EUC Engineer (endpoint management and Intune)
Location: London, with hybrid working in line with departmental requirements (currently a minimum of 40%, or 2 days per week).
Lane Clark & Peacock (LCP) is an award winning partnership operating across pensions and benefits, investments, insurance, energy, health, sports and data analytics. We combine industry experience with technology led innovation to deliver high quality advice, services and digital solutions to our clients.
As endpoint security, software governance and modern workplace technologies continue to evolve, LCP is strengthening its End User Computing (EUC) engineering capability. This role will help drive improvements in endpoint governance, modern device management, application lifecycle management, automation and secure endpoint standards across the firm.
The EUC Engineer (endpoint management and Intune) is responsible for the engineering, configuration, automation, and continuous improvement of LCP's endpoint and modern device management ecosystem. This role will focus primarily on endpoint engineering and Microsoft Intune, with particular emphasis on vulnerability mitigation, device compliance, automation and the delivery of a scalable, resilient end user computing experience across approximately 1,400 colleagues.
What will you be doing? Technical Expertise & Support
- Reduce recurring operational issues through engineering improvements and automation
- Provide technical guidance and enablement to other support staff and technical teams
- Act as a third line escalation point for Microsoft Intune and endpoint management issues
- Diagnose and resolve complex technical incidents escalated by first- and second line teams
- Ensure stable performance and configuration of Windows, macOS, iOS and Android devices managed via Intune
Platform Management & Automation
- Configure and maintain Intune policies, configuration profiles, compliance rules and security baselines
- Develop and maintain automation and scripting capabilities to reduce manual effort and improve endpoint consistency and resilience
- Build, improve and support Windows Autopilot provisioning processes
- Manage application packaging, deployment and lifecycle management within Intune
- Monitor platform health, reporting outputs, configuration drift and usage trends
Collaboration & Continuous Improvement
- Work closely with Infrastructure, Security and Service Delivery teams to enhance endpoint security and user experience
- Support and enable frontline support services through documentation, technical guidance, automation and engineering improvements
- Contribute to the organisation's endpoint roadmap and modern workplace strategy
- Identify opportunities to automate, streamline and improve device management processes
- Produce and maintain documentation, runbooks and technical knowledge articles
Governance, Compliance and Security
- Own and improve governance for endpoint applications, including packaging standards, approved application catalogues, automated patching and lifecycle management through platforms such as Patch My PC
- Maintain secure endpoint baselines in partnership with the Infrastructure team to support compliance, vulnerability reduction and secure by default endpoint standards
- Support the firm's software governance approach through controlled application deployment, patch automation and the reduction of unmanaged endpoint software
- Ensure device management practices align with organisational security standards and regulatory requirements
- Support the change control process and attend CAB meetings where required
- Maintain accurate configuration and asset data across relevant systems
What skills and experience are we looking for?
- Experience managing packaging and automated software patching solutions (e.g. Patch My PC)
- Working knowledge equivalent to Microsoft Endpoint Administrator (MD 102) certification level
- Significant experience administering Microsoft Intune in a medium or large organisation
- Strong understanding of modern device management (MDM/MAM) approaches
- Excellent knowledge of Windows 11, Entra, Conditional Access and Autopilot
- Understanding of endpoint vulnerability management and secure endpoint principles
- Advanced troubleshooting skills across Windows and mobile operating systems
- Experience using PowerShell for automation, configuration and reporting
- A clear and confident communicator, able to explain technical concepts effectively
- Strong documentation and process writing capabilities
- Ability to balance operational stability, user experience and security requirements
Desirable
- Experience reducing reliance on local administrator access through modern endpoint management methods
- Familiarity with Zero Trust and secure by default endpoint strategies
- Experience managing macOS devices via Intune or alternative platforms (e.g. Jamf)
- Understanding of security baselines, endpoint protection and the M365 security stack
- Experience working in an ITIL aligned environment
- Knowledge of Microsoft Defender for Endpoint and related technologies
What's in it for you?
We offer an attractive benefits package designed to promote your overall wellbeing so that you are able to perform to your full potential both in and out of work.
For you:
- Hybrid working (see details above)
- Professional study support (where applicable)
- Access to our internal Wellbeing, LGBTQ+, Multicultural and Women's networks
For your family:
- Life assurance
- Income protection
- Enhanced maternity/paternity/adoption and shared parental leave
For your health:
- 26 days annual leave (pro rata for part time working) plus bank holidays (most can be taken flexibly) with options to buy & sell holiday
- Private medical insurance
- Discounted gym memberships, critical illness and dental insurance through our flexible benefits
- Eye care vouchers
- Cycle to work scheme
- Digital GP services
For your wealth:
- Competitive pension scheme
- Discretionary bonus scheme
- High street discounts
- Season ticket loans
For others:
- Volunteering opportunities
For the environment:
- Electric vehicle salary sacrifice scheme (qualifying period applies)
We continuously strive to build an inclusive workplace where all forms of diversity are valued, including age, background, disability, gender, gender identity, gender expression, race, religion or sexual orientation.
LCP is committed to making our opportunities accessible to all and would welcome you getting in touch to let us know if an adjustment can be made to help with your application. This may be extra time for assessments, pre interview site visits, interview structure or questions, or asking us about building accessibility. Please get in touch via our dedicated email address - email protected - to discuss how we can support you with your application.