Affirm
Staff Endpoint Engineer (Client Platform Engineering)
Affirm, Richmond, Virginia, United States, 23214
Staff Endpoint Engineer (Client Platform Engineering)
Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm’s IT Engineering teams build and operate the tools, systems, and services that power the employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so that employees across our global, remote‑first workforce can be productive from day one.
Client Platform Engineering builds and maintains the hardware and software at the heart of our employee‑facing operations. We own the endpoint platform and deliver scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering cross‑functionally with Security, Engineering, Product and Support. As a member of this team you’ll influence how employees experience workplace technology and lead high‑impact projects that improve reliability, security and productivity across a global workforce.
What You’ll Do
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to ensure endpoint management can easily scale with the company.
Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements and streamlined device deployment.
Build automation and infrastructure‑as‑code pipelines using tools like Terraform, Bash/Python scripting, and Jamf/Okta/MDM APIs to create zero‑touch provisioning workflows.
Manage enterprise‑grade software and package deployment using tools like AutoPkgr for silent rollout of updates at scale.
Implement and refine endpoint change‑control processes, with communication, testing, rollback plans and compliance tracking. Create dashboards and reporting to visualize compliance, patch levels and device health.
Collaborate closely with Security, Support, Engineering and IT to enforce policies (e.g. least‑privilege), onboard security agents (AV, EDR, disk encryption) and integrate devices with Okta SSO, Oomnitza, Google Workspace and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking or software problems and act as a knowledge source for IT Support.
Mentor junior engineers—share expertise, set best practices and elevate the team’s Jamf, scripting and automation capabilities.
Explore and evaluate new endpoint‑management and automation technologies, run POCs and recommend adoption to improve platform efficiency, security and user experience.
Work directly with Developer Productivity to support the unique needs of our engineers.
What We Look For
5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools—Jamf Pro expertise required (Jamf 300+ level).
Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.).
Proven proficiency in automation/infrastructure‑as‑code tools like Terraform, Ansible or similar in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption and compliance frameworks.
Experience building and managing package/software distribution pipelines with tools like AutoPkg, Jamf or others.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations.
Excellent cross‑functional communication skills with a collaborative mindset—able to work with Security, Support and Engineering teams effectively.
A positive, growth‑oriented attitude, with strong written communication skillset for documentation, runbooks, dashboards and process guides.
Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred.
This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Compensation Pay Grade:
M Equity Grade:
7 Base pay (CA, WA, NY, NJ, CT): $180,000 – $230,000 per year. Base pay (all other U.S. states): $160,000 – $210,000 per year. Benefits include equity rewards, monthly stipends for health, wellness and tech spending, and 100% subsidized medical coverage, dental and vision for you and your dependents.
Remote Work Affirm is a remote‑first company. Our majority of roles are remote and can be performed almost anywhere in the U.S. Office‑based participation may be required for some roles as needed.
Benefits
Health care coverage – the company covers all premiums for you and your dependents.
Flexible Spending Wallets – generous stipends for technology, food, lifestyle needs and family forming expenses.
Time off – competitive vacation and holiday schedules.
ESPP – employee stock purchase plan allowing discounted share purchases.
EEO Statement We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. Affirm will consider for employment qualified applicants with arrest and conviction records under the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance.
#J-18808-Ljbffr
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm’s IT Engineering teams build and operate the tools, systems, and services that power the employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so that employees across our global, remote‑first workforce can be productive from day one.
Client Platform Engineering builds and maintains the hardware and software at the heart of our employee‑facing operations. We own the endpoint platform and deliver scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering cross‑functionally with Security, Engineering, Product and Support. As a member of this team you’ll influence how employees experience workplace technology and lead high‑impact projects that improve reliability, security and productivity across a global workforce.
What You’ll Do
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to ensure endpoint management can easily scale with the company.
Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements and streamlined device deployment.
Build automation and infrastructure‑as‑code pipelines using tools like Terraform, Bash/Python scripting, and Jamf/Okta/MDM APIs to create zero‑touch provisioning workflows.
Manage enterprise‑grade software and package deployment using tools like AutoPkgr for silent rollout of updates at scale.
Implement and refine endpoint change‑control processes, with communication, testing, rollback plans and compliance tracking. Create dashboards and reporting to visualize compliance, patch levels and device health.
Collaborate closely with Security, Support, Engineering and IT to enforce policies (e.g. least‑privilege), onboard security agents (AV, EDR, disk encryption) and integrate devices with Okta SSO, Oomnitza, Google Workspace and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking or software problems and act as a knowledge source for IT Support.
Mentor junior engineers—share expertise, set best practices and elevate the team’s Jamf, scripting and automation capabilities.
Explore and evaluate new endpoint‑management and automation technologies, run POCs and recommend adoption to improve platform efficiency, security and user experience.
Work directly with Developer Productivity to support the unique needs of our engineers.
What We Look For
5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools—Jamf Pro expertise required (Jamf 300+ level).
Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.).
Proven proficiency in automation/infrastructure‑as‑code tools like Terraform, Ansible or similar in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption and compliance frameworks.
Experience building and managing package/software distribution pipelines with tools like AutoPkg, Jamf or others.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations.
Excellent cross‑functional communication skills with a collaborative mindset—able to work with Security, Support and Engineering teams effectively.
A positive, growth‑oriented attitude, with strong written communication skillset for documentation, runbooks, dashboards and process guides.
Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred.
This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Compensation Pay Grade:
M Equity Grade:
7 Base pay (CA, WA, NY, NJ, CT): $180,000 – $230,000 per year. Base pay (all other U.S. states): $160,000 – $210,000 per year. Benefits include equity rewards, monthly stipends for health, wellness and tech spending, and 100% subsidized medical coverage, dental and vision for you and your dependents.
Remote Work Affirm is a remote‑first company. Our majority of roles are remote and can be performed almost anywhere in the U.S. Office‑based participation may be required for some roles as needed.
Benefits
Health care coverage – the company covers all premiums for you and your dependents.
Flexible Spending Wallets – generous stipends for technology, food, lifestyle needs and family forming expenses.
Time off – competitive vacation and holiday schedules.
ESPP – employee stock purchase plan allowing discounted share purchases.
EEO Statement We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. Affirm will consider for employment qualified applicants with arrest and conviction records under the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance.
#J-18808-Ljbffr