Senior Endpoint Management Engineer

We are looking for a Senior Endpoint Management Engineer to own, maintain, and evolve the platforms that manage our entire device fleet. You will be the technical authority for two complementary MDM ecosystems — Microsoft Intune (Windows laptops, iPhones, and iPads) and Kandji / IRU (Apple MacBooks) — making sure every device is secure, compliant, and effortless to use from day one. 

This is a hands-on engineering role for someone who treats endpoint management as a product: automated, measurable, and built around the end-user experience. As a financial-services technology (fintech) company operating in a highly regulated industry, we adopt cutting-edge technology to support rapid business growth without compromising on security. You will sit at the center of that mission — helping shift IT from a reactive, manual support model toward a proactive, automation-driven platform. 

Key Responsibilities 

Endpoint & MDM platform ownership 

• Administer, maintain, and continuously improve Microsoft Intune (Windows laptops, iPhones, iPads) and Kandji / IRU (Apple MacBooks).

• Own the full device lifecycle: zero-touch enrollment via Apple Business Manager (ADE) and Windows Autopilot, configuration, app deployment, patching, and retirement.

• Define and enforce configuration profiles, compliance policies, and baseline standards across all platforms and OS versions.

• Maintain integrations across the wider stack: Microsoft 365, Microsoft Azure / Entra ID, Microsoft Defender, Cisco Meraki, and Zscaler.

Automation & AI 

• Identify repetitive, manual, and error-prone tasks and replace them with automation (e.g., Intune Proactive Remediations, scripting, Microsoft Graph API, Kandji automation).

• Champion and implement AI-driven automations — self-service, self-healing, automated remediation, and assisted support — to improve the end-user experience and reduce service desk workload.

• Deliver measurable impact: fewer tickets, faster resolution, and less manual intervention.

Security & compliance (fintech-grade) 

• Implement and maintain Zero Trust controls: Conditional Access, device compliance gating, encryption (BitLocker / FileVault), and least-privilege access.

• Manage endpoint threat protection through Microsoft Defender and ensure secure connectivity via Zscaler.

• Align endpoint configuration and evidence with regulatory and audit requirements — ISO 27001, SOC 2, DORA, and GDPR — and support internal and external audits.

End-user experience 

• Deliver fast, reliable, zero-touch onboarding so new joiners are productive on day one.

• Proactively monitor device health and performance; resolve issues before users notice them.

• Act as the senior escalation point for complex endpoint issues raised by the service desk.

Collaboration & continuous improvement 

• Partner with IT Support, IT Operations, Security, and Infrastructure teams, keeping ownership boundaries and escalation paths clear.

• Document standards, runbooks, and knowledge-base articles to enable the wider team.

• Track and report on endpoint KPIs (compliance rate, patch coverage, enrollment success, ticket deflection) and drive continual improvement.

Must Have

• 3–5 years of hands-on experience administering MDM / endpoint management platforms in an enterprise environment.

• Proven expertise with Microsoft Intune across Windows and iOS / iPadOS, and with macOS management via Kandji (or a comparable Apple MDM such as Jamf).

• Strong working knowledge of Apple Business Manager, Automated Device Enrollment (ADE), and Windows Autopilot.

• Solid grounding in Microsoft 365 and Microsoft Entra ID (Azure AD), including Conditional Access and compliance policies.

• Scripting and automation skills (PowerShell, Bash, and/or Microsoft Graph API).

• Practical understanding of endpoint security and compliance in a regulated environment.

Preferred / Nice to Have 

• Relevant certifications: Microsoft 365 Certified: Endpoint Administrator Associate (MD-102), Apple, or Kandji certifications.

• Hands-on experience with Microsoft Defender, Cisco Meraki, and Zscaler.

• Experience applying AI tooling (e.g., Copilot, AI-assisted scripting or support agents) to IT operations.

• Prior experience in fintech, financial services, or another regulated industry (ISO 27001 / SOC 2 / DORA / GDPR).

Who You Are 

• Proactive — you anticipate problems and fix root causes instead of reacting to tickets.

• A team player — you collaborate openly, share knowledge, and make the whole team better.

• Forward-looking — genuinely excited about automation and AI as tools to make IT faster and simpler.

• Security-minded — secure by default, with the judgment to balance protection and usability.

• A clear communicator — comfortable with technical peers and non-technical end users alike.

Join forces with some of the industry's most brilliant minds in a thrilling venture to shape the ever-evolving financial landscape.

Picture an environment that offers the best of both worlds: the agility, enthusiasm, and dynamism of a startup, seamlessly blended with the tried-and-true expertise, robust market presence, and vast customer network of a well-established organization.

At SAP Fioneer, you'll thrive in a flexible work setting that not only fosters creativity but also empowers you to think beyond conventional boundaries, bringing fresh concepts to the forefront and challenging the status quo. Here, you'll become an integral part of a diverse and globally connected team that we take immense pride in – a team that's perpetually expanding and innovating.

As a member of our workforce, you'll have the opportunity to carve your own career path, all while enjoying competitive compensation packages and advancement prospects based solely on your achievements.