IT Systems Engineer, Client Platform Engineer

About the role

The Endpoint team (Client Platform Engineering) treats Anthropic’s device fleet as a distributed platform, not a collection of laptops. We run our own MDM as a production service and manage every piece of device configuration as code. Policies, configuration profiles, queries, remediation scripts, and software all ship through pull requests, CI, a staging environment, and a canary group before they reach the fleet. The fleet spans macOS, Windows, and a growing mobile footprint.

You’ll own that platform end to end: the infrastructure underneath the MDM, the configuration on top of it, the patching and software pipelines that keep thousands of devices patched and secure, and the telemetry that tells us what is actually true on every device. You’ll build zero touch provisioning that turns a sealed box into a productive machine on day one, manage rapid patching enforcement schedules while maintaining a good user experience, and build automation and Claude-driven workflows to eliminate operational toil. The role sits at the intersection of security and developer experience: working with Security teams on hardening, compliance controls, and detection and response, and with developer and infrastructure teams to make sure controls don't get in the way of getting work done. It also lays the groundwork for access decisions based on device trust.

If you think of “100% compliant” as a claim to audit rather than a fact to report, you’ll fit right in. The team is deliberately lean and runs with high autonomy. You’ll help define the endpoint roadmap, make architecture decisions, and own the platform every Anthropic employee’s work runs on. Your work will directly shape how we scale to AI Safety Level 4 and beyond.

Responsibilities

• Own endpoint configuration as code: author, review, test, and progressively roll out MDM policies, configuration profiles, and remediation scripts across macOS, Windows, and mobile, with canary stages and rollback built in
• Operate the MDM platform itself as a production service, including infrastructure as code, observability, upgrades, and incident response
• Build patch management automation with rapid enforcement timelines while maintaining good user experience
• Design zero touch provisioning that turns a sealed box into a productive machine on day one
• Run software distribution for the fleet, including managed app distribution for mobile devices
• Turn fleet telemetry into policy, dashboards, and early drift warnings, and build automation with Claude that removes operational toil
• Partner with Corporate Security on endpoint hardening, binary authorization, and compliance controls
• Serve as the deep escalation tier for endpoint issues IT Operations can’t resolve

You may be a good fit if you

• Have 8+ years building secure IT systems in complex environments, or for Staff level, have led projects spanning multiple teams that changed how an organization operates
• Have managed endpoint fleets of thousands of macOS and Windows devices through a modern MDM
• Treat endpoint configuration as code and have moved past clicking in consoles, whether through scripted deployments or full GitOps
• Go deep on one platform (macOS internals such as launchD, configuration profiles, TCC, and system extensions, or Windows internals such as CSPs, the registry, PowerShell, and BitLocker) and are genuinely hands on with the other
• Excel at solving ambiguous problems with multiple stakeholders
• Communicate technical concepts clearly to any audience
• View IT Engineering as requiring product engineering rigor
• Successfully deliver complex projects from conception to production
• Write clear documentation as a natural part of your workflow

Strong candidates may also

• Have operated an MDM or device management platform as a service, not only consumed one as SaaS
• Have worked with open source endpoint and device management tooling
• Have built automated, progressive rollout systems with promotion gated on telemetry
• Have experience running infrastructure as code in a public cloud
• Have managed a mixed fleet across macOS, Windows, and mobile, with real depth on at least one platform
• Bring proficiency in Swift or Go for building endpoint tools
• Have used LLMs to automate operational work, or are excited to make Claude a teammate

Technical Skills

• Python, shell scripting, and PowerShell
• macOS or Windows internals (depth on one, working knowledge of the other)
• Querying live device state at fleet scale
• Modern MDM platforms (Jamf, Intune, Workspace ONE, or equivalent)
• GitOps, CI/CD for configuration management, and infrastructure as code
• Public cloud fundamentals (containers, managed databases, CDN, monitoring)
• Device lifecycle automation (zero touch enrollment, patching, software distribution)
• Endpoint security fundamentals

Deadline to apply: None. Applications will be received on a rolling basis.