Senior Endpoint Management Engineer
SAP Fioneer
Description
We are looking for a Senior Endpoint Management Engineer to own, maintain, and evolve the platforms that manage our entire device fleet. You will be the technical authority for two complementary MDM ecosystems — Microsoft Intune (Windows laptops, iPhones, and iPads) and Kandji / IRU (Apple MacBooks) — making sure every device is secure, compliant, and effortless to use from day one.
This is a hands-on engineering role for someone who treats endpoint management as a product: automated, measurable, and built around the end-user experience. As a financial-services technology (fintech) company operating in a highly regulated industry, we adopt cutting-edge technology to support rapid business growth without compromising on security. You will sit at the center of that mission — helping shift IT from a reactive, manual support model toward a proactive, automation-driven platform.
Key Responsibilities****Endpoint & MDM platform ownership
- Administer, maintain, and continuously improve Microsoft Intune (Windows laptops, iPhones, iPads) and Kandji / IRU (Apple MacBooks).
- Own the full device lifecycle: zero-touch enrollment via Apple Business Manager (ADE) and Windows Autopilot, configuration, app deployment, patching, and retirement.
- Define and enforce configuration profiles, compliance policies, and baseline standards across all platforms and OS versions.
- Maintain integrations across the wider stack: Microsoft 365, Microsoft Azure / Entra ID, Microsoft Defender, Cisco Meraki, and Zscaler.
Automation & AI
- Identify repetitive, manual, and error-prone tasks and replace them with automation (e.g., Intune Proactive Remediations, scripting, Microsoft Graph API, Kandji automation).
- Champion and implement AI-driven automations — self-service, self-healing, automated remediation, and assisted support — to improve the end-user experience and reduce service desk workload.
- Deliver measurable impact: fewer tickets, faster resolution, and less manual intervention.
Security & compliance (fintech-grade)
- Implement and maintain Zero Trust controls: Conditional Access, device compliance gating, encryption (BitLocker / FileVault), and least-privilege access.
- Manage endpoint threat protection through Microsoft Defender and ensure secure connectivity via Zscaler.
- Align endpoint configuration and evidence with regulatory and audit requirements — ISO 27001, SOC 2, DORA, and GDPR — and support internal and external audits.
End-user experience
- Deliver fast, reliable, zero-touch onboarding so new joiners are productive on day one.
- Proactively monitor device health and performance; resolve issues before users notice them.
- Act as the senior escalation point for complex endpoint issues raised by the service desk.
Collaboration & continuous improvement
- Partner with IT Support, IT Operations, Security, and Infrastructure teams, keeping ownership boundaries and escalation paths clear.
- Document standards, runbooks, and knowledge-base articles to enable the wider team.
- Track and report on endpoint KPIs (compliance rate, patch coverage, enrollment success, ticket deflection) and drive continual improvement.
Requirements Must Have
- 3–5 years of hands-on experience administering MDM / endpoint management platforms in an enterprise environment.
- Proven expertise with Microsoft Intune across Windows and iOS / iPadOS, and with macOS management via Kandji (or a comparable Apple MDM such as Jamf).
- Strong working knowledge of Apple Business Manager, Automated Device Enrollment (ADE), and Windows Autopilot.
- Solid grounding in Microsoft 365 and Microsoft Entra ID (Azure AD), including Conditional Access and compliance policies.
- Scripting and automation skills (PowerShell, Bash, and/or Microsoft Graph API).
- Practical understanding of endpoint security and compliance in a regulated environment.
Preferred / Nice to Have
- Relevant certifications: Microsoft 365 Certified: