Senior Endpoint Engineer

The role at a glance: NBBJ is currently seeking a Senior Endpoint Engineer to join the London office. The Endpoint Engineer will be responsible for establishing and maintaining the gold standard for endpoint devices across NBBJ's global operations. This includes designing secure, high-performing device configurations, implementing robust management practices with tools such as SCCM, JAMF, Intune, and Purview, while driving innovation through the strategic use of AI. Beyond core device and baseline management, this role supports and integrates a range of cloud-based, user-facing platforms to ensure seamless, secure, and intuitive daily workflows. This role works hands-on to ensure every device meets rigorous readiness criteria, proactively resolve technical challenges, and collaborate with teams to support new technologies and platforms. The ideal candidate understands how to balance security, user experience, and operational efficiency, communicates technical concepts clearly, and is instrumental in enabling seamless, secure, and innovative digital experiences for all users.

In your new role, you will:

• Gold Device Standards
  • Define and maintain device specifications by persona/studio use case (performance targets, firmware/driver standards)
  • Coordinate with Asset & Licensing Specialist (ALS) for hardware alignment and lifecycle management
  • Support and inform initiatives related to engineering the end user experience, ensuring that devices, cloud services, and security controls work together without friction
• Secure Baselines & Readiness Gate
  • Author and version GPO/MDM baselines (BitLocker, Defender, firewall, device control, local rights, browser/Office hardening, Wi Fi/EAP, certificate chain)
  • Define readiness gate criteria and automated acceptance checks for device handoff
  • Manage and support firmwide cloud collaboration and storage tools such as Box, ShareFile, and other end user SaaS platforms
• Endpoint Integrations
  • Engineer and maintain Autopilot/OOBE flows, enrollment status pages, update ring strategy, health/compliance connectors, and telemetry models for operations reporting
  • Utilize AI tools to automate and enhance endpoint management, validation, and security workflows
  • Map baselines to END controls, package CAB requests with risk notes, test plans, rollback/communication steps, and capture promotion evidence for audits
  • Partner with Collaboration, UX, and Security teams to design cohesive, user-centered experiences across devices, applications, and services
• Incident & Problem Management
  • Lead root cause analysis (RCA) for policy/baseline defects, update standards/readiness tests, and partner with Senior Desktop Engineer for safe redeployment
  • Troubleshoot and optimize workflows that span multiple cloud systems, ensuring reliability, access integrity, and user productivity
  • Provide reference artifacts, publish diagrams/runbooks, and brief stakeholders on changes impacting device experience or training
  • Own and version secure baselines and readiness gates mapped to END controls; route changes via CAB; monitor control health and coauthor control adoptions/exceptions with Cybersecurity

What you will need to succeed:

• Bachelor's degree in Computer Science, Information Technology, or related field, or equivalent experience
• 5+ years in End User Computing or Endpoint Configuration Engineering
• Certifications: MD-102, SC-200, SC-400 or equivalents preferred
• Hands-on experience with JAMF, Intune, and Purview (required)
• Experience with GPO, Autopilot/OOBE, update rings, compliance policies, certificate/802.1X/Wi Fi profiles
• Demonstrated ability to use AI tools to automate, validate, and improve endpoint workflows and security
• Excellent problem-solving and communication skills
• Familiarity with automation tools and scripting (PowerShell, Python)
• Proven ability to manage projects and support cross-functional initiatives

Additional attributes to help you succeed:

• Experience with architecture/design firm environments
• Experience with MacOS, Microsoft Teams Rooms, Meta 3 VR headsets and other Android-based devices in an enterprise environment
• Citrix (Virtual Apps/Desktops, Workspace) experience is a strong plus, especially in environments blending physical endpoints with virtualized workloads
• Security by design: builds secure defaults and proves them with telemetry
• Systems thinking: simplifies policy portfolios; designs for resilience & rollback
• Change stewardship: meticulous with CAB artifacts, evidence, and communications
• Partnership mindset: enables teams and stakeholders to run faster via clear, testable standards