Senior Endpoint Security Jobs (NOW HIRING)

Paul Hastings is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout the U.S., Asia, Europe, Latin America, and the Middle East, we have the global reach and extensive capabilities to provide personalized service wherever our clients' needs take us. As one of the world's leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.

Job TitleSenior Endpoint EngineerLocationNew YorkRegular/TemporaryRegularJob Description SummaryWe have an opening for a Senior Endpoint Engineer.
Under the direction of the Senior Manager, Endpoint Systems Engineering, the Senior Endpoint Engineer serves as a hands-on technical authority responsible for designing, engineering, and supporting the Firm's global endpoint ecosystem. This role leads the development of endpoint architectures, application deployment frameworks, and automation strategies that ensure secure, compliant, and high-performing digital workspaces across all offices.
The Senior Endpoint Engineer designs and maintains standardized endpoint images, automates patching and application delivery, manages endpoint security configurations, and provides advanced production support using modern platforms such as MECM (Microsoft Endpoint Configuration Manager), Microsoft Intune and Windows Autopilot. This role plays a critical part in the Firm's ISO 27001 compliance posture, zero-trust security model, and digital transformation initiatives.
Serving as a technical lead and escalation point, this position partners closely with Security, Infrastructure, Desktop Support, and business stakeholders to proactively identify issues, engineer scalable solutions, and continuously improve endpoint reliability, performance, and user experience.Job DescriptionIn this capacity, the Senior Endpoint Engineer will:

• Design, develop, and maintain endpoint engineering solutions across Windows, iOS, Android, and VDI (Virtual Desktop Infrastructure) platforms;
• Create, test, and maintain application install packages and wrappers for delivery via Microsoft Intune, MECM (Microsoft Endpoint Configuration Manager), and VDI environments;
• Develop and maintain standard endpoint images for supported device models using Windows Autopilot, Intune, and Microsoft Deployment Toolkit (MDT);
• Automate software deployments, patching, and updates using Intune, PowerShell, and Windows Update for Business;
• Test integrated applications against standard images, software dependencies, hardware models, and production environments;
• Patch desktops, laptops, and virtual desktops in alignment with security baselines and compliance requirements;
• Maintain a centralized software installation and packaging library with version control and documentation;
• Prepare, test, document, and deploy application updates across Firm systems;
• Research, evaluate, and recommend endpoint software and hardware solutions to improve stability, performance, and consistency;
• Manage endpoint security configurations, including Intune enrollment, compliance policies;
• Monitor and report on endpoint health, performance, and compliance using Microsoft Endpoint Analytics, and telemetry tools like ControlUp or NexThink;
• Support hybrid and remote work environments using conditional access, zero-trust principles, and Microsoft Entra ID;
• Serve as a Tier 3 escalation point for the IT Support Center, providing end-to-end incident resolution and root cause analysis;
• Analyze systemic issues, identify root causes, and implement corrective and preventative actions;
• Act as a technical lead on endpoint-related projects, providing task-level guidance and engineering leadership;
• Execute endpoint refresh initiatives, platform upgrades, and modernization efforts;
• Interface directly with vendors and internal IT teams to resolve complex or unique technical issues;
• Stay current on Firm application functionality, endpoint technologies, and industry best practices;
• Participate in an on-call rotation to support global incident management processes; and
• Support endpoint changes during approved maintenance windows; limited after-hours work may be required.

Proficiencies:Endpoint Management & DeploymentAdvanced hands-on experience with Microsoft Intune, Windows Autopilot, and Microsoft Endpoint Configuration Manager (MECM). Strong expertise in modern endpoint deployment models, zero-touch provisioning, and lifecycle management;Application Packaging & AutomationExpertise in application packaging and virtualization technologies including MSIX (Microsoft Installer XML), WinGet, App-V, PSAppDeployToolkit, and Intune Win32 packaging. Strong automation skills using PowerShell, Azure DevOps, and scripting frameworks to streamline deployments and updates;Operating Systems & PlatformsDeep technical knowledge of Windows 10/11, Microsoft 365 Apps (Teams, OneDrive), Citrix Virtual Apps and Desktops, Azure Virtual Desktop, and hybrid endpoint environments;Identity, Security & TelemetryStrong understanding of Microsoft Entra ID, conditional access, zero-trust security models, Group Policy, endpoint protection (Defender for Endpoint, BitLocker, third-party EDR), and endpoint analytics. Skilled in using telemetry to monitor health, detect trends, and drive proactive remediation; andSystems & TroubleshootingAdvanced troubleshooting skills across Windows internals, registry, DLL conflicts, drivers, network connectivity, workstation remote control tools, and endpoint performance analysis.Qualifications:

• Bachelor's Degree in Information Systems, Computer Science, or equivalent experience;
• Microsoft certifications, such as Endpoint Administrator Associate, Enterprise Administrator Expert, Identify and Access Administrator, Azure Administrator or similar;
• 8+ years of experience in endpoint engineering or systems engineering roles;
• 3+ years lead supporting Windows 10/11 enterprise endpoint environments;
• 2+ years with modern software packaging tools (Intune, MSIX, PSAppDeployToolkit);
• 2+ years with modern imaging and deployment solutions (Intune, Autopilot, MDT);
• Experience supporting security frameworks, compliance requirements, and audit activities in regulated or professional services environments preferred; and
• Prefer previous work experience in a Legal company, though not required.

The salary wage range for New York that we expect to pay for this position is a minimum of $116,000 and a maximum of $150,000 annually. The actual pay wage may vary based on experience or other relevant factors.The salary wage range for New York that we expect to pay for this position is a minimum of $116,000 and a maximum of $150,000 annually. The actual pay wage may vary based on experience or other relevant factors.

Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.

The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.

Eligible employees can participate in the Firm's comprehensive benefits program, which include the following:

• Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short- and Long-Term Disability

• Flexible Spending Accounts and Health Savings Account

• Healthcare Concierge and Advocacy

• Lifestyle Spending Account

• Voluntary 401(k) Plan and Profit Sharing

• 10 Paid Holidays per year and a generous PTO Program

• Family Support including Paid Parental Leave, Fertility Benefits, Breast Milk Shipping, Back-up Child Care, Elder Care, and Tutoring

• Wellbeing programs (Employee Assistance Program, Relationship Support, Mental Health, Menopause and Midlife Health and Well-Being Events)

• Retirement Plan Consulting

• Anniversary Bonus Program

• Professional Development Programs

• Transportation and Commuter Benefits

• International Travel Insurance

• Critical Illness, Hospital Indemnity and Accident Insurance

• Auto/Home/Pet Insurance

• Prepaid Legal Insurance

• Employee Discounts

• And More!

The Firm fosters an open and inclusive work environment that enables us to provide clients with the innovative thinking of teams rich in talent, experience and creativity. We regularly host programs intended to increase cultural competencies and address key topics related to community, opportunity and inclusion. Learn more about our Global Inclusion initiatives here: Global Inclusion

Paul Hastings is an equal opportunity employer. Pursuant to applicable local law, we will consider qualified applicants with criminal histories in a manner consistent with the requirements of the relevant fair chance ordinance.