Core Responsibilities:

• Lead endpoint automation for provisioning, compliance, remediation, and standard configuration across the Windows fleet.
• Engineer and modernize deployment workflows using Microsoft Intune, SCCM/MECM, and Windows Autopilot, with a focus on repeatability, safety, and scale.
• Build reusable PowerShell-based frameworks (and supporting tooling) for device configuration, drift detection, self-healing remediation, and operational consistency.
• Define and evolve Windows endpoint standards including OS baseline configuration, security baselines, and lifecycle practices aligned with enterprise requirements.
• Partner with QA and release governance to improve validation practices for patches, feature updates, policy changes, security configuration, and application rollouts.
• Implement and expand CI/CD practices for endpoint engineering content (scripts, configuration, packaging, policy-as-code where applicable), using Git-based workflows, reviews, and promotion patterns.
• Integrate with identity and security platforms (e.g., Microsoft Entra ID) to support secure provisioning, access, and device compliance patterns.
• Reduce operational toil and improve reliability by automating routine work, codifying repeatable runbooks, and improving observability and troubleshooting signals.
• Collaborate across Workplace Engineering (Windows, VDI, macOS/mobility, Digital Workplace) to standardize engineering patterns and share automation approaches.
  
  
  

Technical Requirements:

• Strong experience with Windows endpoint engineering in an enterprise environment (OS configuration, policy management, troubleshooting, and lifecycle management).
• Hands-on experience with Microsoft Intune and SCCM/MECM for application delivery, device management, and endpoint configuration.
• Experience with Windows Autopilot and modern provisioning patterns.
• Proficiency in PowerShell for automation, packaging, and remediation workflows.
• Working knowledge of CI/CD concepts and Git-based workflows (code reviews, branching strategies, reusable templates/modules).
• Familiarity with Microsoft Entra ID and endpoint identity/compliance patterns.
• Experience with Desired State concepts (e.g., Desired State Configuration or similar) is a plus.
• Understanding of enterprise endpoint security concepts (security baselines, hardening, least privilege, patching/updates).
• Familiarity with monitoring/telemetry and operational observability concepts is a plus.
  
  
  

What it takes:

• Undergraduate degree in a related field or equivalent experience.
• 3–5+ years of relevant experience in Windows endpoint engineering, automation, or platform engineering roles.
• Strong analytical, problem-solving, and troubleshooting skills.
• Strong written and verbal communication skills, with the ability to document standards and enable others.
• Ability to work across teams, influence standards, and drive automation-first engineering practices.
• Strong planning, organization, and delivery discipline.
  
  
  

Qualifications:

• Minimum of eight years related work experience.
• Undergraduate degree in a related field or the equivalent combination of training and experience.
  
  
  

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.