Lead Endpoint Engineer - Selby Jennings

About the Role

An Elite global trading firm is seeking an experienced Endpoint Engineering Team Lead to guide a globally distributed team responsible for designing, deploying, and managing Windows and Mac endpoints in a high‑velocity trading environment. The role owns endpoint strategy and standards, ensures reliable configuration and patch management at scale, and partners closely with Security, Infrastructure, and Trading Operations to keep users productive and secure 24x7.

• Manage and mentor a global team of endpoint engineers (including APAC‑based engineers), setting priorities, defining KPIs/SLAs, and driving continuous improvement.
• Own team ceremonies, backlog, and work intake; establish clear operational runbooks and escalation paths.

• Set standards for Windows and macOS endpoint configurations, baselines, hardening, and compliance.
• Oversee global patching, software distribution, and configuration management at scale (1,000+ endpoints).
• Manage the M365 client stack (Office apps, One Drive, Teams) and general Active Directory tasks (GPOs, OU structure, device joins).

• Lead the use of Microsoft Configuration Manager (SCCM/Config Mgr) and Microsoft Intune for Windows endpoints.
• Oversee Jamf Pro (or similar) for macOS enrollment, policies, and package deployment.
• Drive Power Shell scripting standards for automation, reporting, health checks, and remediation at scale.

• Partner with Security to enforce policies (Bit Locker/File Vault, Defender, conditional access) and align with regulatory requirements.
• Maintain inventory accuracy, software license governance, and endpoint telemetry/observability.
• Own incident response and problem management for endpoint‑related events impacting traders and critical staff.

• Collaborate with Service Desk, Infra, and Trading Ops to meet desk‑side SLAs and minimize trading disruption.
• Manage vendor relationships and evaluate new tools/solutions to improve endpoint performance and experience.

• 3-5 years of experience leading an endpoint engineering or EUC team; stronger if the team was globally distributed.
• Proven experience managing both Windows and Mac endpoints in an enterprise environment.
• Hands‑on expertise with Configuration Manager (SCCM/Config Mgr) and Intune for Windows endpoint management.
• Power Shell proficiency for automation, configuration, and reporting.
• Practical experience with macOS management tools such as Jamf Pro (or equivalent).
• Experience managing at least 1,000 endpoints concurrently.
• Familiarity with the M365 client ecosystem (Office, Teams, One Drive) and general AD administration (GPOs, device life cycle).
• Strong communication skills; able to translate technical topics for business stakeholders and drive decisions quickly.
• Open to working outside core US business hours when needed to support/lead APAC‑based engineers and global change windows.

• Experience in trading/financial services or other low‑latency, high‑availability environments.
• Exposure to Conditional Access, Defender for Endpoint, Entra  (Azure AD), Autopilot, and modern provisioning.
• Experience with macOS security baselines, File Vault at scale, notarization/signing, and Apple Business Manager.
• Familiarity with ITIL practices (incident, change, problem) and SRE/observability principles for endpoints.
• Comfortable with data‑driven decision‑making using endpoint telemetry (SCCM/Intune reports, Jamf dashboards, custom scripts).

This is an onsite role in the firm’s Chicago office.