Ceres USA · 4 days ago
Senior Workplace Engineer
New York, NY
Full-time
Hybrid
Senior Level, Lead/Staff
10+ years expCeres USA Holdings, LLC is part of The Westaim Corporation strategy, focused on redefining retirement security with innovative financial solutions. The Senior Workplace Engineer will be responsible for the architecture, implementation, security, and support of modern workplace technologies, ensuring a seamless and secure digital experience for employees.
Financial ServicesInsuranceLife Insurance
Responsibilities
Develop and execute a strategic vision for modern workplace technologies, end-user computing services, and related generative AI capabilities, ensuring alignment with enterprise business goals and IT standards
Stay current with emerging technologies, including generative AI and automation, proactively evaluating new tools and solutions to enhance productivity, security, and user experience
Participate in the development of technology roadmaps and standards for endpoint management, collaboration tools, networking, and security in conjunction with infrastructure, security, and application teams
Architect, deploy, and optimize Microsoft 365 collaboration and productivity workloads—including Exchange Online, Teams (including Teams Phone/telephony), SharePoint Online, OneDrive, and relevant Power Platform components—to provide a seamless digital workplace experience
Serve as the subject matter expert for Microsoft 365, Entra ID (Azure AD), and related services, providing Tier-2 escalation support and driving root cause analysis for complex incidents
Own and support cloud-based contact center platforms, with primary focus on Talkdesk (experience with other CCaaS solutions such as Five9, Genesys, NICE, etc., is also valuable), ensuring high availability, call quality, and effective integration with enterprise communication systems
Collaborate with contact center operations to define workstation, network, and endpoint standards that optimize agent productivity and voice quality
Implement and maintain Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) solutions such as Microsoft Intune (Endpoint Manager) and Jamf Pro to manage Windows, macOS, iOS, and Android devices at scale
Lead the full device lifecycle—provisioning, enrollment, configuration, patching, and retirement—for Windows and macOS endpoints, leveraging:
Design and maintain standardized, secure build configurations, configuration profiles, and compliance policies for endpoints, ensuring consistent and repeatable provisioning processes
Manage digital signage and Apple TV-based solutions (e.g., managed Apple TVs) for conference rooms and signage, ensuring reliable operation, security, and appropriate content management
Oversee identity and access management using Microsoft Entra ID, implementing conditional access policies, multifactor authentication, privileged access management, and role-based access controls
Implement and enforce Zero Trust principles across devices, users, and networks, working closely with cybersecurity teams to integrate solutions such as Zscaler or Netskope for secure web access and Zero Trust Network Access (ZTNA)
Own and operate endpoint security controls for workplace devices, including:
Design and enforce security and compliance policies for endpoint and mobile environments—encryption, DLP, device posture, and mobile threat defense—in line with company policies and industry regulations
Ensure all modern workplace systems and processes comply with relevant regulatory frameworks and internal security policies, including evidence gathering for audits and risk assessments
Own workplace networking as it relates to the end-user environment, including firewalls, switches, and wireless access points in corporate offices, remote sites, and contact center environments
Architect, configure, and maintain:
Demonstrate strong understanding of networking protocols and fundamentals, including TCP/IP, DNS, DHCP, routing, VLANs, NAT, VPNs, HTTP/HTTPS, and TLS
Collaborate with cloud network and security teams to align network design with endpoint, identity, and Zero Trust strategies, including network access control and device posture-based access
Implement automated patch management processes (e.g., Automox, Intune, or comparable platforms) to keep operating systems, drivers, and applications up to date, using ring-based deployment strategies and robust rollback plans
Leverage scripting and automation (PowerShell, Bash, and other relevant scripting languages) to streamline device provisioning, configuration management, reporting, and remediation tasks
Where appropriate, design and maintain infrastructure-as-code (IaC) definitions using Terraform for cloud and networking resources (e.g., Intune/Entra integrations, security appliances, virtual networks, connectivity components), enabling repeatable, version-controlled deployments and alignment with broader DevOps practices
Build and maintain dashboards and reports that provide visibility into endpoint health, compliance, and user experience, using these insights to drive continuous improvement
Integrate monitoring and observability tools (endpoint, network, and cloud) to enable proactive identification and resolution of issues affecting end-user services
Evaluate, deploy, and operationalize generative AI tools (e.g., ChatGPT, Microsoft Copilot, Teams AI features, and other enterprise-grade AI assistants) to improve service desk operations, engineering workflows, and end-user productivity
Design and implement use cases where generative AI supports device management, incident troubleshooting, documentation generation, knowledge management, and self-service capabilities
Establish guardrails, governance, and best practices for responsible use of generative AI, ensuring data privacy, security, and compliance requirements are met
Train and enable IT staff and business users on effective use of generative AI tools and workflows, promoting adoption while maintaining appropriate risk controls
