Senior Endpoint Management Engineer

About The Position

Requirements

• 3–5 years of hands-on experience administering MDM / endpoint management platforms in an enterprise environment.
• Proven expertise with Microsoft Intune across Windows and iOS / iPadOS, and with macOS management via Kandji (or a comparable Apple MDM such as Jamf).
• Strong working knowledge of Apple Business Manager, Automated Device Enrollment (ADE), and Windows Autopilot.
• Solid grounding in Microsoft 365 and Microsoft Entra ID (Azure AD), including Conditional Access and compliance policies.
• Scripting and automation skills (PowerShell, Bash, and/or Microsoft Graph API).
• Practical understanding of endpoint security and compliance in a regulated environment.

Nice To Haves

• Relevant certifications: Microsoft 365 Certified: Endpoint Administrator Associate (MD-102), Apple, or Kandji certifications.
• Hands-on experience with Microsoft Defender, Cisco Meraki, and Zscaler.
• Experience applying AI tooling (e.g., Copilot, AI-assisted scripting or support agents) to IT operations.
• Prior experience in fintech, financial services, or another regulated industry (ISO 27001 / SOC 2 / DORA / GDPR).

Responsibilities

• Endpoint & MDM platform ownership: Administer, maintain, and continuously improve Microsoft Intune (Windows laptops, iPhones, iPads) and Kandji / IRU (Apple MacBooks).
• Own the full device lifecycle: zero-touch enrollment via Apple Business Manager (ADE) and Windows Autopilot, configuration, app deployment, patching, and retirement.
• Define and enforce configuration profiles, compliance policies, and baseline standards across all platforms and OS versions.
• Maintain integrations across the wider stack: Microsoft 365, Microsoft Azure / Entra ID, Microsoft Defender, Cisco Meraki, and Zscaler.
• Automation & AI: Identify repetitive, manual, and error-prone tasks and replace them with automation (e.g., Intune Proactive Remediations, scripting, Microsoft Graph API, Kandji automation).
• Champion and implement AI-driven automations — self-service, self-healing, automated remediation, and assisted support — to improve the end-user experience and reduce service desk workload.
• Deliver measurable impact: fewer tickets, faster resolution, and less manual intervention.
• Security & compliance (fintech-grade): Implement and maintain Zero Trust controls: Conditional Access, device compliance gating, encryption (BitLocker / FileVault), and least-privilege access.
• Manage endpoint threat protection through Microsoft Defender and ensure secure connectivity via Zscaler.
• Align endpoint configuration and evidence with regulatory and audit requirements — ISO 27001, SOC 2, DORA, and GDPR — and support internal and external audits.
• End-user experience: Deliver fast, reliable, zero-touch onboarding so new joiners are productive on day one.
• Proactively monitor device health and performance; resolve issues before users notice them.
• Act as the senior escalation point for complex endpoint issues raised by the service desk.
• Collaboration & continuous improvement: Partner with IT Support, IT Operations, Security, and Infrastructure teams, keeping ownership boundaries and escalation paths clear.
• Document standards, runbooks, and knowledge-base articles to enable the wider team.
• Track and report on endpoint KPIs (compliance rate, patch coverage, enrollment success, ticket deflection) and drive continual improvement.

Benefits

• Competitive compensation packages
• Advancement prospects based solely on achievements
• Flexible work setting