1. Home
  2. Endpoint Management Engineer

Offers “Richemont”

21 days ago
Richemont

Endpoint Management Engineer

  • PORTUGAL
Apply Now

Job description

Richemont, one of the world leaders in the luxury sector, has various Houses specializing in jewelry, watches and high-end accessories. Each Maison proudly embodies a tradition of style, quality and craftsmanship and Richemont strives to preserve the heritage and identity specific to each of them. At the same time, we are committed to innovating and designing new products in line with the values ​​of our Houses, through a process of permanent creativity.

About the Role 

 

The Endpoint Management Engineer designs, builds, and operates a modern endpoint management platform across Windows, Apple, and Android devices in a large-scale, global enterprise environment. This role focuses on engineering (not day-to-day helpdesk support) and delivers secure, automated, compliant, and cost-efficient endpoint services aligned with Zero Trust principles and enterprise standards. 

 

Key Responsibilities 

 

Endpoint Engineering, Apple & Windows, Virtual Apps/Desktops, Cloud & Automation 

·       Engineer and operate end-to-end lifecycle management (enrollment, provisioning, configuration, patching, compliance, and decommissioning) across Windows, macOS, iOS/iPadOS, and Android. 

·       Build and maintain standardized configurations, baselines, and policies using Microsoft Intune and Omnissa Workspace ONE, with strong versioning, documentation, and controlled release processes. 

·       Drive reliability and performance improvements through observability, automation, and continuous optimization. 

·       Apple engineering: Operate ABM capabilities and device enrollment programs, develop Apple automation/tooling using Bash and/or Swift 

·       Windows engineering: Implement Modern Management with Intune (policies, configuration profiles, security baselines, updates) and Windows Autopilot for provisioning/redeployment, engineer and execute the transition from GPO to Intune Configuration profiles, develop automation and configuration using Powershell and VBS. 

·       Engineer and support enterprise virtual app/desktop delivery with Citrix DaaS, leveraging AWS Workspaces Core for cost-efficient, non-persistent Windows Server 2025 workloads where applicable. 

·       Build automation and infrastructure workflows using Git-based CI/CD pipelines, apply Infrastructure-as-Code and image automation with Hashicorp Terraform and Hashicorp Packer. 

·       Integrate cloud platforms and enterprise APIs to automate provisioning, policy enforcement, reporting, and operational tasks, create and maintain reusable automation routines to reduce manual operations and improve service quality. 

·       Create and maintain automation and configuration using supporting languages/tools including HCL, JSON, YAML, VBS, and Python. 

 

Security, Compliance & Endpoint Protection 

·       Operate and continuously enhance endpoint detection and response with Palo Alto Networks Cortex XDR, Microsoft Defender, and Lookout. 

·       Partner with security teams to implement controls, hardening standards, and incident response playbooks relevant to endpoints while maintaining excellent performance. 

 

Zero Trust Access & Networking 

·       Support and integrate Zscaler ZIA/ZPA for secure internet access and private application access patterns, aligned with endpoint protection posture. 

·       Support and integrate Google Chrome Enterprise Premium with Citrix Secure Private Access and company managed profiles. 

 

Delivery & Operating Model 

·       Deliver work through Agile practices (Scrum) using Jira, contribute to backlog refinement, sprint planning, Quarter Alignment Days, and continuous improvement. 

·       Operate services aligned with ITIL v4 practices (incident/problem/change, service requests, knowledge management), with an engineering-first approach. 

 

Requirements

·       Proven experience engineering and operating endpoint management at enterprise scale (multi-region, five-digit endpoints). 

·       Strong hands-on expertise with: 

o   Microsoft Intune (Windows and Apple management), Autopilot, Entra ID 

o   Experience with Apple identity programs and large-scale Managed Apple ID migration planning/execution. 

o   Omnissa Workspace ONE (Apple and Android management) 

o   Windows 11 and Windows enterprise configuration (Modern Management and GPO coexistence) 

o   macOS / iOS / iPadOS enterprise management and ABM 

·       Scripting/automation proficiency: 

o   PowerShell (advanced), plus Bash 

o   Familiarity with Python, JSON/YAML, and configuration tooling 

·       Experience with endpoint security tooling such as Palo Alto Networks Cortex XDR. 

·       Experience with Tanium modules and large-scale remediation/visibility workflows. 

·       Working knowledge of Citrix DaaS. 

·       Practical experience with Git CI/CD, Terraform, Packer, APIs, and automation-first engineering. 

.      Exceptional English communication skills (written and verbal). 

 

Preferred Qualifications 

·       Experience integrating Zscaler with endpoint posture and identity. 

·       Experience integrating Google Chrome Enterprise Premium with Citrix Secure Private Access. 

·       Okta integration experience (IdP patterns, device/user access alignment). 

·       Cloud experience with AWS and/or Alibaba Cloud supporting endpoint/VDI services. 

·       Familiarity with FinOps principles for optimizing platform consumption and operational cost.

 

#Richemont #WeCraftTheFuture

Make every future a success.
  • Job directory
  • Business directory
    •