Continuously evaluate new generative AI capabilities and integrate them thoughtfully into the modern workplace technology stack
Serve as the senior escalation point for the helpdesk and workplace operations teams for complex incidents across endpoints, collaboration tools, networking, and security
Lead major incident response efforts impacting modern workplace services, including technical diagnosis, stakeholder communication, and post-incident reviews with clear root cause analysis and corrective actions
Develop and maintain comprehensive documentation, standard operating procedures (SOPs), runbooks, and knowledge base articles for modern workplace solutions and recurring issues
Work within IT Service Management (ITSM) frameworks (e.g., ITIL) and tools (e.g., Jira Service Management) to manage incidents, problems, changes, and requests in a controlled and auditable manner
Collaborate closely with Security, Networking, Infrastructure, Application, HR, and Contact Center Operations teams to understand needs, gather requirements, and align technology solutions with business objectives
Communicate technical concepts clearly to both technical and non-technical stakeholders, providing regular updates on initiatives, risks, and opportunities related to the modern workplace
Work with external partners and vendors (e.g., Microsoft, hardware OEMs, cloud providers, contact center platforms, security vendors) to resolve complex issues, evaluate new offerings, and ensure service levels are met
Participate in or lead RFPs, vendor evaluations, and contract discussions related to workplace technology solutions
Qualification
Required
Minimum of 10+ years of progressive experience in end-user computing, IT infrastructure, modern workplace engineering, or related domains, including significant hands-on administration of modern workplace technologies
Experience working in or with regulated industries (e.g., financial services, insurance, healthcare), with familiarity in how regulatory requirements affect IT operations, security, and data protection
Deep, hands-on expertise with Microsoft 365 (Exchange Online, Teams, SharePoint Online, OneDrive), Entra ID (Azure AD), Intune/Endpoint Manager, and Windows 11 device management at scale
Strong experience with Windows Autopilot, Entra-joined and hybrid-joined devices, configuration profiles, compliance policies, and secure baseline management
Proven experience with Jamf Pro for macOS management, including DEP/ADE enrollment, Apple Business Manager integration, configuration profiles, policies, and scripting
Demonstrated experience managing iOS and Android devices using MDM (Intune, Jamf, or comparable platforms), including corporate-owned and BYOD scenarios where applicable
Experience managing Apple TVs and similar devices for digital signage and conference room solutions
Solid understanding and practical experience with workplace networking technologies, including firewalls (ideally Fortinet), switches, and enterprise Wi-Fi (ideally Ruckus or similar), as well as core networking protocols (TCP/IP, DNS, DHCP, VLANs, VPNs, HTTP/HTTPS, TLS)
Hands-on experience implementing and supporting Zero Trust and secure web access solutions (e.g., Zscaler, Netskope), and integrating device posture and identity-based access controls
Strong background in endpoint security, including anti-malware, endpoint protection platforms, and EDR/MDR/XDR solutions, with experience in policy tuning, alert triage support, and coordination with SOC teams
Experience with automated patching and configuration management tools (e.g., Automox, Intune, or similar), including deployment strategies and reporting
Proficiency in scripting and automation using PowerShell and Bash; additional experience with other scripting or programming languages (e.g., Python, JavaScript) is a plus
Practical experience evaluating, deploying, and using generative AI tools (e.g., Microsoft Copilot, GitHub Copilot, ChatGPT or similar enterprise-grade assistants) to enhance IT operations, automation, and user productivity
Strong understanding of enterprise security principles, Zero Trust, least privilege, and defense-in-depth strategies
Experience designing and enforcing endpoint and identity security controls in alignment with regulatory and internal security standards (e.g., NIST CSF, ISO 27001 as applicable)
Familiarity with IT Service Management (ITSM) processes and tools; experience working in an ITIL-aligned environment is preferred
Exceptional problem-solving and analytical skills, with the ability to troubleshoot complex, multi-layered technical issues that span endpoints, identity, networks, and applications
Strong written and verbal communication skills, with the ability to explain technical concepts in clear, business-friendly language and to communicate effectively with stakeholders at all levels
Demonstrated ability to work collaboratively in cross-functional teams, build strong relationships, and influence without formal authority
Customer-focused mindset with a commitment to delivering a high-quality, reliable, and secure user experience for employees and contact center agents
Passion for technology and craftsmanship, with a continuous learning mindset and a particular interest in modern workplace, cloud, security, networking, and generative AI capabilities
Experience mentoring and providing guidance to junior engineers or operational staff, serving as a trusted escalation point and technical leader
Benefits
PTO
Health benefits
Career growth opportunities
Company
Ceres USA
Ceres USA is transforming the traditional annuity experience with a solid financial foundation and the leadership of recognized industry innovators, a proprietary all-digital, tech forward operating platform and standard-setting service and support for advisors and policyholders.
51-200 employees
H1B Sponsorship
Ceres USA has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (7)
2024 (1)
2023 (2)
2020 (1)
Funding
Current Stage
Growth StageRecent News
Company data provided by crunchbase