Senior Enterprise Device Management Engineer in Suffolk

The Device Management Engineer is responsible for the technical ownership and management of the organisation’s end-user device estate, including operating system deployments, application management, security, and centralised device management platforms. This role requires a proactive, self-driven engineer with strong experience in enterprise environments and modern endpoint management technologies, with a focus on improving services, optimising processes, and enhancing user experience. Reporting to the IT Infrastructure Manager, the role provides senior technical support and escalation for device-related incidents, working closely with the IT Service Desk and wider IT teams. It is accountable for the operational delivery and continuous improvement of device management services.

Responsibilities

• Day-to-day device administration, project delivery, service requests, and software and security deployments across a large-scale estate of 30,000+ Windows, Android, and Apple devices.
• Build and maintain effective working relationships with business users and Group IT teams, acting as a key liaison between technical and non-technical stakeholders.
• Facilitate communication and knowledge sharing between IT and the wider business to improve adoption of services and solutions.
• Attend weekly team meetings and project progress meetings as required, providing updates on operational and project activities inline with the technical roadmap.
• Liaise with third-party suppliers and service providers where required to support operational and project delivery.
• Adhere to standard change control procedures, including preparing and presenting proposed changes to the Change Advisory Board (CAB).
• Coordinate with Device Management, Infrastructure, and Service Desk Team Leaders on device standards, support models, and escalation paths.
• Support project rollouts involving new hardware models, OS deployments, or enterprise application deliveries.
• Assist with pilot phases, UAT device builds, and phased rollouts, feeding back issues and recommendations.
• Drive continuous improvement in operational support processes for end-user devices, ensuring efficiency, consistency, and scalability.
• Improve service quality by developing internal capability through structured documentation, technical guidance, and support enablement.
• Maintain accurate, well-structured operational documentation to support device management platforms, deployment processes, and common support scenarios.
• Act as a subject matter expert for technologies supporting the central management of end-user devices, including endpoint security, application deployment, and device configuration platforms.

Key Skills & Experience – Essential

• Strong hands-on experience supporting Microsoft Intune for Windows device enrolment, configuration profiles, compliance policies, application deployment, and reporting.
• Proven experience administering Jamf Pro for Apple macOS and iOS/iPadOS device management, including device enrolment, configuration profiles, application deployment, and security controls.
• Experience managing Android devices using SOTI MobiControl, including policy enforcement, remote actions, device lockdown modes, and enterprise application deployment.
• Solid understanding of modern device management (MDM/MAM) principles across Windows, Apple, and Android platforms.

Patching & Update Management

• Experience managing OS and application patching for end-user devices, including:
• Windows Update for Business (WUfB)
• macOS and iOS update management
• Android OS updates via MDM
• Understanding of patch compliance reporting, risk-based patching, and remediation workflows.
• Ability to assess patch impact, support testing, and coordinate deployments to minimise business disruption.

Application Packaging & Security

• Experience packaging, deploying, and maintaining enterprise applications across Windows, macOS, iOS, and Android platforms.
• Understanding of application security controls, including managing permissions, update channels, and enforcing secure configuration baselines.
• Ability to work with application owners and vendors to resolve deployment or compatibility issues.

Endpoint Security

• Hands-on experience supporting Microsoft Defender (including Defender for Endpoint and relevant components within Microsoft Defender for Cloud) for device protection, alerting, and security posture monitoring.
• Experience integrating endpoint security L1 CIS standards.
• Understanding of endpoint security concepts and associated risks with InfoSec such as:
• Malware protection
• Device compliance
• Conditional access integration
• Threat detection and response

Desirable

• Experience supporting additional endpoint platforms or tooling such as MECM/SCCM, Workspace ONE, or other enterprise MDM solutions beyond Intune, Jamf, and SOTI.
• Exposure to shared or kiosk device scenarios, including retail, frontline, or task-based device deployments.
• Experience with Windows Autopilot, Apple Automated Device Enrolment (ADE), or Android Zero-touch beyond basic enrolment use.

Personal Attributes

• Highly organised, punctual, and detail-oriented.
• Strong communicator able to engage both technical and non-technical audiences.
• Proactive and capable of working independently.
• Analytical mindset with the ability to identify repeated faults or improvement areas.
• Strong sense of ownership and accountability.