Lead Desktop Engineer

About The Position

Requirements

• BS/MS degree or equivalent experience, with 8+ years in endpoint engineering, EUC, or desktop platform management in a large enterprise.
• Deep hands-on expertise with Intune, MECM/SCCM, Microsoft Defender, Entra ID, and Windows endpoint security controls.
• Strong experience in regulated environments such as financial services, healthcare, or similar industries.
• Proven ownership of endpoint patching, vulnerability remediation, OS lifecycle, and compliance controls at scale.
• Demonstrated experience serving as the technical decision-maker for high-risk or high-impact changes.
• Strong understanding of Zero Trust, device posture, and conditional access.
• Excellent troubleshooting and root cause analysis skills.

Nice To Haves

• Experience supporting environments with 10,000+ endpoints.
• Familiarity with audit, risk, and compliance frameworks related to endpoint controls.
• Experience driving automation and standardization through PowerShell, policy-as-code, reporting, or similar capabilities.
• Strong communication skills with the ability to engage security, audit, and senior leadership stakeholders.

Responsibilities

• Lead endpoint engineering, operations, and security across ~14,000 devices.
• Own the endpoint management ecosystem, including Intune, MECM/SCCM, Microsoft Defender, Entra ID, and related tools.
• Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards aligned to security and regulatory requirements.
• Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access.
• Serve as the decision authority for high-risk endpoint changes, including patching, policy updates, and security remediations.
• Ensure timely vulnerability remediation in line with firm SLAs and maintain audit readiness.
• Enforce secure baseline configurations and compliance controls across managed endpoints.
• Partner with Security and Vulnerability Management teams to plan and execute remediation activities.
• Ensure endpoint controls and processes are measurable, auditable, and defensible.
• Act as the escalation point for complex or high-impact endpoint incidents, driving root cause analysis and corrective action.
• Improve operational efficiency through automation, standardization, and reduction of manual processes.
• Drive consistency, reliability, and scale through policy-driven management and modern endpoint practices.
• Identify opportunities to modernize endpoint engineering tools and processes while maintaining compliance.
• Provide technical leadership and mentorship within the endpoint engineering team.
• Partner with support, infrastructure, identity, security, risk, and audit teams to ensure clear ownership and effective execution.
• Translate technical risks and trade-offs into actionable recommendations for leadership.

Benefits

• Competitive compensation
• Annual bonus eligibility
• A generous retirement plan
• Hybrid work schedule
• Health and wellness benefits, including online therapy
• Paid time off for vacation, illness, medical appointments, and volunteering days
• Family care resources, including fertility and adoption benefits