Affirm
Staff Endpoint Engineer (Client Platform Engineering)
Affirm, Charlotte, North Carolina, United States, 28245
Join to apply for the
Staff Endpoint Engineer (Client Platform Engineering)
role at
Affirm .
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without hidden fees or compounding interest. Our IT Engineering teams build and operate the tools, systems, and services that power the employee‑facing IT experience, enabling a productive, secure, and simple environment for a global, remote‑first workforce.
Client Platform Engineering builds and maintains the hardware and software at the core of employee‑facing operations. We own the endpoint platform and deliver scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering cross‑functionally with Security, Engineering, Product, and Support. As a member of this team you’ll shape how employees experience workplace technology and lead high‑impact projects that improve reliability, security, and productivity across a global workforce.
Responsibilities
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to support scalable endpoint management.
Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment.
Build automation and infrastructure‑as‑code pipelines using Terraform, Bash/Python scripting, and MDM APIs to create zero‑touch provisioning workflows.
Manage enterprise‑grade software and package deployment, using tools like AutoPkgr for silent rollout at scale.
Implement and refine endpoint change control processes with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for device health.
Collaborate closely with Security, Support, Engineering, and IT to enforce policies, onboard security agents, and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot macOS, hardware, networking, or software problems and act as a knowledge source for IT support.
Mentor junior engineers, share expertise, set best practices, and elevate the team’s Jamf, scripting, and automation capabilities.
Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.
Work directly with Developer Productivity to support the unique needs of engineers.
Qualifications
5+ years managing macOS and other endpoints at scale with enterprise MDM tools—Jamf Pro expertise (300+ level) required.
Strong scripting in Bash with fluency in a second language such as Python; programmatic integration with RESTful APIs (Jamf API, Okta API).
Proficiency with Terraform, Ansible, or similar infrastructure‑as‑code tools in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices: vulnerability/patch management, least privilege, encryption, and compliance frameworks.
Experience building and managing package/software distribution pipelines using tools like AutoPkg or Jamf.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; represent the IT team in high‑severity escalations.
Excellent cross‑functional communication and collaboration with Security, Support, and Engineering teams.
Positive, growth‑oriented attitude with strong written communication: documentation, runbooks, dashboards, and process guides.
Prior experience as a technical mentor or functional lead in a high‑growth or enterprise environment.
Bachelor’s degree in a related field or equivalent practical experience.
Pay & Equity Pay Grade: M | Equity Grade: 7.
Base pay range (CA, WA, NY, NJ, CT): $180,000 - $230,000 per year.
Base pay range (other U.S. states): $160,000 - $210,000 per year.
Visa sponsorship is not available for this position.
Affirm is proud to be a remote‑first company. The majority of roles are remote; occasional office time may be required.
Benefits
Health care coverage – premium costs covered for employees and dependents.
Flexible Spending Wallets – stipend for technology, food, lifestyle, and family expenses.
Competitive vacation and holiday schedules.
Employee Stock Purchase Plan (ESPP).
Affirm is committed to an inclusive interview experience for all candidates, including accommodations for people with disabilities. We welcome qualified applicants from all backgrounds.
#J-18808-Ljbffr
Staff Endpoint Engineer (Client Platform Engineering)
role at
Affirm .
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without hidden fees or compounding interest. Our IT Engineering teams build and operate the tools, systems, and services that power the employee‑facing IT experience, enabling a productive, secure, and simple environment for a global, remote‑first workforce.
Client Platform Engineering builds and maintains the hardware and software at the core of employee‑facing operations. We own the endpoint platform and deliver scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering cross‑functionally with Security, Engineering, Product, and Support. As a member of this team you’ll shape how employees experience workplace technology and lead high‑impact projects that improve reliability, security, and productivity across a global workforce.
Responsibilities
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to support scalable endpoint management.
Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment.
Build automation and infrastructure‑as‑code pipelines using Terraform, Bash/Python scripting, and MDM APIs to create zero‑touch provisioning workflows.
Manage enterprise‑grade software and package deployment, using tools like AutoPkgr for silent rollout at scale.
Implement and refine endpoint change control processes with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for device health.
Collaborate closely with Security, Support, Engineering, and IT to enforce policies, onboard security agents, and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot macOS, hardware, networking, or software problems and act as a knowledge source for IT support.
Mentor junior engineers, share expertise, set best practices, and elevate the team’s Jamf, scripting, and automation capabilities.
Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.
Work directly with Developer Productivity to support the unique needs of engineers.
Qualifications
5+ years managing macOS and other endpoints at scale with enterprise MDM tools—Jamf Pro expertise (300+ level) required.
Strong scripting in Bash with fluency in a second language such as Python; programmatic integration with RESTful APIs (Jamf API, Okta API).
Proficiency with Terraform, Ansible, or similar infrastructure‑as‑code tools in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices: vulnerability/patch management, least privilege, encryption, and compliance frameworks.
Experience building and managing package/software distribution pipelines using tools like AutoPkg or Jamf.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; represent the IT team in high‑severity escalations.
Excellent cross‑functional communication and collaboration with Security, Support, and Engineering teams.
Positive, growth‑oriented attitude with strong written communication: documentation, runbooks, dashboards, and process guides.
Prior experience as a technical mentor or functional lead in a high‑growth or enterprise environment.
Bachelor’s degree in a related field or equivalent practical experience.
Pay & Equity Pay Grade: M | Equity Grade: 7.
Base pay range (CA, WA, NY, NJ, CT): $180,000 - $230,000 per year.
Base pay range (other U.S. states): $160,000 - $210,000 per year.
Visa sponsorship is not available for this position.
Affirm is proud to be a remote‑first company. The majority of roles are remote; occasional office time may be required.
Benefits
Health care coverage – premium costs covered for employees and dependents.
Flexible Spending Wallets – stipend for technology, food, lifestyle, and family expenses.
Competitive vacation and holiday schedules.
Employee Stock Purchase Plan (ESPP).
Affirm is committed to an inclusive interview experience for all candidates, including accommodations for people with disabilities. We welcome qualified applicants from all backgrounds.
#J-18808-Ljbffr