Endpoint Engineer

Fitch Group is currently seeking a Endpoint Engineer based out of our London office.  

As a leading, global financial information services provider, Fitch Group delivers vital credit and risk insights, robust data, and dynamic tools to champion more efficient, transparent financial markets. With over 100 years of experience and colleagues in over 30 countries, Fitch Group’s culture of credibility, independence, and transparency is embedded throughout its structure, which includes Fitch Ratings, one of the world’s top three credit ratings agencies, and Fitch Solutions, a leading provider of insights, data and analytics. With dual headquarters in London and New York, Fitch Group is owned by Hearst. 

Fitch's Technology & Data Team is a dynamic department where innovation meets impact. Our team includes the Chief Data Office, Chief Software Office, Chief Technology Office, Emerging Technology, Shared Technology Services, Technology, Risk and the Executive Program Management Office (EPMO). Driven by our investment in cutting-edge technologies like AI and cloud solutions, we’re home to a diverse range of roles and backgrounds united by a shared passion for leveraging modern technology to drive projects that matter to our organization and clients. We are also proud to be recognized by Built In as a “Best Place to Work in Technology” 3 years in a row. Whether you're an experienced professional or just starting your career, we offer an exciting and supportive environment where you can grow, innovate, and make a difference. 

Want to learn more about a career in technology and data at Fitch?

Visit: https://careers.fitch.group/content/Technology-and-Data/

About the Team

The Endpoint Engineering team serves as a strategic function within the global infrastructure organization, leading the design, governance, and optimization of all enterprise endpoint platforms—including Windows, macOS, mobile, and virtual devices. The team delivers advanced engineering and management capabilities that ensure secure, reliable, and frictionless user experiences through modern device management, automation, observability, and Zero Trust principles.

How You’ll Make an Impact: 

• Deliver advanced incident and problem resolution with a strong focus on user experience and root‑cause elimination.
• Collaborate with engineering leadership to design, implement, and operationalize endpoint policies, configurations, and standards in support of global infrastructure initiatives.
• Package, test, and deploy enterprise applications using MECM/Intune and modern deployment frameworks, ensuring compliance with internal and regulatory requirements.
• Partner closely with the Service Desk to drive continuous improvement, streamline workflows, and reduce recurring issues through automation or policy enhancement.
• Maintain, optimize, and monitor Microsoft Endpoint Manager (Intune + MECM) to ensure strong posture management, compliance, app control, and secure configuration baselines.
• Execute recurring operational activities, including patching, vulnerability remediation, compliance reporting, and endpoint health monitoring.
• Create and maintain technical documentation, runbooks, and cross‑team knowledge resources.
• Engage in cross‑functional project work spanning endpoint modernization, cloud identity, automation, security hardening, and software lifecycle management.
• Participate in an on‑call rotation to support critical after‑hours incidents or high‑priority escalations.
• Act as an owner by proactively driving issues to resolution across business teams and external vendors.

 You May be a Good Fit if:

• 3 to 5+ years in enterprise endpoint engineering or advanced support with hands‑on experience in:
  • Windows 11, Azure AD / Entra ID
  • Microsoft Intune (Endpoint Manager), MECM, and co‑management services.
  • Active Directory, Directory Services including Group Policy, and RSAT tools
  • Intune configuration and Intune compliance.
  • LAPS, and east privilege model, elevation of service (Privilege Management)
  • Office 365, deployment, configuration, update services.
  • Networking fundamentals (DNS, DHCP, VPN, Proxy)
• Strong experience with modern Intune management, including:
  • Windows Autopilot (user‑driven, pre‑provisioning, self‑deploying)
  • Zero‑touch provisioning and cloud‑first imaging strategies
  • Intune application management (Win32, MSI, MSIX, store apps, managed apps)
  • Settings Catalog, Compliance Policies, Configuration Profiles
  • Device Filters, Dynamic Groups, and scalable targeting strategies.
  • Endpoint Analytics, and digital experience monitoring (DEX)
• Proficiency with Windows PowerShell, including:
  • Running, creating and editing PowerShell scripts
  • Managing system processes and services using PS
  • Understanding basic command syntax and parameters
  • Troubleshooting errors using PowerShell
• Proficiency in mobile device management (MDM) for:
  • iOS/iPadOS, Android Enterprise, and macOS management
  • Enrollment profiles, app protection policies, and managed device compliance
• Experience supporting Zero Trust, conditional access, and identity‑based access controls.
• Ability to collaborate effectively, communicate clearly, and produce high‑quality documentation and runbooks.
• Demonstrated ownership mindset, seeking to eliminate root causes and improve user experience.

What Would Make You Stand Out: 

• PowerShell App Deployment Toolkit (PSADT). Basic skills:
• Creating and modifying deployment scripts using PSADT
• Packaging and deploying applications with PSADT
• Customizing user prompts and installation messages
• Troubleshooting and logging application deployments
• Understanding PSADT command-line options and functions
• Managing application detection and remediation logic
• Advanced MECM collection design and query creation.
• Experience with Windows imaging modernization (e.g., Autopilot, zero‑touch provisioning, DISM when needed).
• Familiarity with software packaging technologies (EXE, MSI, MSIX, INTUNEWIN).
• Experience with third‑party patching platforms (e.g., Patch My PC).
• Proficiency with the PowerShell App Deployment Toolkit (PSADT).
• Strong PowerShell automation expertise and familiarity with Git‑based workflows.
• Experience with vulnerability management tools and endpoint telemetry/observability platforms.
• Microsoft certifications related to Endpoint, Azure, or Security.

Why Choose Fitch: 

• Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location
• A Culture of Learning & Mobility: Dedicated trainings, leadership development and mentorship programs designed to ensure that your time at Fitch will be a continuous learning opportunity
• Investing in Your Future: Retirement planning and tuition reimbursement programs that empower you to achieve your short and long-term goals
• Promoting Health & Wellbeing: Comprehensive healthcare offerings that enable physical, mental, financial, social, and occupational wellbeing
• Supportive Parenting Policies: Family-friendly policies, including a generous global parental leave plan, designed to help you balance career and family life effectively
• Inclusive Work Environment: A collaborative workplace where all voices are valued, with Employee Resource Groups that unite and empower our colleagues around the globe
• Dedication to Giving Back: Paid volunteer days, matched funding for donations and ample opportunities to volunteer in your community

Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch’s credibility and reputation, our employees must take every precaution to avoid conflicts of interest or any appearance of a conflict of interest. Should you be successful in the recruitment process at Fitch Ratings you will be asked to declare any securities holdings and other potential conflicts prior to commencing employment. If you, or your immediate family, have any holdings that may conflict with your work responsibilities, you may be asked to divest yourself of them before beginning work.

Fitch is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.

#LI-HYBRID #LI-KC1