Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm’s IT Engineering teams build and operate the tools, systems, and services that power Affirm’s employee-facing IT experience. We’re a creative, craft-minded team focused on building and maintaining services which are speedy, simple, and secure so Affirmers across our global, remote-first workforce can be productive from day one.
Client Platform Engineering builds and maintains the hardware and software at the heart of Affirm’s employee-facing operations. We’re a creative, cross-functional team that cares deeply about our craft and the working lives of Affirmers around the globe. We own Affirm’s endpoint platform and deliver scalable, secure solutions - including zero-touch provisioning, package and patch management, and silent updates - while partnering cross-functionally with teams like Security, Engineering, Product and Support. As a member of this team you’ll have direct influence over how Affirmers experience their workplace technology and the opportunity to lead high-impact projects that improve reliability, security, and productivity across an engaged global workforce.
What You'll Do
- Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (e.g., encryption, OS patching, configuration profiles, application management).
- Guide architectural decisions to ensure endpoint management can easily scale with the company
- Drive key technical initiatives such as permission automation, third-party patching, silent updates, stability improvements, and streamlined device deployment.
- Build automation and infrastructure-as-code pipelines using tools like Terraform (or similar), Bash/Python scripting, and Jamf/Okta/MDM APIs to minimize manual work and create “zero-touch” provisioning workflows.
- Manage enterprise-grade software and package deployment, using tools like AutoPkgr or equivalent for packaging and silent rollout of updates at scale.
- Implement and refine endpoint change control processes, with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for visibility into compliance, patch levels, and device health.
- Collaborate closely with Security, Support, Engineering, and IT to enforce policies (e.g. least-privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
- Serve as the escalation tier for complex endpoint issues—troubl