At T. Rowe Price, we identify and actively invest in opportunities to help people thrive in an evolving world. As a premier global asset management organization with more than 85 years of experience, we provide investment solutions and a broad range of equity, fixed income, and multi-asset capabilities to individuals, advisors, institutions, and retirement plan sponsors. We take an active, independent approach to investing, offering our dynamic perspective and meaningful partnership so our clients can feel more confident.

We believe doing the right thing for our clients and our associates is good business. With a career at the firm, you can expect opportunities to create real impact at work and in your community. You’ll enjoy resources to support your career path, as well as compensation, benefits, and flexibility to enrich your life. Here, you’ll find a collaborative culture that respects and values differences and colleagues who share a spirit of generosity.

Join us for the opportunity to grow and make a difference in ways that matter to you.

Role Summary

We are seeking a Lead Desktop Engineer to own the technical direction, operational health, and security posture of our endpoint environment across approximately 14,000 managed devices. This role serves as the senior technical authority for endpoint engineering, operations, and security, ensuring a secure, stable, and well-governed end-user computing platform in a regulated enterprise environment.

The Lead Desktop Engineer is accountable for endpoint compliance, vulnerability remediation, configuration standards, and high-risk technical decision-making. This role partners closely with Security, Infrastructure, Risk, and Audit teams to reduce operational risk, maintain audit readiness, and ensure consistent execution of endpoint controls.

Responsibilities

Endpoint Engineering & Platform Ownership:

Lead endpoint engineering, operations, and security across ~14,000 devices.
Own the endpoint management ecosystem, including Intune, MECM/SCCM, Microsoft Defender, Entra ID, and related tools.
Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards aligned to security and regulatory requirements.

Security, Risk & Compliance:

Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access.
Serve as the decision authority for high-risk endpoint changes, including patching, policy updates, and security remediations.
Ensure timely vulnerability remediation in line with firm SLAs and maintain audit readiness.
Enforce secure baseline configurations and compliance controls across managed endpoints.

Operations & Vulnerability Management:

Partner with Security and Vulnerability Management teams to plan and execute remediation activities.
Ensure endpoint controls and processes are measurable, auditable, and defensible.
Act as the escalation point for complex or high-impact endpoint incidents, driving root cause analysis and corrective action.

Automation & Continuous Improvement:

Improve operational efficiency through automation, standardization, and reduction of manual processes.
Drive consistency, reliability, and scale through policy-driven management and modern endpoint practices.
Identify opportunities to modernize endpoint engineering tools and processes while maintaining compliance.

Leadership & Collaboration:

Provide technical leadership and mentorship within the endpoint engineering team.
Partner with support, infrastructure, identity, security, risk, and audit teams to ensure clear ownership and effective execution.
Translate technical risks and trade-offs into actionable recommendations for leadership.

Qualifications

Required:

BS/MS degree or equivalent experience, with 8+ years in endpoint engineering, EUC, or desktop platform management in a large enterprise.
Deep hands-on expertise with Intune, MECM/SCCM, Microsoft Defender, Entra ID, and Windows endpoint security controls.
Strong experience in regulated environments such as financial services, healthcare, or similar industries.
Proven ownership of endpoint patching, vulnerability remediation, OS lifecycle, and compliance controls at scale.
Demonstrated experience serving as the technical decision-maker for high-risk or high-impact changes.
Strong understanding of Zero Trust, device posture, and conditional access.
Excellent troubleshooting and root cause analysis skills.

Preferred:

Experience supporting environments with 10,000+ endpoints.
Familiarity with audit, risk, and compliance frameworks related to endpoint controls.
Experience driving automation and standardization through PowerShell, policy-as-code, reporting, or similar capabilities.
Strong communication skills with the ability to engage security, audit, and senior leadership stakeholders.

What This Role Is

Accountable owner for endpoint health, compliance, and security.
Senior technical authority trusted to make risk-based decisions.
Critical bridge between engineering, operations, and security.

What This Role Is Not

A ticket-driven desktop support role.
A purely strategic role without hands-on ownership.
An advisory-only role without decision-making authority.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.

Base Salary Ranges

Please review the job posting for the location of this specific opportunity.

$110,000.00 - $188,000.00 for the location of: Maryland, Colorado, Washington and remote workers
$121,000.00 - $207,000.00 for the location of: Washington, D.C.
$138,000.00 - $236,000.00 for the location of: New York, California

Placement within the range provided above is based on the individual’s relevant experience and skills for the role. Base salary is only one component of our total compensation package. Employees may be eligible for a discretionary bonus, which is determined upon company and individual performance.

Commitment to Diversity, Equity, and Inclusion

At T. Rowe Price, our associates are our greatest asset. We thrive because our company culture is built on inclusion and because we sustain a work environment where associates can bring their best selves to work every day. The backgrounds, talents, and experiences of our global associates allow us to embrace new ideas and perspectives that move our business priorities forward and enable us to deliver strong client outcomes. Here, you can expect equal opportunity and fair and consistent treatment for all.

Benefits

We value your goals and needs, at work and in life. As an associate, you’ll be supported with resources, benefits, and work-life balance so you can thrive in ways that matter to you.

Featured employee benefits to enrich your life:

Competitive compensation

Annual bonus eligibility

A generous retirement plan

Hybrid work schedule

Health and wellness benefits, including online therapy

Paid time off for vacation, illness, medical appointments, and volunteering days

Family care resources, including fertility and adoption benefits

Learn more about our benefits.

T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.

Lead Desktop Engineer

Related Jobs

Program Analyst

Supervisory Air Traffic Control Specialist (Assistant General Manager)

Health Insurance Specialist

ADMINISTRATIVE/TECHNICAL SPECIALIST

Intelligence Specialist (Operations)

Director, Office of Procurement