Modern Endpoint/ EUC Architect

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.

To support significant M&A and Integration projects across a range of domain sectors, this ongoing contract opportunity will lead the design and delivery of modern endpoint and workplace solutions across Microsoft Intune, Windows Autopilot, Windows Autopatch and Microsoft Entra ID.

• Assess current environments and define target-state architectures, migration approaches and implementation roadmaps.
• Produce high-quality design documentation including assessments, high-level designs, low-level designs and implementation plans.
• Provide technical leadership across discovery, design, implementation, testing and transition to support.
• Design secure, scalable and supportable solutions aligned to Zero Trust principles and organisational compliance requirements.
• Work closely with clients and internal teams to shape requirements, run workshops and guide technical decision-making.
• Support endpoint security design across compliance, device configuration, identity integration and protection capabilities.
• Contribute to pre-sales activity including solution shaping, technical input to proposals, statements of work and delivery estimates.
• Act as a trusted advisor to clients and a senior technical authority within endpoint transformation engagements.
• Support practice development through reusable standards, architecture patterns and continuous improvement.

• Proven ability to lead the architecture, design and hands-on delivery of complex endpoint or modern workplace solutions for mid-market and enterprise customers.

• Strong experience acting as the senior technical lead across discovery, design, implementation, migration and operational handover activities.

• Demonstrable experience in technical consulting, engineering or architecture roles, with significant focus on endpoint management, security and modern workplace transformation.

• Experience producing and owning assessments, strategies, roadmaps, high-level designs, low-level designs, implementation plans, standards and operational architecture artefacts.

• Ability to build trusted client relationships, provide technical leadership to engineers and influence stakeholders at both technical and leadership levels.

• Relevant Microsoft certifications such as MD-102, MS-102, SC-300, AZ-104 or expert-level architecture or security certifications are desirable.

• Experience working in security-conscious or regulated environments; SC and/or NPPV3 clearance would be beneficial but is not essential.

Essential Experience:

• Deep hands-on expertise in modern endpoint architecture using Microsoft Intune across Windows 10/11, iOS/iPadOS and Android, with sound awareness of macOS management principles.

• Designing and implementing Windows Autopilot and modern provisioning strategies, including enrolment models, ESP optimisation, deployment profiles, identity integration and lifecycle considerations.

• Architecting Windows servicing and device lifecycle strategies using Windows Update for Business, feature updates, driver and firmware controls, and Windows Autopatch.

• Strong experience with application packaging, testing and deployment, including Win32 applications, Microsoft 365 Apps, the modern Microsoft Store and automation-led deployment approaches.

• Strong understanding of Microsoft Entra ID, Conditional Access, MFA, device compliance and identity-driven access controls, with the ability to align endpoint architecture to Zero Trust principles.

• Hands-on experience designing and implementing endpoint security controls using security baselines, Settings Catalog, BitLocker, Windows Hello for Business, Cloud LAPS, Microsoft Defender for Endpoint, WDAC and AppLocker.

• Strong capability in MDM/MAM design with Intune, including app protection, BYOD strategy, corporate-owned device management and platform governance.

• Good knowledge of Active Directory, hybrid identity, Entra Connect Sync and Cloud Sync, certificate management, RBAC and dependency mapping across the wider Microsoft 365 platform.

• Ability to translate business, security and operational requirements into practical architecture standards, implementation designs and supportable service outcomes.

• Experience using PowerShell and Microsoft Graph to support automation, reporting, configuration consistency and operational efficiency.

Desirable Experience:

• Co-management capabilities and integration with Microsoft Configuration Manager.

• Intune Suite capabilities such as Remote Help, Endpoint Privilege Management, Advanced Analytics or Cloud PKI.

• Microsoft Tunnel, specialist mobile management scenarios, and broader cross-platform endpoint management practices.

• Designing and deploying Windows 365 Cloud PC and/or Azure Virtual Desktop solutions as part of a wider modern workplace strategy.

• Dynamic groups, assignment filters, policy sets and reporting or dashboarding for endpoint posture and service performance.

• Good understanding of wider Microsoft 365 workloads and how endpoint, identity, security and collaboration services integrate.

• Awareness of Microsoft Security Copilot or AI-assisted operations in endpoint and security administration.

This opportunity is offered on a contract basis and can operate Outside IR35 or an a PAYE basis. There will also be the option of a permanent staff role for suitably qualified and experienced candidates.

At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life.  In addition to a Competitive Salary, here's what you can expect as part of our benefits package: 

• Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. 
• Flexible working: Flexible work arrangements to support your work-life balance.  We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. 
• A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes.

At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. 

If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.