The Aspen Group (TAG) is one of the largest and most trusted retail healthcare business support organizations in the U.S., supporting 15,000 healthcare professionals and team members at more than 1,000 health and wellness offices across 46 states in four distinct categories: Dental Care, Urgent Care, Pet Care, and Medical Aesthetics. Working in partnership with independent practice owners and clinicians, the team is united by a single purpose: to prove that healthcare can be better and smarter for everyone. TAG provides a comprehensive suite of centralized business support services that power the impact of four consumer-facing businesses: Aspen Dental, ClearChoice Dental Implant Centers, WellNow Urgent Care, Lovet Veterinary Clinics and Chapter Aesthetic Studio. Each brand has access to a deep community of experts, tools and resources to grow their practices, and an unwavering commitment to delivering high-quality consumer healthcare experiences at scale.
We are seeking a strong, hands-on Manager of Endpoint Engineering to lead a team of 3-5 engineers responsible for managing and securing a large-scale fleet of Windows, Mac OS, iOS, Android and embedded devices across a large geographically distributed enterprise. This role combines deep technical expertise with strong team leadership and stakeholder management. The incoming manager will bring strong experience designing, deploying, and supporting modern endpoint environments at scale and will be expected to deliver operational excellence for our endpoint engineering function. The ideal candidate is a technical leader who has successfully operated in complex, large-scale environments and values high standards of clarity, consistency, and repeatability.
Responsibilities:
- Lead, mentor, and develop a team of 3-5 endpoint engineers responsible for thousands of corporate endpoints across Windows, Mac OS, and mobile platforms.
- Design and implement enterprise-scale endpoint strategies using MECM, Intune, and JAMF, ensuring performance, scalability, and security across a nationwide footprint. Strong experience with MECM, Intune, and JAMF will be a key factor of success for the role.
- Maintain high-quality documentation including architecture diagrams, deployment procedures, support runbooks, and configuration standards. Coach the team to establish and maintain high standards for technical documentation, ensuring all solutions, processes, and configurations are clearly documented for scalability, training, support, audit readiness and business continuity.
- Enforce and evolve endpoint security best practices, including compliance policies, device hardening, encryption, EDR integration, and zero trust principles.
- Build and maintain automated, scalable solutions for endpoint configuration, onboarding, software delivery, and compliance enforcement.
- Collaborate across IT teams including Security, Networking, Infrastructure, Procurement, and Service Desk to deliver consistent and supportable end-user experiences.
- Drive adherence to ITIL/ITSM processes, especially around change management, incident response, and problem resolution.
- Act as the technical owner for endpoint-related projects, ensuring high-quality delivery, user impact awareness, and successful stakeholder engagement.
- Help establish standards for the full endpoint lifecycle, including hardware provisioning, operating system deployment, application packaging, patching, and secure decommissioning.
Qualifications:
- 8+ years of IT infrastructure or endpoint engineering experience, with 3+ years in a team leadership or management role.
- Proven success managing large-scale endpoint environments (10,000+ devices) with modern tools like MECM, Intune, and JAMF.
- Strong scripting and automation skills (e.g., PowerShell, Bash) for endpoint management tasks.
- Excellent documentation skills, with the ability to set team-wide standards and produce clear, detailed, and version-controlled technical documentation.
- Deep understanding of endpoint security, identity and access management, and compliance tooling.
- Demonstrated ability to manage multiple stakeholders and competing priorities, with excellent communication and collaboration skills.
- Experience working in structured ITIL/ITSM environments, including change, asset, and configuration management.
- Industry certifications (e.g., Microsoft Certified: Endpoint Administrator, JAMF Certified Admin, ITIL v4) preferred but not required
- Experience supporting a geographically distributed hybrid workforce in a large enterprise setting.
- Familiarity with conditional access, remote device management, identity-driven security, and modern workplace technologies.
This role is onsite 5 days/week in our Chicago office (Fulton Market District)
- A generous benefits package that includes paid time off, health, dental, vision, and 401(k) savings plan with match