Senior Endpoint Engineer

We are looking for a Senior Endpoint Engineer to join our Technology Infrastructure team and help design, secure, and modernize endpoint management capabilities for large-scale enterprise environments in the capital markets domain.

This is a hands-on engineering role focused on Microsoft Intune, Tanium, endpoint security, patch management, automation, and cloud-native device management.

You will work with complex global infrastructure where reliability, security, compliance, and operational visibility are critical. The role is ideal for an engineer who has strong experience with modern endpoint management platforms and wants to drive the transition from legacy tools and manual processes to a more automated, Zero Trust-oriented model.

What you will do:

• Design, configure, and maintain endpoint management policies across Windows, macOS, iOS, Android, and ChromeOS using Microsoft Intune and Tanium.
• Own Intune configurations, including enrollment profiles, compliance policies, configuration profiles, application deployment, Autopilot, and Conditional Access integration.
• Use Tanium to provide real-time endpoint visibility, support investigation, remediation, patching, software deployment, and operational health monitoring.
• Manage the end-to-end patch management lifecycle for operating systems and applications, including critical vulnerability remediation and compliance tracking.
• Implement and improve endpoint security controls, including BitLocker, Microsoft Defender for Endpoint, Zero Trust policies, and certificate-based authentication.
• Build automation with PowerShell, Intune remediation scripts, Tanium packages, sensors, and deployment workflows.
• Support modernization of legacy endpoint management processes, including migration from tools such as SCCM / ConfigMgr, HPDM, manual imaging, or similar platforms.
• Collaborate with cybersecurity, infrastructure, network, and service desk teams to ensure secure, reliable, and well-documented endpoint operations.

Required:

• 5+ years of experience in endpoint engineering, end-user computing, workplace engineering, infrastructure engineering, or security operations in an enterprise environment.
• Strong hands-on expertise with Microsoft Intune, including Autopilot, compliance policies, configuration profiles, app deployment, and Entra ID / Conditional Access integration.
• Production-level experience with Tanium, including relevant modules such as Interact, Patch, Deploy, Protect, and Tanium Connector for Microsoft Intune.
• Strong PowerShell scripting skills and the ability to automate real operational tasks.
• Experience managing Windows 10/11, macOS, iOS, and Android device fleets.
• Solid understanding of endpoint security, Zero Trust principles, endpoint compliance, patch management, and vulnerability remediation.
• Experience with BitLocker, Microsoft Defender for Endpoint, and certificate-based authentication.
• Ability to work with complex enterprise environments where security, reliability, auditability, and operational discipline are essential.
• Strong ownership mindset and ability to act as a senior hands-on engineer, not only as an administrator or support specialist.
• Experience in financial services, fintech, banking, investment management, or another regulated environment.

Nice to have:

• Experience migrating from SCCM / ConfigMgr, HPDM, Ivanti, MobileIron, or other legacy endpoint management tools to Intune, Tanium, or other modern UEM platforms.
• Microsoft certifications such as MD-102, SC-300, or AZ-500.
• Tanium Certified Operator or Tanium Certified Administrator certification.
• Experience with HP thin client environments, HPDM, or Windows IoT Enterprise management.

Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.

• Familiarity with SysTrack Lakeside DEX or similar endpoint analytics platforms.
• Experience with ServiceNow ITSM integration.
• Exposure to CI/CD practices for endpoint configuration and deployment automation.

Benefits

• Flexible work setup: remote or a hybrid model
• Health insurance coverage for those based in Cyprus or Poland.
• 50% coverage of health insurance for spouses and children in Cyprus or Poland.
• 24 days of paid vacation.
• 10 days of paid sick leave.
• 50% reimbursement for professional training, education, conferences.
• Work alongside a highly professional team.
• Engaging teambuilding events and activities.

In case of relocation to Poland or Cyprus, we offer

• Flight tickets, accommodation rent for 1st month for our relocated employee and his/her official family.
• Support in visa application and issue process, entry permit and residence permit processing