The Workplace Engineering organization is responsible for the design, delivery, and operation of the firm’s endpoint and device management platforms, supporting physical, virtual, and cloud‑hosted desktops across the digital workplace.

The Endpoint Management Platform function owns the strategy and execution for modern device management, including the transformation from legacy client management tools to cloud‑based, MDM‑driven architectures. This function works closely with Security Engineering, Technology Risk, Compliance, and Audit teams to ensure endpoint management solutions are secure, scalable, and compliant by design.

We are seeking an Intune Platform Lead to own the engineering strategy, migration execution, and operational design for the firm’s modern endpoint management platform.

This role has primary responsibility for leading the migration from legacy device management (e.g., on‑premise client management, GPO‑centric models) to modern MDM‑based management, while ensuring continuity of service, security control coverage, and audit readiness.

The role sits at the intersection of platform engineering, endpoint security, and technology risk governance, and requires deep experience designing cloud‑native management patterns, defining policy baselines, and operating at enterprise scale.

• Own the endpoint management platform strategy, with a clear roadmap for:
  • Migrating from legacy client management tooling
  • Adopting MDM‑centric, cloud‑managed device models
  • Reducing dependency on traditional imaging, GPOs, and on‑prem infrastructure
• Define target‑state architectures for modern endpoint management across physical, virtual, and cloud desktop environments
• Establish standards for policy, configuration, and device lifecycle management

• Lead enterprise‑scale migration from:
  • Legacy client management platforms
  • GPO‑heavy configuration models
  • Image‑based provisioning and task‑sequence workflows
    to
  • Policy‑driven, MDM‑managed device models
• Define and execute co‑management and transition strategies, including:
  • Workload segmentation
  • Phased cutover approaches
  • Dependency and risk management
• Partner with application, security, and platform teams to modernize device and app management patterns

• Design and maintain:
  • Endpoint configuration baselines
  • Compliance and posture policies
  • Update and patch management strategies
• Ensure consistency and enforcement across:
  • Corporate‑owned devices
  • Virtual and cloud‑hosted desktops
  • Remote and hybrid workforce scenarios
• Balance security, usability, and operational scalability

• Partner closely with Technology Risk, Security Engineering, and Audit teams to:
  • Support security design and architecture reviews
  • Demonstrate control coverage and enforcement through platform capabilities
  • Address risk findings related to device management, configuration drift, and endpoint posture
• Ensure the platform supports defensible controls, including device trust, access enforcement, and policy compliance
• Produce and maintain architecture diagrams, control narratives, and audit evidence

• Define platform operating models, including:
  • Role‑based administration
  • Change and release processes
  • Monitoring and troubleshooting practices
• Drive automation for device provisioning, configuration deployment, and compliance reporting
• Act as escalation point for complex endpoint management issues

• Serve as the technical authority for endpoint management across Workplace Engineering
• Guide and mentor engineers working on device and endpoint management
• Communicate clearly with:
  • Workplace Engineering leadership
  • Security and Risk stakeholders
  • Application and infrastructure teams

• 6–12 years of experience in endpoint management, workplace engineering, or platform engineering
• Significant hands‑on experience with enterprise‑scale device management, including legacy client management platforms and modern MDM models
• Proven experience leading or contributing to large‑scale migrations from legacy to modern endpoint management
• Strong understanding of:
  • Windows device lifecycle management
  • Policy‑based configuration models
  • Update, patch, and compliance enforcement
• Experience working in regulated environments with formal risk, audit, and governance processes
• Strong documentation and communication skills

• Deep experience designing cloud‑native endpoint management architectures
• Strong understanding of:
  • Identity‑centric and zero trust endpoint models
  • Security baseline enforcement and configuration compliance
  • Endpoint telemetry and health reporting
• Experience operating endpoint platforms supporting:
  • Cloud desktops
  • Virtual desktops
  • Hybrid enterprise environments
• Ability to navigate complex organizational change where legacy tooling is deeply embedded

• Legacy client management dependencies are systematically reduced and retired
• Endpoint management is policy‑driven, cloud‑first, and scalable
• Security and Technology Risk teams have confidence in control enforcement and visibility
• Device management is simpler, more consistent, and easier to audit
• Engineers and end users experience predictable, reliable device behavior.