Marathon Health is a leading provider of advanced primary care in the U.S., serving 2.5 million eligible patients through approximately 630 employer and union-sponsored clients. Our comprehensive services include advanced primary care, mental health, occupational health, musculoskeletal, and pharmacy services, delivered through our 680+ health centers across 41 states. We also offer virtual primary care and mental health services accessible in all 50 states. Transforming healthcare delivery with a patient-first approach, we prioritize convenient access to both in-person and virtual care, resulting in improved health outcomes and significant cost savings. Committed to inclusivity and collaboration, we foster a positive work environment and recruit exceptional talent to ensure expertise and compassion in healthcare delivery. Marathon has been recognized as a five-time Modern Healthcare Best Places to Work in Healthcare winner and a six-time Best in KLAS award winner for employer-sponsored healthcare services.

ABOUT THE JOB

In this critical role, you will be responsible for planning, implementing, and maintaining the endpoint device infrastructure within the organization. This includes collaborating with the IT security team in the planning and deployment of security configurations and systems in the endpoint infrastructure.

Endpoint infrastructure administration, task automation, securing the end user environment, remediating vulnerabilities, and application deployment and support are the top priorities for this position. This also includes large scale project related tasks such as planning and executing endpoint infrastructure migrations and integrations with existing and newly emerging technologies while meeting or exceeding SLA requirements and ITIL standards.

The Endpoint Systems Engineer will collaborate with cross-functional teams to ensure that all devices used across our healthcare infrastructure are properly configured, maintained, and protected. This role requires expertise in endpoint management, security protocols, and healthcare industry standards to support the delivery of safe and efficient care.

ESSENTIAL DUTIES & RESPONSIBILITIES

• Plan, deploy, configure, monitor, document, and maintain the endpoint infrastructure for desktops, laptops, MacBooks, tablets, and smartphones across all departments within the organization.
• Collaborate with the Help Desk team to create automated tasks and solutions to reduce ticket resolution time and service desk ticket intake.
• Implement and maintain lifecycle of endpoints from procurement to retirement, ensuring proper tracking, updates, and decommissioning of devices.
• Implement and maintain Mobile Device Management (MDM) solutions such as Intune and JAMF Pro to automate device provisioning, updates, and policy deployment.
• Ensure endpoint devices are securely configured with the latest patches, antivirus, and encryption software in accordance with organizational security policies.
• Collaborate with the Security Operations team to implement security changes to the endpoint environment while maintaining ITIL, Microsoft, and organization best practices.
• Collaborate with the Security Operations team to monitor, detect, and respond to security threats targeting endpoint devices.
• Implement and enforce endpoint security best practices, including device access control, data encryption, and multi-factor authentication.
• Ensure all endpoint management processes adhere to healthcare compliance standards such as HIPAA, SOC2, and other relevant regulations.
• Work closely with internal teams to conduct audits and risk assessments to identify vulnerabilities and implement appropriate mitigation measures.
• Provide engineer level support for endpoint-related issues and escalate issues as necessary to senior IT leadership teams and/or 3rd party vendors.
• Collaborate with clinical and administrative teams to ensure devices and are appropriately configured to meet the needs of users, particularly in clinical environments.
• Provide training and support documentation to end-users on proper use of endpoints, security best practices, and software applications.
• Ensure timely deployment of patches, updates, and software upgrades to all endpoint devices, in line with the organization’s patch management policy.
• Coordinate with application owners and vendors to ensure compatibility and performance of medical and business software on endpoint devices.
• Maintain detailed records of endpoint configurations, patching history, security incidents, and lifecycle status.
• Utilize ITIL and Microsoft best practices deploy infrastructure changes in a safe and responsible manner.
• Generate regular reports on endpoint health, security compliance, and usage trends to senior IT leadership.
• Assist with evaluating, selecting, and managing vendors for endpoint hardware, software, and support services.
• Ensure MDM Administrator is given the support/tools needed to perform KTLO duties and responsibilities.

QUALIFICATIONS

Bachelor’s degree in Computer Science, Information Technology, and 5+ years of experience in endpoint management, system administration, or IT support in a healthcare or highly regulated industry or equivalent combination of education and experience. At least 3+ years in Intune and JAMF Pro preferred.

• Must have experience with Microsoft Endpoint Manager, Intune, Apple Business Manager, JAMF.
• Experience with other various mobile device management (MDM) tools and strategies not mentioned is not required but is preferred.
• Experience with application packaging (e.g., Win32, LOB, Pkg, .exe)
• Knowledge of healthcare-specific IT standards (e.g., HIPAA, HITECH, FDA requirements for medical devices).
• Proficiency in endpoint security best practices, including encryption, antivirus, and device management utilizing Microsoft Defender for Endpoint and JAMF Protect.
• Strong knowledge of operating systems (Windows, macOS, iOS, Android).
• Familiarity with network protocols, remote access solutions, and VPN technologies.
• Hands-on experience with Active Directory, Group Policy, and PowerShell scripting.
• Experience with patch management, vulnerability scanning, and remediation.

Pay Range: $85,000 - $105,000/yr

The actual offer may vary dependent upon geographic location and the candidate’s years of experience and/or skill level.

We are accepting applications for this position until a candidate has been selected. To apply to this position and learn more about open jobs at Marathon Health, visit our careers page.

Marathon Benefits Summary

We believe in empowering teammates to do their best work and build better healthcare. Below are some of our benefit offerings. Eligibility is based on 24/hr week.

• Health and Well-Being: Free Marathon membership for in person and virtual care, employer paid life and disability insurance, and choice in medical/dental plans, vision, employer funded HSA, FSA, and voluntary illness, accident and hospitalization plans. Benefits are effective on the first of the month following date of hire.
• Financial Support: Competitive compensation, 401k match, access to financial coaching through our Employee Assistance Program
• Lifestyle: Paid time off for vacation, sick leave, and more, holiday schedule