EUC Engineer L4

Vacancy Name EUC Engineer L4

Req Number VN453

Employment Type Full\-Time

Location London Office

Position SummaryAbout Claranet

Founded at the beginning of the dot.com bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer\-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11\+ countries.

At Claranet, we’re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We’re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.

We are agile, focused and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.

In the UK we have over 500 staff working in London, Gloucester, Warrington, Leeds or as homeworkers.

Working For Claranet

Here at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean it). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, dental, discounted gyms and app supported benefit access.

But what we think makes us different is ‘Team Claranet,’ our dedicated internal part of the business that supports you with matters close to your heart. We proudly support local charities in each of our office locations, support employees with paid charity leave, organise key charity fundraising event per year and have a dedicated committee responsible for supporting employee’s fundraising efforts.

Our Vision

Our vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.

Position Summary

The EUC Specialist – L4 provides technical leadership, architectural governance, and subject\-matter expertise to ensure the stability, security, scalability, and evolution of the global endpoint environment for a financial services client. Based at the client’s London premises, this role is central to defining standards, leading advanced troubleshooting, and guiding endpoint strategy and compliance in a highly regulated environment. The specialist works closely with client stakeholders, and cross\-tower delivery teams to ensure a resilient, compliant, and high\-performing digital workplace.

Primary Purpose

Deliver architectural assurance, advanced support, and strategic direction for the client’s complex, multi\-site endpoint estate. Champion security posture, lifecycle governance, and the evolution of endpoint services, ensuring regulatory and operational excellence.

Objectives \& Key Results

• Define and maintain architectural standards, configuration baselines, and design patterns for the global endpoint estate across Microsoft Intune, SCCM, Autopilot, and Defender for Endpoint


• Lead the design and governance of the Windows reference build (Golden Image), ensuring alignment with operational, functional, and security requirements across annual and mid\-year OS releases


• Govern the application lifecycle end\-to\-end, from packaging strategy and testing frameworks through CAB approval, deployment automation, version control, and retirement, leveraging RoboPack for third\-party evergreen updates


• Drive the endpoint security posture through Defender for Endpoint architectural decisions, BitLocker governance, AppLocker policies, security baselines, and hardening templates


• Lead patch management strategy including deployment ring design, pilot validation frameworks, compliance monitoring, and remediation workflows


• Define and evolve monitoring and telemetry enrichment strategies using Nexthink DEX and M365 Adoption Score to improve event correlation, user experience, and mean time to resolution


• Conduct architectural reviews, capacity planning, and lifecycle governance for all endpoint infrastructure components


• Participate in the Client Academy programme, completing a minimum of 40 hours of training per year

• Define and maintain configuration standards, security baselines, and golden templates for Microsoft Intune profiles, compliance policies, Conditional Access rules, and endpoint security configurations


• Provide design assurance for Windows Autopilot provisioning workflows, device rebuild strategies, and zero\-touch deployment architectures


• Architect the application packaging strategy, defining standards for MSI, MSIX, and IntuneWin formats, testing methodologies, and deployment automation pipelines


• Lead RoboPack integration and governance for automated third\-party application evergreen updates, ensuring packaging consistency and vulnerability exposure reduction


• Design patch deployment ring strategies, defining pilot group composition, telemetry validation criteria, and compliance reporting frameworks


• Define endpoint security hardening architecture through Defender for Endpoint policies, BitLocker encryption standards, firewall configuration baselines, and application control strategies (AppLocker)


• Lead Nexthink DEX platform governance, defining remote action libraries, self\-healing workflows, and proactive remediation campaigns based on device health and user experience analytics


• Architect and govern the Windows reference build lifecycle, coordinating Golden Image refresh cycles and validation against security, application compatibility, and regulatory requirements


• Oversee firmware, BIOS/UEFI, and driver update strategies for all managed device types including docking stations


• Lead CMDB architecture for endpoint configuration items, ensuring topology validation and asset reconciliation in ServiceNow


• Act as the highest technical escalation point for complex L4 endpoint issues across configuration, application deployment, OS, and security domains


• Manage vendor engagements for complex endpoint issues, coordinating with Microsoft, hardware OEMs, and tooling vendors


• Drive automation initiatives including Infrastructure\-as\-Code pipelines, compliance validation scripts, and drift detection for endpoint configurations


• Mentor and guide L2 and L3 engineers, sharing best practices and promoting continuous improvement across the EUC tower


• Produce architectural reviews, performance dashboards, and compliance summaries for internal and client stakeholders

• Ensure all architectural and operational activities adhere to financial services regulations and frameworks (e.g., FCA, PRA, DORA, ISO 27001, SOC)


• Maintain robust documentation, audit trails, and compliance validation for all configuration changes, application deployments, and patching activities within ServiceNow


• Integrate regulatory requirements, security controls, and zero trust principles into endpoint designs and operations


• Support risk assessments, compliance reviews, and operational audits as required

• Service Desk – Escalation path for L1/L2 endpoint incidents and service requests


• On\-Site Support – Coordination for IMAC/RD activities and physical hardware interventions


• IAM – Identity and access provisioning, Conditional Access policy alignment


• Security Operations Centre (SOC) – Defender for Endpoint integration, threat response, vulnerability remediation


• Service Delivery Management – Governance reporting, SLA performance, and service improvement

• Minimum 7 years’ hands\-on experience in endpoint engineering, architecture, and support, ideally within financial services or regulated environments


• Microsoft 365 Certified: Modern Desktop Administrator Associate (or equivalent)


• Deep expertise with Microsoft Intune (configuration profiles, compliance policies, Conditional Access, app deployment, security baselines)


• Advanced experience with Windows Autopilot, SCCM, and hybrid co\-management architectures


• Strong knowledge of application packaging formats (MSI, MSIX, IntuneWin), testing methodologies, and deployment automation


• Experience designing patch management strategies, deployment rings, and Windows Update for Business governance


• Advanced knowledge of Defender for Endpoint, BitLocker, AppLocker, and endpoint security hardening practices


• Experience with Nexthink or equivalent DEX monitoring and remediation platforms


• Experience with automation frameworks (PowerShell, Terraform, or equivalent) for endpoint configuration and compliance


• Familiarity with ServiceNow (incident, change, problem, and CMDB modules)


• Understanding of desktop virtualisation (AVD) and MDM platforms


• Strong stakeholder engagement and governance skills


• Effective communicator with strong written and verbal English skills

• Previous experience within a managed service provider or telecommunications environment serving financial services clients


• Experience with RoboPack or equivalent automated application packaging tools


• CompTIA A\+ or equivalent foundational certification


• Additional Microsoft certifications (Azure, M365 Security, Endpoint Manager)


• Understanding of Microsoft Copilot and AI\-driven endpoint management capabilities


• Knowledge of DORA, FCA, or PRA regulatory frameworks


• Relevant certifications in endpoint security or architecture

This listing is from indeed. View original listing ↗