Modern Endpoint​/EUC Architect

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.

To support significant M&A and Integration projects across a range of domain sectors, this ongoing contract opportunity will lead the design and delivery of modern endpoint and workplace solutions across Microsoft Intune, Windows Autopilot, Windows Autopatch and Microsoft Entra .

• Assess current environments and define target‑state architectures, migration approaches and implementation roadmaps.
• Produce high‑quality design documentation including assessments, high‑level designs, low‑level designs and implementation plans.
• Provide technical leadership across discovery, design, implementation, testing and transition to support.
• Design secure, scalable and supportable solutions aligned to Zero Trust principles and organisational compliance requirements.
• Work closely with clients and internal teams to shape requirements, run workshops and guide technical decision‑making.
• Support endpoint security design across compliance, device configuration, identity integration and protection capabilities.
• Contribute to pre‑sales activity including solution shaping, technical input to proposals, statements of work and delivery estimates.
• Act as a trusted advisor to clients and a senior technical authority within endpoint transformation engagements.
• Support practice development through reusable standards, architecture patterns and continuous improvement.

• Proven ability to lead the architecture, design and hands‑on delivery of complex endpoint or modern workplace solutions for mid‑market and enterprise customers.
• Strong experience acting as the senior technical lead across discovery, design, implementation, migration and operational handover activities.
• Demonstrable experience in technical consulting, engineering or architecture roles, with significant focus on endpoint management, security and modern workplace transformation.
• Experience producing and owning assessments, strategies, roadmaps, high‑level designs, low‑level designs, implementation plans, standards and operational architecture artefacts.
• Ability to build trusted client relationships, provide technical leadership to engineers and influence stakeholders at both technical and leadership levels.
• Relevant Microsoft certifications such as MD‑102, MS‑102, SC‑300, AZ‑104 or expert‑level architecture or security certifications are desirable.
• Experience working in security‑conscious or regulated environments; SC and/or NPPV3 clearance would be beneficial but is not essential.

• Deep hands‑on expertise in modern endpoint architecture using Microsoft Intune across Windows 10/11, iOS/iPadOS and Android, with sound awareness of macOS management principles.
• Designing and implementing Windows Autopilot and modern provisioning strategies, including enrolment models, ESP optimisation, deployment profiles, identity integration and lifecycle considerations.
• Architecting Windows servicing and device lifecycle strategies using Windows Update for Business, feature updates, driver and firmware controls, and Windows Autopatch.
• Strong experience with application packaging, testing and deployment, including Win
  32 applications, Microsoft 365 Apps, the modern Microsoft Store and automation‑led deployment approaches.
• Strong understanding of Microsoft Entra , Conditional Access, MFA, device compliance and identity‑driven access controls, with the ability to align endpoint architecture to Zero Trust principles.
• Hands‑on experience designing and implementing endpoint security controls using security baselines, Settings Catalog, Bit Locker, Windows Hello for Business, Cloud LAPS, Microsoft Defender for Endpoint, WDAC and App Locker.
• Strong capability in MDM/MAM design with Intune, including app protection,…