Identity, Security & Endpoint Engineering - Fintech Payments Client

100% remote and London one visit a month

Up to £80k + Benefits

We’re looking for a sharp, automation-driven Identity, Security & Endpoint Engineer to help build and evolve secure-by-design digital workplace capabilities for a leading fintech payments organisation.

Sitting within the CTO function and working alongside Digital Workplace portfolio owners, you’ll engineer the identity, data security, and endpoint automation foundations that keep a regulated, high-velocity fintech running safely and efficiently.

This is a deep technical, non-customer-facing engineering role focused on automation, standardisation, and continuous improvement across Microsoft 365, Entra ID, Purview, Priva, Intune, and Defender.

What You’ll Own

Identity Governance & Lifecycle Automation

• Design and automate identity life cycle processes using Entra ID Lifecycle Workflows and SCIM provisioning.
• Integrate HRIS systems to deliver seamless joiner/mover/leaver automation.
• Maintain Access Packages, Entitlement Management, Access Reviews, and Conditional Access aligned to zero-trust principles.
• Engineer identity protection patterns that scale across a regulated fintech environment.

Data Security, Governance & Privacy

• Build and optimise data governance architectures using Microsoft Purview (DLP, labels, retention, classification, insider risk).
• Deploy and tune Microsoft Priva for privacy risk management, data minimisation, and SRR automation.
• Embed GDPR, ISO 27001, and DPA-aligned controls into productised workplace services.
• Ensure data protection policies are consistently engineered, automated, and auditable.

Threat Protection & Security Engineering

• Configure and optimise Microsoft Defender across Endpoint, Identity, Cloud Apps, and Email.
• Tune detections, analyse alerts, and uplift preventative controls across identity and data planes.
• Support adoption of zero-trust, least privilege, and continuous access evaluation.

Automation & Integration

• Build scalable automations using Power Automate, Logic Apps, and Microsoft Graph API.
• Develop reusable scripts, workflow templates, and integration components.
• Reduce operational overhead through automation-first engineering.

Endpoint, Device & Provisioning Engineering

Unified Endpoint Management (Windows, macOS, iOS, Android)

• Engineer Intune baselines for compliance, configuration, app deployment, and reporting.
• Build custom remediation scripts and automation workflows.
• Implement Defender for Endpoint across all device platforms.

Zero-Touch Provisioning & Device Lifecycle

• Build and maintain Autopilot, hardware hash processes, and automated provisioning flows.
• Engineer device life cycle automation for JML processes.
• Contribute to a unified provisioning blueprint enabling a true zero-touch DaaS model.

Cross-Platform Device Management

• Develop Apple management via Apple Business Manager, ADE, and MDM tooling.
• Implement macOS configuration, FileVault, and app delivery via Intune/Jamf.
• Engineer Android Enterprise provisioning (zero-touch, work profile, COPE).

Security, Encryption & Access Controls

• Implement BitLocker, FileVault, PKI, SCEP, and certificate-based authentication.
• Maintain endpoint security baselines, ASR rules, and platform hardening.

What You’ll Produce

• Engineering documentation, deployment guides, automation catalogues, and configuration standards.
• Reusable engineering patterns for Operations and Pre-Sales.
• Contributions to product documentation, CSDs, and internal knowledge bases.
• Input into PoCs, MVPs, and strategic technology evaluations.

What You Bring

• Strong experience across identity life cycle automation, data security, and endpoint engineering.
• Deep knowledge of Microsoft 365, Entra ID, Purview, Priva, Intune, and Defender.
• Ability to build scalable automations and integrations in a managed service or enterprise environment.
• Excellent documentation and engineering standardisation skills.
• Understanding of compliance frameworks (GDPR, ISO 27001, DPA 2018).
• Self-driven learner with a passion for emerging Microsoft identity and security capabilities.
• Experience working with cross-functional engineering, operations, and pre-sales teams.

Certifications

Required:

• SC-300
• SC-400
• SC-200

Preferred:

• SC-100
• Additional Microsoft Security, Compliance, or Automation certifications.

RSG Plc is acting as an Employment Agency in relation to this vacancy.