Affirm
Join to apply for the
Staff Endpoint Engineer (Client Platform Engineering)
role at
Affirm .
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm’s IT Engineering teams build and operate the tools, systems, and services that power the company’s employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so that employees across our global, remote‑first workforce can be productive from day one.
Client Platform Engineering builds and maintains the hardware and software at the heart of employee‑facing operations. We own the endpoint platform and deliver scalable, secure solutions— including zero‑touch provisioning, package and patch management, and silent updates—while partnering with teams like Security, Engineering, Product, and Support. As a member of this team you’ll have direct influence over how employees experience workplace technology and the opportunity to lead high‑impact projects that improve reliability, security, and productivity.
What You’ll Do
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to ensure endpoint management can easily scale with the company.
Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment.
Build automation and infrastructure‑as‑code pipelines using Terraform (or similar), Bash/Python scripting, and Jamf/Okta/MDM APIs to minimize manual work and create “zero‑touch” provisioning workflows.
Manage enterprise‑grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale.
Implement and refine endpoint change‑control processes, with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for visibility into compliance, patch levels, and device health.
Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g., least‑privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support.
Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities.
Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.
Work directly with Developer Productivity to support the unique needs of engineers.
What We Look For
5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools – Jamf Pro expertise required (Jamf 300+ level).
Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.).
Proven proficiency in automation / infrastructure‑as‑code tools like Terraform, Ansible, or similar in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption, and compliance frameworks.
Experience building and managing package/software distribution pipelines, with tools like AutoPkg, Jamf, or others.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations.
Excellent cross‑functional communication skills with a collaborative mindset—able to work with Security, Support, and Engineering teams effectively.
A positive, growth‑oriented attitude, with strong written communication: documentation, runbooks, dashboards, and process guides.
Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred.
This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Pay & Equity Pay Grade : M Equity Grade : 7
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents).
USA base pay range (CA, WA, NY, NJ, CT) per year: $180,000 - $230,000
USA base pay range (all other U.S. states) per year: $160,000 - $210,000
Please note that visa sponsorship is not available for this position.
About Us Affirm is proud to be a remote‑first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Occasionally you may be required to work out of an assigned office.
Benefits
Health care coverage – employer covers all premiums for all levels of coverage for you and your dependents.
Flexible Spending Wallets – generous stipends for spending on technology, food, lifestyle needs, and family expenses.
Time off – competitive vacation and holiday schedules allowing you to rest.
ESPP – employee stock purchase plan enabling you to buy shares at a discount.
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
#J-18808-Ljbffr
Staff Endpoint Engineer (Client Platform Engineering)
role at
Affirm .
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm’s IT Engineering teams build and operate the tools, systems, and services that power the company’s employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so that employees across our global, remote‑first workforce can be productive from day one.
Client Platform Engineering builds and maintains the hardware and software at the heart of employee‑facing operations. We own the endpoint platform and deliver scalable, secure solutions— including zero‑touch provisioning, package and patch management, and silent updates—while partnering with teams like Security, Engineering, Product, and Support. As a member of this team you’ll have direct influence over how employees experience workplace technology and the opportunity to lead high‑impact projects that improve reliability, security, and productivity.
What You’ll Do
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to ensure endpoint management can easily scale with the company.
Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment.
Build automation and infrastructure‑as‑code pipelines using Terraform (or similar), Bash/Python scripting, and Jamf/Okta/MDM APIs to minimize manual work and create “zero‑touch” provisioning workflows.
Manage enterprise‑grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale.
Implement and refine endpoint change‑control processes, with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for visibility into compliance, patch levels, and device health.
Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g., least‑privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support.
Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities.
Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.
Work directly with Developer Productivity to support the unique needs of engineers.
What We Look For
5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools – Jamf Pro expertise required (Jamf 300+ level).
Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.).
Proven proficiency in automation / infrastructure‑as‑code tools like Terraform, Ansible, or similar in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption, and compliance frameworks.
Experience building and managing package/software distribution pipelines, with tools like AutoPkg, Jamf, or others.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations.
Excellent cross‑functional communication skills with a collaborative mindset—able to work with Security, Support, and Engineering teams effectively.
A positive, growth‑oriented attitude, with strong written communication: documentation, runbooks, dashboards, and process guides.
Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred.
This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Pay & Equity Pay Grade : M Equity Grade : 7
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents).
USA base pay range (CA, WA, NY, NJ, CT) per year: $180,000 - $230,000
USA base pay range (all other U.S. states) per year: $160,000 - $210,000
Please note that visa sponsorship is not available for this position.
About Us Affirm is proud to be a remote‑first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Occasionally you may be required to work out of an assigned office.
Benefits
Health care coverage – employer covers all premiums for all levels of coverage for you and your dependents.
Flexible Spending Wallets – generous stipends for spending on technology, food, lifestyle needs, and family expenses.
Time off – competitive vacation and holiday schedules allowing you to rest.
ESPP – employee stock purchase plan enabling you to buy shares at a discount.
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
#J-18808-Ljbffr