Lead Desktop Engineer

About T. Rowe Price

At T. Rowe Price, we identify and actively invest in opportunities to help people thrive in an evolving world. As a premier global asset management organization with more than 85 years of experience, we provide investment solutions and a broad range of equity, fixed income, and multi-asset capabilities to individuals, advisors, institutions, and retirement plan sponsors. We take an active, independent approach to investing, offering our dynamic perspective and meaningful partnership so our clients can feel more confident.

We believe doing the right thing for our clients and our associates is good business. With a career at the firm, you can expect opportunities to create real impact at work and in your community. You’ll enjoy resources to support your career path, as well as compensation, benefits, and flexibility to enrich your life. Here, you’ll find a collaborative culture that respects and values differences and colleagues who share a spirit of generosity.

Join us for the opportunity to grow and make a difference in ways that matter to you.

Role Summary

We are seeking a Lead Desktop Engineer to own the technical direction, operational health, and security posture of our endpoint environment across approximately 14,000 managed devices. This role serves as the senior technical authority for endpoint engineering, operations, and security—ensuring consistent design, execution, and control ownership in a regulated enterprise environment.

The Desktop Engineering Lead will be accountable for endpoint compliance, vulnerability remediation, configuration standards, and high‑risk technical decision‑making. This role partners closely with Security, Infrastructure, Risk, and Audit teams to reduce operational risk, maintain audit readiness, and deliver a stable, secure end‑user computing platform.

Responsibilities

Endpoint Engineering & Platform Ownership:

• Serve as the technical lead for endpoint engineering, operations, and security across ~14k devices, ensuring standardized design, implementation, and enforcement.
• Own the endpoint management stack, including Intune, MECM (SCCM), Microsoft Defender, Entra ID, and related tooling.
• Define and maintain endpoint architecture, configuration baselines, and OS lifecycle standards in alignment with security and regulatory requirements.

Security, Risk & Compliance

• Own endpoint health and compliance, including patching, OS upgrades, configuration baselines, device posture, and conditional access enforcement.
• Own application control capabilities, including Windows Defender Application Control (WDAC), to enforce secure execution policies and reduce endpoint risk.
• Provide decision authority for high‑risk endpoint changes (patching, policy updates, security remediations), minimizing the risk of misconfiguration or large‑scale impact.
• Ensure timely remediation of vulnerabilities and adherence to firm‑defined SLAs, reducing exposure windows and maintaining audit readiness.
• Enforce secure baseline configurations and compliance controls across all managed endpoints.

Operations & Vulnerability Management

• Partner with Security and Vulnerability Management teams to prioritize, plan, and execute endpoint remediation activities.
• Ensure endpoint controls and processes are measurable, defensible, and auditable.
• Act as the escalation point for complex or high‑impact endpoint incidents, driving root cause analysis and long‑term corrective actions.

Automation & Continuous Improvement

• Drive operational efficiency through automation, standardization, and reduction of manual processes.
• Improve consistency, reliability, and scale of endpoint operations through policy‑driven management and modern endpoint practices.
• Identify opportunities to modernize endpoint engineering practices and tooling while maintaining regulatory compliance.

Leadership & Collaboration

• Provide technical mentorship and leadership within the desktop/endpoint engineering team.
• Collaborate with L1/L2 support, infrastructure, identity, security, and audit partners to ensure clear ownership and smooth execution.
• Translate technical risk and trade‑offs into clear, actionable recommendations for leadership.

Qualifications

Required:

• BS or MS degree (or equivalent experience) and 8+ years of experience in endpoint engineering, EUC, or desktop platform management within a large enterprise environment.
• Deep hands‑on expertise with Intune, MECM (SCCM), Microsoft Defender, Entra ID, and Windows endpoint security controls.
• Strong experience operating in regulated environments (financial services, healthcare, highly regulated enterprise).
• Proven ownership of endpoint patching, vulnerability remediation, OS lifecycle, and compliance controls at scale.
• Demonstrated experience serving as a technical decision authority for high‑risk or high‑impact changes.
• Strong understanding of Zero Trust principles, device posture, and conditional access.
• Excellent troubleshooting and root cause analysis skills for complex endpoint issues.

Preferred

• Experience supporting environments with 10k+ endpoints.
• Familiarity with audit, risk, and compliance frameworks impacting endpoint controls.
• Experience driving automation and standardization initiatives (PowerShell, policy‑as‑code, reporting, etc.).
• Hands-on experience with Intune, MECM (SCCM), Microsoft Defender, Entra ID, and Windows endpoint management.
• Strong communication skills with the ability to engage security, audit, and senior leadership audiences.

What This Role Is

• A true accountability owner for endpoint health, compliance, and security.
• A senior technical authority trusted to make risk‑based decisions.
• A bridge between engineering, operations, and security.

What This Role Is Not

• A ticket‑driven desktop support role.
• A purely strategic role without hands‑on ownership.
• A delegated or advisory‑only position without decision authority.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.

Base Salary Ranges

Please review the job posting for the location of this specific opportunity.

$110,000.00 - $188,000.00 for the location of: Maryland, Colorado, Washington and remote workers

$121,000.00 - $207,000.00 for the location of: Washington, D.C.

$138,000.00 - $236,000.00 for the location of: New York, California

Placement within the range provided above is based on the individual’s relevant experience and skills for the role. Base salary is only one component of our total compensation package. Employees may be eligible for a discretionary bonus, which is determined upon company and individual performance.

Commitment to Diversity, Equity, and Inclusion

At T. Rowe Price, our associates are our greatest asset. We thrive because our company culture is built on inclusion and because we sustain a work environment where associates can bring their best selves to work every day. The backgrounds, talents, and experiences of our global associates allow us to embrace new ideas and perspectives that move our business priorities forward and enable us to deliver strong client outcomes. Here, you can expect equal opportunity and fair and consistent treatment for all.

Benefits

We value your goals and needs, at work and in life. As an associate, you’ll be supported with resources, benefits, and work-life balance so you can thrive in ways that matter to you.

Featured Employee Benefits To Enrich Your Life

• Competitive compensation
• Annual bonus eligibility
• A generous retirement plan
• Hybrid work schedule
• Health and wellness benefits, including online therapy
• Paid time off for vacation, illness, medical appointments, and volunteering days
• Family care resources, including fertility and adoption benefits

Learn More About Our Benefits.

T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.