Windows SME in London

About Persistent: We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what’s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world, including 20 Fortune 50 companies and 4 of the 5 top banks in both the US and India, and numerous innovators across the healthcare ecosystem. Our disruptor’s mindset, commitment to client success, and agility to thrive in the dynamic environment have enabled us to sustain our growth momentum. Persistent has been recognized across top industry platforms for innovation, leadership, and inclusion. We have delivered 21 sequential quarters of growth with $389.7M in Q1 FY26 revenue, up 3.9% Q-o-Q and 18.8% Y-o-Y growth. Our 25,000+ global team members, located in 18 countries, have been instrumental in helping the market leaders transform their industries.

We are hiring a Windows SME in UK location who has Device and Image management experience on Intune to support a leading financial services organization. The role requires a highly experienced engineer with deep expertise in Windows engineering, Microsoft 365, Microsoft Intune, and enterprise-grade security and compliance controls aligned with banking-sector regulatory expectations. The successful candidate will work onsite within a regulated environment, ensuring all systems adhere to strict audit, security, and change-management standards.

Key Responsibilities

• Lead the design, engineering, and lifecycle management of Windows 10/11 across trading floors, corporate offices, and secure environments.
• Maintain a hardened, compliant Windows desktop baseline aligned with financial sector requirements (e.g., CIS/NIST/NCSC).
• Support high-availability endpoint environments used by traders, analysts, and regulated functions.
• Design and operate Intune-based modern management solutions with a focus on security, compliance, and policy governance required in banking.
• Manage Autopilot provisioning for distributed and secure device deployment.
• Build Win32 application packages, configuration profiles, compliance rules, and security policies with strict adherence to change-control procedures.
• Maintain a secure, version-controlled Windows image for regulated environments, ensuring risk-assessed image changes, comprehensive audit documentation, and traceable approval workflows.
• Implement device controls and configurations aligned to FCA, PRA, EBA guidelines, Cyber Security Frameworks, and SOX controls (where applicable).
• Manage and monitor BitLocker, Defender for Endpoint, ASR Rules, Credential Guard, and Disk Encryption.
• Ensure every change follows strict governance: CAB, audit trails, risk assessments, and rollback plans.
• Manage Entra ID device identities, Conditional Access rules based on zero-trust principles, and device security posture.
• Oversee secure rollout of M365 Apps, Teams, OneDrive KFM, and productivity tools in a regulated banking context.
• Develop secure and reusable PowerShell automation for deployment, compliance remediation, and endpoint analytics reporting.
• Serve as the Windows and Intune SME for internal teams including Security, Risk & Compliance, End-User Computing, and Trading Support.
• Provide senior-level technical guidance and mentor team members.

Essential Skills & Experience

• 10+ years in Windows engineering, ideally within the banking or financial services sector.
• Proven Device and Image management experience using Intune and Autopilot.
• Expert-level knowledge of Windows 10/11, M365, Intune, Autopilot, Conditional Access, and Defender.
• Experience working in regulated, audited, and high-security environments.
• Strong understanding of compliance requirements such as regulatory audits (FCA/PRA), data privacy policies, and security baselines.
• Strong PowerShell development skills (scripted packaging, policy automation, remediation).

KPIs (Aligned to Banking Standards)

• Endpoint compliance ≥ 99%
• Security patching SLAs: Critical patches: within defined risk window; Monthly updates: > 95% success rate
• Zero critical audit findings related to endpoint.
• Reduction of repeat incidents and high-severity endpoint outages.
• Fully documented and risk-assessed engineering changes.

Benefits

• Competitive salary and benefits package.
• Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications.
• Opportunity to work with cutting-edge technologies.
• Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards.
• Annual health check-ups.
• Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents.

Let’s unleash your full potential at Persistent - persistent.com/careers.