[Hiring] Senior Endpoint Management Engineer @SAP Fioneer

Role Description

We are looking for a Senior Endpoint Management Engineer to own, maintain, and evolve the platforms that manage our entire device fleet. You will be the technical authority for two complementary MDM ecosystems — Microsoft Intune (Windows laptops, iPhones, and iPads) and Kandji / IRU (Apple MacBooks) — making sure every device is secure, compliant, and effortless to use from day one.

This is a hands-on engineering role for someone who treats endpoint management as a product: automated, measurable, and built around the end-user experience. As a financial-services technology (fintech) company operating in a highly regulated industry, we adopt cutting-edge technology to support rapid business growth without compromising on security. You will sit at the center of that mission — helping shift IT from a reactive, manual support model toward a proactive, automation-driven platform.

Key Responsibilities

• Endpoint & MDM platform ownership
  • Administer, maintain, and continuously improve Microsoft Intune (Windows laptops, iPhones, iPads) and Kandji / IRU (Apple MacBooks).
  • Own the full device lifecycle: zero-touch enrollment via Apple Business Manager (ADE) and Windows Autopilot, configuration, app deployment, patching, and retirement.
  • Define and enforce configuration profiles, compliance policies, and baseline standards across all platforms and OS versions.
  • Maintain integrations across the wider stack: Microsoft 365, Microsoft Azure / Entra ID, Microsoft Defender, Cisco Meraki, and Zscaler.
• Automation & AI
  • Identify repetitive, manual, and error-prone tasks and replace them with automation (e.g., Intune Proactive Remediations, scripting, Microsoft Graph API, Kandji automation).
  • Champion and implement AI-driven automations — self-service, self-healing, automated remediation, and assisted support — to improve the end-user experience and reduce service desk workload.
  • Deliver measurable impact: fewer tickets, faster resolution, and less manual intervention.
• Security & compliance (fintech-grade)
  • Implement and maintain Zero Trust controls: Conditional Access, device compliance gating, encryption (BitLocker / FileVault), and least-privilege access.
  • Manage endpoint threat protection through Microsoft Defender and ensure secure connectivity via Zscaler.
  • Align endpoint configuration and evidence with regulatory and audit requirements — ISO 27001, SOC 2, DORA, and GDPR — and support internal and external audits.
• End-user experience
  • Deliver fast, reliable, zero-touch onboarding so new joiners are productive on day one.
  • Proactively monitor device health and performance; resolve issues before users notice them.
  • Act as the senior escalation point for complex endpoint issues raised by the service desk.
• Collaboration & continuous improvement
  • Partner with IT Support, IT Operations, Security, and Infrastructure teams, keeping ownership boundaries and escalation paths clear.
  • Document standards, runbooks, and knowledge-base articles to enable the wider team.
  • Track and report on endpoint KPIs (compliance rate, patch coverage, enrollment success, ticket deflection) and drive continual improvement.

Qualifications

• 3–5 years of hands-on experience administering MDM / endpoint management platforms in an enterprise environment.
• Proven expertise with Microsoft Intune across Windows and iOS / iPadOS, and with macOS management via Kandji (or a comparable Apple MDM such as Jamf).
• Strong working knowledge of Apple Business Manager, Automated Device Enrollment (ADE), and Windows Autopilot.
• Solid grounding in Microsoft 365 and Microsoft Entra ID (Azure AD), including Conditional Access and compliance policies.
• Scripting and automation skills (PowerShell, Bash, and/or Microsoft Graph API).
• Practical understanding of endpoint security and compliance in a regulated environment.

Preferred / Nice to Have

• Relevant certifications: Microsoft 365 Certified: Endpoint Administrator Associate (MD-102), Apple, or Kandji certifications.
• Hands-on experience with Microsoft Defender, Cisco Meraki, and Zscaler.
• Experience applying AI tooling (e.g., Copilot, AI-assisted scripting or support agents) to IT operations.
• Prior experience in fintech, financial services, or another regulated industry (ISO 27001 / SOC 2 / DORA / GDPR).

Who You Are

• Proactive — you anticipate problems and fix root causes instead of reacting to tickets.
• A team player — you collaborate openly, share knowledge, and make the whole team better.
• Forward-looking — genuinely excited about automation and AI as tools to make IT faster and simpler.
• Security-minded — secure by default, with the judgment to balance protection and usability.
• A clear communicator — comfortable with technical peers and non-technical end users alike.