About Alvarez & Marsal
Alvarez & Marsal (A&M) is a global consulting firm with over 10,000 entrepreneurial, action and results-oriented professionals in over 40 countries. We take a hands-on approach to solving our clients' problems and assisting them in reaching their potential. Our culture celebrates independent thinkers and doers who positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M's core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity - are why our people love working at A&M.
The Team
GESS group at A&M provides critical business support to the firm and encompasses a range of functions including Information Technology, Marketing, Information Security, Insight Centre & Knowledge Management, Corporate Real Estate, Human Resources, and Operations. GESS enables A&M’s client service delivery, go-to-market, risk management and growth goals as a strategic partner.
How you will contribute
We are seeking an experienced Privilege Management Engineer at Level 3 to own, administer, and continuously improve our privilege management solution. This is a senior technical role sitting at the intersection of endpoint security, application control, and IT operations. The successful candidate will be responsible for configuring and maintaining privilege management policies and filters, ensuring applications run securely without unnecessary elevation, and working closely with packaging, security, and desktop engineering teams to support a stable and compliant endpoint environment. A key focus of this role is the configuration of our privilege management solution for applications requiring manual installation, tracking application version updates, and coordinating with the packaging team to ensure timely remediation and minimal end-user disruption. Available capacity will also be directed towards proactive update tracking and crossteam coordination. In addition to privilege management responsibilities, this role encompasses the management and administration of Microsoft Intune, covering device compliance, Win32 application deployment, policy configuration, and endpoint lifecycle management across the Windows and macOS estate.
Key responsibilities -
1. Privilege Management Configuration
Configure and manage the privilege management solution for applications requiring manual installation, ensuring appropriate elevation rules and policies are in place.
Implement and maintain required settings within the privilege management solution to ensure applications run without disruption to end users, minimising unnecessary UAC prompts and elevation failures.
Design, test, and deploy application-specific privilege policies including allow-listing, on-demand elevation, and sandboxed execution rules
Review and validate privilege requests, assessing risk and ensuring least-privilege principles are upheld across the estate
Maintain and optimise policy sets, ensuring they remain accurate, effective, and aligned with organisational security standards
Troubleshoot and resolve L3 escalations relating to privilege management, application blocking, and elevation failures.
2. Version Tracking & Packaging Coordination
Track version updates for all manually packaged applications within scope, maintaining an up-to-date register of current and target versions
Proactively notify the packaging team of available application updates, providing relevant release notes, version details, and any known compatibility considerations
Coordinate with the packaging team to prioritise and schedule updates, ensuring policies are reviewed and updated in line with new application versions
Utilise available capacity to support broader update tracking activities, monitoring vendor release schedules and identifying upcoming changes that may impact configurations
Maintain accurate records of application versions, policy changes, and update history to support audit and compliance requirements.
3. Endpoint Management (Microsoft Intune)
Manage device compliance policies, configuration profiles, and remediation scripts within Microsoft Intune across Windows and macOS device fleets
Package, deploy, and maintain Win32 applications via Intune, including detection rules, dependencies, and supersede configurations
Author and maintain PowerShell-based Platform Scripts and Remediation scripts, following established logging and auditing standards
Coordinate Intune application assignments including Required and Available deployment scenarios, group targeting, and exclusion logic. Investigate and resolve L3 Intune escalations including ESP failures, compliance failures, sync issues, and application deployment errors
Integrate Intune with complementary tooling (e.g. privilege management solutions, ITSM platforms) to support end-to-end endpoint workflows
Support Windows Autopilot provisioning and pre-provisioning scenarios, including diagnostic analysis and remediation.
4. Security, Compliance & Governance
Ensure privilege management policies align with organisational security frameworks, including CIS benchmarks, Cyber Essentials, and internal security policies
Support security audits and compliance reviews by providing reporting and evidence of privilege controls across the endpoint estate
Work with the security team to identify and remediate privilege-related risks, misconfigurations, and policy gaps.
Contribute to the ongoing development and improvement of the privilege management strategy, including tooling evaluation and best practice adoption.
5. Collaboration & Documentation
Collaborate with desktop engineering, application packaging, and IT security teams to ensure a joined-up approach to endpoint privilege control
Produce and maintain technical documentation including policy designs, runbooks, process guides, and knowledge base articles
Participate in change management processes, ensuring all changes are assessed, approved, and communicated appropriately
Qualifications
3+ years of experience in a senior IT engineering or endpoint security role, with demonstrable hands-on experience with a Privilege Management solution (e.g. BeyondTrust EPM, CyberArk Endpoint Privilege Manager, Ivanti, or similar)
Strong understanding of Windows privilege management concepts including UAC, least privilege, application control, and elevation policies
Experience configuring privilege policies for complex or manually installed applications, including custom elevation rules and policy exceptions
Solid understanding of application packaging practices and the relationship between packaging and privilege management
Ability to assess and triage application elevation requests, balancing user productivity with security requirements
Experience working within ITSM frameworks including change management, incident management, and request fulfilment
Strong analytical and troubleshooting skills with the ability to investigate and resolve complex privilege-related issues
Excellent documentation skills with the ability to produce clear technical and non-technical content
Good communication and stakeholder management skills, with experience working across IT, security, and business teams
Hands-on experience with Microsoft Intune, including device compliance, Win32 application deployment, configuration profiles, and PowerShell-based scripting for policy automation.
Your journey at A&M
We recognize that our people are the driving force behind our success, which is why we prioritize an employee experience that fosters each person’s unique professional and personal development. Our robust performance development process promotes continuous learning, rewards your contributions, and fosters a culture of meritocracy. With top-notch training and on-the-job learning opportunities, you can acquire new skills and advance your career. We prioritize your well-being, providing benefits and resources to support you on your personal journey. Our people consistently highlight the growth opportunities, our unique, entrepreneurial culture, and the fun we have together as their favorite aspects of working at A&M. The possibilities are endless for high-performing and passionate professionals.
At Alvarez & Marsal, our core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity guide everything we do, shaping a culture rooted in entrepreneurship, impact, and integrity. We trust our people to take ownership early, contribute to meaningful challenges, and drive results that matter. We empower growth and champion diverse perspectives. Above all, we value doing the right thing. For those ready to roll up their sleeves, lead with integrity, and be difference makers, this is where it starts.
It is Alvarez & Marsal’s practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, family medical history, genetic information or other protected medical condition, political affiliation, or any other characteristic protected by and in accordance with applicable laws. Employees and Applicants can find A&M policy statements and additional information by region here.
Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.
