Desktop Engineering Lead - Endpoint Security

Responsibilities

• Endpoint Engineering & Platform Ownership:
• Serve as the technical lead for endpoint engineering, operations, and security across ~14k devices, ensuring standardized design, implementation, and enforcement.
• Own the endpoint management stack, including Intune, MECM (SCCM), Microsoft Defender, Entra ID, and related tooling.
• Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards in alignment with security and regulatory requirements.
• Security, Risk & Compliance:
• Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access enforcement.
• Own application control capabilities, including Windows Defender Application Control (WDAC), to enforce secure execution policies and reduce endpoint risk.
• Provide decision authority for high‑risk endpoint changes (patching, policy updates, security remediations), minimizing the risk of misconfiguration or large‑scale impact.
• Ensure timely remediation of vulnerabilities and adherence to firm‑defined SLAs, reducing exposure windows and maintaining audit readiness.
• Enforce secure baseline configurations and compliance controls across all managed endpoints.
• Operations & Vulnerability Management:
• Partner with Security and Vulnerability Management teams to prioritize, plan, and execute endpoint remediation activities.
• Ensure endpoint controls and processes are measurable, defensible, and auditable.
• Act as the escalation point for complex or high‑impact endpoint incidents, driving root cause analysis and long‑term corrective actions.
• Automation & Continuous Improvement:
• Drive operational efficiency through automation, standardization, and reduction of manual processes.
• Improve consistency, reliability, and scale of endpoint operations through policy‑driven management and modern endpoint practices.
• Identify opportunities to modernize endpoint engineering practices and tooling while maintaining regulatory compliance.
• Leadership & Collaboration:
• Provide technical mentorship and leadership within the desktop/endpoint engineering team.
• Collaborate with L1/L2 support, infrastructure, identity, security, and audit partners to ensure clear ownership and smooth execution.
• Translate technical risk and trade‑offs into clear, actionable recommendations for leadership.

Requirements

• Required:
• BS or MS degree (or equivalent experience) and 8+ years of experience in endpoint engineering, EUC, or desktop platform management within a large enterprise environment.
• Deep hands‑on expertise with Intune, MECM (SCCM), Microsoft Defender, Entra ID, and Windows endpoint security controls.
• Strong experience operating in regulated environments (financial services, healthcare, highly regulated enterprise).
• Proven ownership of endpoint patching, vulnerability remediation, OS lifecycle, and compliance controls at scale.
• Demonstrated experience serving as a technical decision authority for high‑risk or high‑impact changes.
• Strong understanding of Zero Trust principles, device posture, and conditional access.
• Excellent troubleshooting and root cause analysis skills for complex endpoint

Benefits

Additional Information

At T. Rowe Price, we identify and actively invest in opportunities to help people thrive in an evolving world. As a premier global asset management organization with more than 85 years of experience, we provide investment solutions and a broad range of equity, fixed income, and multi-asset capabilities to individuals, advisors, institutions, and retirement plan sponsors. We take an active, independent approach to investing, offering our dynamic perspective and meaningful partnership so our clients can feel more confident. We believe doing the right thing for our clients and our associates is good business . With a career at the firm, y ou can expect opportunities to create real impact at work and in your community. Y ou'll enjoy resources to support your career path, a s well as compensation , benefits , and flexibility to enrich your life. Here, you'll find a collaborative culture that respect s and valu e s differences and colleagues who share a spirit of generosity . Join us for the opportunity to g row and make a difference in ways that matter to you . Role Summary We are seeking a Lead Desktop Engineer to own the technical direction, operational health, and security posture of our endpoint environment across approximately 14,000 managed devices. This role serves as the senior technical authority for endpoint engineering, operations, and security-ensuring consistent design, execution, and control ownership in a regulated enterprise environment. The Desktop Engineering Lead will be accountable for endpoint compliance, vulnerability remediation, configuration standards, and high‑risk technical decision‑making. This role partners closely with Security, Infrastructure, Risk, and Audit teams to reduce operational risk, maintain audit readiness, and deliver a stable, secure end‑user computing platform.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at troweprice? Share your experience