and replace them with reliable, tested automation
   

Technical Leadership & Collaboration

• Serve as the team’s subject matter expert for Windows, macOS, and mobile endpoint platforms
• Drive end-user experience goals and ongoing productivity improvement initiatives across the endpoint fleet
• Lead incident resolution, cross-functional troubleshooting, and root cause analysis for complex endpoint issues; engage vendors where appropriate
• Partner with the team’s manager and program manager to define and execute team vision and roadmaps
• Write and contribute to project plans, runbooks, and team documentation
• Collaborate with Security, Networking, and Application teams to ensure endpoints meet compliance and access control requirements
• Provide mentorship and technical coaching to team members on endpoint engineering best practices
• Participate in an on-call rotation as needed

You own this if you have...

• 6+ years of experience with end-user computing technologies within a complex organization, including development, implementation, and support
• Expert hands-on experience managing Windows client and server operating systems at scale using Microsoft Endpoint Configuration Manager (MECM/SCCM)
• Experience managing macOS, including configuration profiles, compliance policies, and software distribution
• Experience deploying and managing Virtual Desktop Infrastructure (VDI) platforms, including image lifecycle management and the supporting infrastructure (e.g., Azure Virtual Desktop)
• Expert experience managing Intune-enrolled mobile devices (Android, iOS), including device enrollment, configuration, app protection policies, and conditional access
• Expert proficiency writing PowerShell scripts for endpoint automation, remediation, and reporting; proficiency in Python or Bash is a strong plus
• Deep knowledge of Microsoft Intune (device compliance, configuration profiles, app deployment) and MECM/SCCM (task sequences, collections, software update management)
• Strong experience with Microsoft identity and infrastructure technologies including Azure AD, Active Directory, GPO, and DNS
• Understanding of source version control systems (GitHub) for managing scripts and configuration-as-code
• Familiarity with industry-standard monitoring and observability tools (New Relic)
• Understanding of security protocols, standards, and endpoint security controls (e.g., BitLocker, MDM compliance policies, conditional access)
• Ability to translate complex technical endpoint challenges into clear business impact and actionable solutions
• Comfortable working in an agile environment, meeting deadlines in a fast-paced, constantly evolving technology landscape
• Demonstrated ability to guide and oversee end-to-end feature delivery and implementation
• Passion for continuous improvement, always looking to eliminate toil and improve reliability through automation
• Ability to quickly learn new technologies and adopt new tools as the endpoint ecosystem evolves

Preferred Qualifications:

• Experience with Zebra device management tools, Android Enterprise enrollment workflows, and iOS/iPadOS device management via Intune
• Experience integrating endpoint telemetry into monitoring platforms (New Relic)
• Experience with hybrid cloud infrastructure (Azure/AWS) and endpoint management in cloud-joined or hybrid-joined scenarios
• Experience with application packaging formats (MSI, MSIX, APK) and enterprise software distribution best practices
• Experience with VDI health monitoring and operational tooling to maintain performance and availability of virtual desktop environments
• Exposure to ITSM platforms (ServiceNow, Jira) for change management and incident workflows
• Experience with web service integrations and REST APIs (e.g., Microsoft Graph API for Intune automation)

#LI-Hybrid

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away

• Life Insurance and Disability

• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.