The Workplace Engineering organization is responsible for the design, delivery, and operation of the firms endpoint and device management platforms, supporting physical, virtual, and cloudhosted desktops across the digital workplace.

The Endpoint Management Platform function owns the strategy and execution for modern device management, including the transformation from legacy client management tools to cloudbased, MDMdriven architectures. This function works closely with Security Engineering, Technology Risk, Compliance, and Audit teams to ensure endpoint management solutions are secure, scalable, and compliant by design.

We are seeking an Intune Platform Lead to own the engineering strategy, migration execution, and operational design for the firms modern endpoint management platform.

This role has primary responsibility for leading the migration from legacy device management (e.g., onpremise client management, GPOcentric models) to modern MDMbased management, while ensuring continuity of service, security control coverage, and audit readiness.

The role sits at the intersection of platform engineering, endpoint security, and technology risk governance, and requires deep experience designing cloudnative management patterns, defining policy baselines, and operating at enterprise scale.

• Own the endpoint management platform strategy, with a clear roadmap for:
  • Migrating from legacy client management tooling
  • Adopting MDMcentric, cloudmanaged device models
  • Reducing dependency on traditional imaging, GPOs, and onprem infrastructure
• Define targetstate architectures for modern endpoint management across physical, virtual, and cloud desktop environments
• Establish standards for policy, configuration, and device lifecycle management

• Lead enterprisescale migration from:
  • Legacy client management platforms
  • GPOheavy configuration models
  • Imagebased provisioning and tasksequence workflows
    to
  • Policydriven, MDMmanaged device models
• Define and execute comanagement and transition strategies, including:
  • Workload segmentation
  • Phased cutover approaches
  • Dependency and risk management
• Partner with application, security, and platform teams to modernize device and app management patterns

• Design and maintain:
  • Endpoint configuration baselines
  • Compliance and posture policies
  • Update and patch management strategies
• Ensure consistency and enforcement across:
  • Corporateowned devices
  • Virtual and cloudhosted desktops
  • Remote and hybrid workforce scenarios
• Balance security, usability, and operational scalability

• Partner closely with Technology Risk, Security Engineering, and Audit teams to:
  • Support security design and architecture reviews
  • Demonstrate control coverage and enforcement through platform capabilities
  • Address risk findings related to device management, configuration drift, and endpoint posture
• Ensure the platform supports defensible controls, including device trust, access enforcement, and policy compliance
• Produce and maintain architecture diagrams, control narratives, and audit evidence

• Define platform operating models, including:
  • Rolebased administration
  • Change and release processes
  • Monitoring and troubleshooting practices
• Drive automation for device provisioning, configuration deployment, and compliance reporting
• Act as escalation point for complex endpoint management issues

• Serve as the technical authority for endpoint management across Workplace Engineering
• Guide and mentor engineers working on device and endpoint management
• Communicate clearly with:
  • Workplace Engineering leadership
  • Security and Risk stakeholders
  • Application and infrastructure teams

• 612 years of experience in endpoint management, workplace engineering, or platform engineering
• Significant handson experience with enterprisescale device management, including legacy client management platforms and modern MDM models
• Proven experience leading or contributing to largescale migrations from legacy to modern endpoint management
• Strong understanding of:
  • Windows device lifecycle management
  • Policybased configuration models
  • Update, patch, and compliance enforcement
• Experience working in regulated environments with formal risk, audit, and governance processes
• Strong documentation and communication skills

• Deep experience designing cloudnative endpoint management architectures
• Strong understanding of:
  • Identitycentric and zero trust endpoint models
  • Security baseline enforcement and configuration compliance
  • Endpoint telemetry and health reporting
• Experience operating endpoint platforms supporting:
  • Cloud desktops
  • Virtual desktops
  • Hybrid enterprise environments
• Ability to navigate complex organizational change where legacy tooling is deeply embedded

• Legacy client management dependencies are systematically reduced and retired
• Endpoint management is policydriven, cloudfirst, and scalable
• Security and Technology Risk teams have confidence in control enforcement and visibility
• Device management is simpler, more consistent, and easier to audit
• Engineers and end users experience predictable, reliable device behavior.