Staff Endpoint Engineer (Client Platform Engineering)

<div class="content-intro"><p>Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.</p></div><p>Affirm’s IT Engineering teams build and operate the tools, systems, and services that power Affirm’s employee-facing IT experience. We’re a creative, craft-minded team focused on building and maintaining services which are speedy, simple, and secure so Affirmers across our global, remote-first workforce can be productive from day one.</p> <p>Client Platform Engineering builds and maintains the hardware and software at the heart of Affirm’s employee-facing operations. We’re a creative, cross-functional team that cares deeply about our craft and the working lives of Affirmers around the globe. We own Affirm’s endpoint platform and deliver scalable, secure solutions - including zero-touch provisioning, package and patch management, and silent updates - while partnering cross-functionally with teams like Security, Engineering, Product and Support. As a member of this team you’ll have direct influence over how Affirmers experience their workplace technology and the opportunity to lead high-impact projects that improve reliability, security, and productivity across an engaged global workforce.</p> <h2><strong>What You'll Do</strong></h2> <ul> <li>Administer and scale macOS device management using <strong>Jamf Pro</strong>, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).</li> <li>Guide architectural decisions to ensure endpoint management can easily scale with the company</li> <li>Drive key technical initiatives such as permission automation, third-party patching, silent updates, stability improvements, and streamlined device deployment.</li> <li>Build automation and infrastructure-as-code pipelines using tools like Terraform (or similar), Bash/Python scripting, and Jamf/Okta/MDM APIs to minimize manual work and create “zero-touch” provisioning workflows.</li> <li>Manage enterprise-grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale.</li> <li>Implement and refine endpoint change control processes, with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for visibility into compliance, patch levels, and device health.</li> <li>Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g. least-privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.</li> <li>Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support.</li> <li>Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities.</li> <li>Explore and evaluate new endpoint-management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.</li> <li>Work directly with Developer Productivity to support the unique needs of Affirm’s engineers.</li> </ul> <h2><strong>What We Look For</strong></h2> <ul> <li>5+ years of hands-on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools - <strong>Jamf Pro expertise required</strong> (Jamf 300+ level).</li> <li>Strong scripting capabilities in <strong>Bash</strong>, with fluency in a second language like Pyth ... (truncated, view full listing at source)