Staff Endpoint Engineer managing macOS devices for Affirm’s employee-facing IT experience. Responsibilities include scaling device management and leading automation initiatives to enhance security and productivity.
Responsibilities
Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).
Guide architectural decisions to ensure endpoint management can easily scale with the company.
Drive key technical initiatives such as permission automation, third-party patching, silent updates, stability improvements, and streamlined device deployment.
Build automation and infrastructure-as-code pipelines using tools like Terraform (or similar), Bash/Python scripting, and Jamf/Okta/MDM APIs to minimize manual work and create “zero-touch” provisioning workflows.
Manage enterprise-grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale.
Implement and refine endpoint change control processes, with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for visibility into compliance, patch levels, and device health.
Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g. least-privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support.
Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities.
Explore and evaluate new endpoint-management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.
Work directly with Developer Productivity to support the unique needs of Affirm’s engineers.
Requirements
5+ years of hands-on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools - Jamf Pro expertise required (Jamf 300+ level).
Strong scripting capabilities in Bash, with fluency in a second language like Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.).
Proven proficiency in automation / infrastructure-as-code tools like Terraform, Ansible, or similar in an IT context.
Experience with Windows Intune and Windows Endpoint Management.
Deep understanding of enterprise security practices for endpoints, including vulnerability/patch management, enforcing least privilege, encryption, and compliance frameworks.
Experience building and managing package/software distribution pipelines, with tools like AutoPkg, Jamf, or others.
Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high-severity escalations.
Excellent cross-functional communication skills with a collaborative mindset—able to work with Security, Support, and Engineering teams effectively.
A positive, growth-oriented attitude, with strong written communication: documentation, runbooks, dashboards, and process guides.
Prior experience serving as a technical mentor or functional lead in a high-growth or enterprise environment is strongly preferred.
This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Benefits
Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
Senior Software Engineer responsible for building and testing software for simulation platform at Parallel Domain. Collaborating across teams to tackle broad, ambiguous engineering problems.
Data Platform Engineer for Tucows ensuring data platform reliability and automation. Involves data engineering, cloud infrastructure, and collaborative team efforts.
Senior Platform Engineer responsible for designing and improving the AWS serverless data platform at IMS, a leading connected insurance and telematics provider.
M365 Platform & Power Platform Engineer managing the Microsoft 365 ecosystem and building Governance for Power Platform. Responsible for enterprise - level reliability and compliance.
Hiring a DevSecOps Platform Engineer for a 12 - month remote contract in Canada. Requires active Reliability Status clearance and 8+ years of software engineering experience.
Staff AI Platform & Agent Runtime Engineer at EQ Bank developing enterprise - scale AI and agent execution platforms. Leading the architecting and operationalizing AI solutions for secure deployments.
Software Engineer developing and optimizing GraphQL APIs and backend systems for Penn Interactive's Sportsbook Platform. Collaborating in an agile environment and mentoring engineers on production standards.
Manager of Engineering Operations leading technical team and standardizing architecture for telecom platform. Focused on enhancing developer experience and defining engineering standards.