Lead Desktop Engineer

Location: Maryland, US

Apply

Requisition Number: 80979

Position Title:

External Description:

Role Summary

We are seeking a Lead Desktop Engineer to own the technical direction, operational health, and security posture of our endpoint environment across approximately 14,000 managed devices. This role serves as the senior technical authority for endpoint engineering, operations, and security, ensuring a secure, stable, and well-governed end-user computing platform in a regulated enterprise environment.

The Lead Desktop Engineer is accountable for endpoint compliance, vulnerability remediation, configuration standards, and high-risk technical decision-making. This role partners closely with Security, Infrastructure, Risk, and Audit teams to reduce operational risk, maintain audit readiness, and ensure consistent execution of endpoint controls.

Responsibilities

Endpoint Engineering & Platform Ownership:

  • Lead endpoint engineering, operations, and security across ~14,000 devices.
  • Own the endpoint management ecosystem, including Intune, MECM/SCCM, Microsoft Defender, Entra ID, and related tools.
  • Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards aligned to security and regulatory requirements.

Security, Risk & Compliance:

  • Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access.
  • Serve as the decision authority for high-risk endpoint changes, including patching, policy updates, and security remediations.
  • Ensure timely vulnerability remediation in line with firm SLAs and maintain audit readiness.
  • Enforce secure baseline configurations and compliance controls across managed endpoints.

Operations & Vulnerability Management:

  • Partner with Security and Vulnerability Management teams to plan and execute remediation activities.
  • Ensure endpoint controls and processes are measurable, auditable, and defensible.
  • Act as the escalation point for complex or high-impact endpoint incidents, driving root cause analysis and corrective action.

Automation & Continuous Improvement:

  • Improve operational efficiency through automation, standardization, and reduction of manual processes.
  • Drive consistency, reliability, and scale through policy-driven management and modern endpoint practices.
  • Identify opportunities to modernize endpoint engineering tools and processes while maintaining compliance.

Leadership & Collaboration:

  • Provide technical leadership and mentorship within the endpoint engineering team.
  • Partner with support, infrastructure, identity, security, risk, and audit teams to ensure clear ownership and effective execution.
  • Translate technical risks and trade-offs into actionable recommendations for leadership.

Qualifications

Required:

  • BS/MS degree or equivalent experience, with 8+ years in endpoint engineering, EUC, or desktop platform management in a large enterprise.
  • Deep hands-on expertise with Intune, MECM/SCCM, Microsoft Defender, Entra ID, and Windows endpoint security controls.
  • Strong experience in regulated environments such as financial services, healthcare, or similar industries.
  • Proven ownership of endpoint patching, vulnerability remediation, OS lifecycle, and compliance controls at scale.
  • Demonstrated experience serving as the technical decision-maker for high-risk or high-impact changes.
  • Strong understanding of Zero Trust, device posture, and conditional access.
  • Excellent troubleshooting and root cause analysis skills.

Preferred:

  • Experience supporting environments with 10,000+ endpoints.
  • Familiarity with audit, risk, and compliance frameworks related to endpoint controls.
  • Experience driving automation and standardization through PowerShell, policy-as-code, reporting, or similar capabilities.
  • Strong communication skills with the ability to engage security, audit, and senior leadership stakeholders.

What This Role Is

  • Accountable owner for endpoint health, compliance, and security.
  • Senior technical authority trusted to make risk-based decisions.
  • Critical bridge between engineering, operations, and security.

What This Role Is Not

  • A ticket-driven desktop support role.
  • A purely strategic role without hands-on ownership.
  • An advisory-only role without decision-making authority.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.

City:

State:

Community / Marketing Title: Lead Desktop Engineer

Company Profile:

Location_formattedLocationLong: Maryland, US

CountryEEOText_Description: Commitment to Diversity, Equity, and Inclusion: We strive for equity, equality, and opportunity for all associates. When we embrace the power of diversity and create an environment where people can bring their authentic and best selves to work, our firm is stronger, and we create greater value for our clients. Our commitment and inclusive programming aim to lift the experience for each associate and builds allies for our global associate community. We know that a sense of belonging is key not only to your success at the firm, but also to your ability to bring your best each day. Benefits: We invest in our people through a wide range of programs and benefits, including: • Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions • Flexible and remote work opportunities • Health care benefits (medical, dental, vision) • Tuition assistance • Wellness programs (fitness reimbursement, Employee Assistance Program) Our policies may change as our working lives evolve. Yet, our commitment to supporting our associates’ well-being and addressing the needs of our clients, business, and communities is unwavering. T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.

We’re driven by our purpose: To identify and actively invest in opportunities to help people thrive in an evolving world.

Find us on:     Facebook     X     YouTube     LinkedIn     Instagram

Do Not Sell or Share My Personal Information

Transparency in Coverage Disclosure

This website does not provide investment advice or recommendations. Nothing in this website shall be considered a solicitation to buy or an offer to sell a security, or any other product or service, to any person in any jurisdiction where such offer, solicitation, purchase, or sale would be unlawful under the laws of such jurisdiction.

T. ROWE PRICE, INVEST WITH CONFIDENCE, and the Bighorn Sheep design are, collectively and/or apart, trademarks of T. Rowe Price Group, Inc. All rights reserved.

© 2026 T. Rowe Price. All Rights Reserved.