Desktop Engineering Lead - Endpoint Security

Location: Maryland, US

Apply

Requisition Number: 80979

Position Title:

External Description:

Role Summary

We are seeking a Lead Desktop Engineer to own the technical direction, operational health, and security posture of our endpoint environment across approximately 14,000 managed devices. This role serves as the senior technical authority for endpoint engineering, operations, and security—ensuring consistent design, execution, and control ownership in a regulated enterprise environment.

The Desktop Engineering Lead will be accountable for endpoint compliance, vulnerability remediation, configuration standards, and high‑risk technical decision‑making. This role partners closely with Security, Infrastructure, Risk, and Audit teams to reduce operational risk, maintain audit readiness, and deliver a stable, secure end‑user computing platform.

Responsibilities

Endpoint Engineering & Platform Ownership:

  • Serve as the technical lead for endpoint engineering, operations, and security across ~14k devices, ensuring standardized design, implementation, and enforcement.
  • Own the endpoint management stack, including Intune, MECM (SCCM), Microsoft Defender, Entra ID, and related tooling.
  • Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards in alignment with security and regulatory requirements.

Security, Risk & Compliance:

  • Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access enforcement.
  • Own application control capabilities, including Windows Defender Application Control (WDAC), to enforce secure execution policies and reduce endpoint risk.
  • Provide decision authority for high‑risk endpoint changes (patching, policy updates, security remediations), minimizing the risk of misconfiguration or large‑scale impact.
  • Ensure timely remediation of vulnerabilities and adherence to firm‑defined SLAs, reducing exposure windows and maintaining audit readiness.
  • Enforce secure baseline configurations and compliance controls across all managed endpoints.

Operations & Vulnerability Management:

  • Partner with Security and Vulnerability Management teams to prioritize, plan, and execute endpoint remediation activities.
  • Ensure endpoint controls and processes are measurable, defensible, and auditable.
  • Act as the escalation point for complex or high‑impact endpoint incidents, driving root cause analysis and long‑term corrective actions.

Automation & Continuous Improvement:

  • Drive operational efficiency through automation, standardization, and reduction of manual processes.
  • Improve consistency, reliability, and scale of endpoint operations through policy‑driven management and modern endpoint practices.
  • Identify opportunities to modernize endpoint engineering practices and tooling while maintaining regulatory compliance.

Leadership & Collaboration:

  • Provide technical mentorship and leadership within the desktop/endpoint engineering team.
  • Collaborate with L1/L2 support, infrastructure, identity, security, and audit partners to ensure clear ownership and smooth execution.
  • Translate technical risk and trade‑offs into clear, actionable recommendations for leadership.

Qualifications

Required:

  • BS or MS degree (or equivalent experience) and 8+ years of experience in endpoint engineering, EUC, or desktop platform management within a large enterprise environment.
  • Deep hands‑on expertise with Intune, MECM (SCCM), Microsoft Defender, Entra ID, and Windows endpoint security controls.
  • Strong experience operating in regulated environments (financial services, healthcare, highly regulated enterprise).
  • Proven ownership of endpoint patching, vulnerability remediation, OS lifecycle, and compliance controls at scale.
  • Demonstrated experience serving as a technical decision authority for high‑risk or high‑impact changes.
  • Strong understanding of Zero Trust principles, device posture, and conditional access.
  • Excellent troubleshooting and root cause analysis skills for complex endpoint issues.

Preferred:

  • Experience supporting environments with 10k+ endpoints.
  • Familiarity with audit, risk, and compliance frameworks impacting endpoint controls.
  • Experience driving automation and standardization initiatives (PowerShell, policy‑as‑code, reporting, etc.).
  • Hands-on experience with Intune, MECM (SCCM), Microsoft Defender, Entra ID, and Windows endpoint management.
  • Strong communication skills with the ability to engage security, audit, and senior leadership audiences.

What This Role Is

  • A true accountability owner for endpoint health, compliance, and security.
  • A senior technical authority trusted to make risk‑based decisions.
  • A bridge between engineering, operations, and security.

What This Role Is Not

  • A ticket‑driven desktop support role.
  • A purely strategic role without hands‑on ownership.
  • A delegated or advisory‑only position without decision authority.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.

City:

State:

Community / Marketing Title: Desktop Engineering Lead - Endpoint Security

Company Profile:

Location_formattedLocationLong: Maryland, US

CountryEEOText_Description: Commitment to Diversity, Equity, and Inclusion: We strive for equity, equality, and opportunity for all associates. When we embrace the power of diversity and create an environment where people can bring their authentic and best selves to work, our firm is stronger, and we create greater value for our clients. Our commitment and inclusive programming aim to lift the experience for each associate and builds allies for our global associate community. We know that a sense of belonging is key not only to your success at the firm, but also to your ability to bring your best each day. Benefits: We invest in our people through a wide range of programs and benefits, including: • Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions • Flexible and remote work opportunities • Health care benefits (medical, dental, vision) • Tuition assistance • Wellness programs (fitness reimbursement, Employee Assistance Program) Our policies may change as our working lives evolve. Yet, our commitment to supporting our associates’ well-being and addressing the needs of our clients, business, and communities is unwavering. T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.

We’re driven by our purpose: To identify and actively invest in opportunities to help people thrive in an evolving world.

Find us on:     Facebook     X     YouTube     LinkedIn     Instagram

Do Not Sell or Share My Personal Information

Transparency in Coverage Disclosure

This website does not provide investment advice or recommendations. Nothing in this website shall be considered a solicitation to buy or an offer to sell a security, or any other product or service, to any person in any jurisdiction where such offer, solicitation, purchase, or sale would be unlawful under the laws of such jurisdiction.

T. ROWE PRICE, INVEST WITH CONFIDENCE, and the Bighorn Sheep design are, collectively and/or apart, trademarks of T. Rowe Price Group, Inc. All rights reserved.

© 2026 T. Rowe Price. All Rights Reserved.