Affirm
Staff Endpoint Engineer (Client Platform Engineering)
Affirm, Washington, District of Columbia, us, 20022
Staff Endpoint Engineer (Client Platform Engineering) –
Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The IT Engineering teams build and operate the tools, systems, and services that power Affim’s employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so that employees across our global, remote‑first workforce can be productive from day one. Client Platform Engineering builds and maintains the hardware and software at the heart of Affim’s employee‑facing operations. We’re a creative, cross‑functional team that cares deeply about our craft and the working lives of employees around the globe. The team owns the endpoint platform and delivers scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering cross‑functionally with teams such as Security, Engineering, Product, and Support. What You’ll Do
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management). Guide architectural decisions to ensure endpoint management can easily scale with the company. Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment. Build automation and infrastructure‑as‑code pipelines using tools like Terraform (or similar), Bash/Python scripting, and MDM APIs to minimize manual work and create “zero‑touch” provisioning workflows. Manage enterprise‑grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale. Implement and refine endpoint change‑control processes, with communication, testing, rollback plans, and compliance tracking; create dashboards and reporting for visibility into compliance, patch levels, and device health. Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g., least‑privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools. Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support. Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities. Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience. Work directly with Developer Productivity to support the unique needs of Affim’s engineers. What We Look For
5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools—Jamf Pro expertise required (Jamf 300+ level). Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.). Proven proficiency in automation / infrastructure‑as‑code tools like Terraform, Ansible, or similar in an IT context. Experience with Windows Intune and Windows Endpoint Management. Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption, and compliance frameworks. Experience building and managing package/software distribution pipelines, with tools like AutoPkg, Jamf, or others. Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations. Excellent cross‑functional communication skills with a collaborative mindset—able to work with Security, Support, and Engineering teams effectively. A positive, growth‑oriented attitude, with strong written communication: documentation, runbooks, dashboards, and process guides. Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred. This position requires either equivalent practical experience or a Bachelor’s degree in a related field. Pay Grade
M Equity Grade
7 Employees new to Affim typically come in at the start of the pay range. Affim focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job‑related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents). USA base pay range (CA, WA, NY, NJ, CT) per year: $180,000 - $230,000 USA base pay range (all other U.S. states) per year: $160,000 - $210,000 Please note that visa sponsorship is not available for this position. Affim is proud to be a remote‑first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Employees in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affim office. A limited number of roles remain office‑based due to the nature of their job responsibilities. Benefits
Health care coverage—Affim covers all premiums for all levels of coverage for you and your dependents. Flexible Spending Wallets—generous stipends for spending on technology, food, various lifestyle needs, and family‑forming expenses. Time off—competitive vacation and holiday schedules allowing you to take time off to rest and recharge. ESPP—An employee stock purchase plan enabling you to buy shares of Affim at a discount. We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. By clicking “Submit Application,” you acknowledge that you have read Affim’s Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.
#J-18808-Ljbffr
Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The IT Engineering teams build and operate the tools, systems, and services that power Affim’s employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so that employees across our global, remote‑first workforce can be productive from day one. Client Platform Engineering builds and maintains the hardware and software at the heart of Affim’s employee‑facing operations. We’re a creative, cross‑functional team that cares deeply about our craft and the working lives of employees around the globe. The team owns the endpoint platform and delivers scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering cross‑functionally with teams such as Security, Engineering, Product, and Support. What You’ll Do
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management). Guide architectural decisions to ensure endpoint management can easily scale with the company. Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment. Build automation and infrastructure‑as‑code pipelines using tools like Terraform (or similar), Bash/Python scripting, and MDM APIs to minimize manual work and create “zero‑touch” provisioning workflows. Manage enterprise‑grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale. Implement and refine endpoint change‑control processes, with communication, testing, rollback plans, and compliance tracking; create dashboards and reporting for visibility into compliance, patch levels, and device health. Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g., least‑privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools. Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support. Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities. Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience. Work directly with Developer Productivity to support the unique needs of Affim’s engineers. What We Look For
5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools—Jamf Pro expertise required (Jamf 300+ level). Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.). Proven proficiency in automation / infrastructure‑as‑code tools like Terraform, Ansible, or similar in an IT context. Experience with Windows Intune and Windows Endpoint Management. Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption, and compliance frameworks. Experience building and managing package/software distribution pipelines, with tools like AutoPkg, Jamf, or others. Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations. Excellent cross‑functional communication skills with a collaborative mindset—able to work with Security, Support, and Engineering teams effectively. A positive, growth‑oriented attitude, with strong written communication: documentation, runbooks, dashboards, and process guides. Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred. This position requires either equivalent practical experience or a Bachelor’s degree in a related field. Pay Grade
M Equity Grade
7 Employees new to Affim typically come in at the start of the pay range. Affim focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job‑related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents). USA base pay range (CA, WA, NY, NJ, CT) per year: $180,000 - $230,000 USA base pay range (all other U.S. states) per year: $160,000 - $210,000 Please note that visa sponsorship is not available for this position. Affim is proud to be a remote‑first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Employees in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affim office. A limited number of roles remain office‑based due to the nature of their job responsibilities. Benefits
Health care coverage—Affim covers all premiums for all levels of coverage for you and your dependents. Flexible Spending Wallets—generous stipends for spending on technology, food, various lifestyle needs, and family‑forming expenses. Time off—competitive vacation and holiday schedules allowing you to take time off to rest and recharge. ESPP—An employee stock purchase plan enabling you to buy shares of Affim at a discount. We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. By clicking “Submit Application,” you acknowledge that you have read Affim’s Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.
#J-18808-Ljbffr