Security Professional – Endpoint Vulnerability & Patch Management

About the role

We are looking for a highly experienced End User Computing (EUC) Subject Matter Expert to lead endpoint vulnerability remediation and third‑party application patching across Windows and Azure Virtual Desktop environments. The role focuses on reducing security risk, meeting remediation SLAs, and delivering audit‑ready patching operations with minimal business impact.

Key responsibilities

• Act as the SME for endpoint vulnerability remediation, collaborating with Cyber Security teams to identify, prioritize, and close vulnerabilities.
• Define and implement enterprise‑wide patching strategies for Windows and third‑party applications on endpoints and AVDs.
• Design, orchestrate, and maintain patch workflows using Tenable Patch Management and/or Adaptiva OneSite.
• Own end‑to‑end third‑party application patching, including onboarding, testing, validation, deployment, and rollback.
• Apply risk‑based prioritization (CVSS, exploitability, asset criticality, business impact) to remediation decisions.
• Monitor patch compliance, deployment success, and remediation SLAs, handling exceptions and risk‑acceptance cases.
• Produce operational and executive‑level compliance reports for security, leadership, and audit stakeholders.
• Serve as L3 escalation point for endpoint patching, security incidents, and complex deployment issues.
• Participate in incident, change, and problem management processes and maintain technical documentation.

Required profile

• 10+ years of experience in EUC, endpoint management, or endpoint security roles.
• Proven SME‑level expertise with Tenable Patch Management and/or Adaptiva OneSite.
• Hands‑on experience with Microsoft SCCM/MECM and Microsoft Intune.
• Deep understanding of vulnerability management lifecycles, remediation SLAs, audit requirements, and compliance.
• Strong PowerShell scripting and automation capabilities.
• Experience operating in large, regulated enterprise environments.

Required skills

• Tenable Patch Management
• Adaptiva OneSite
• Microsoft SCCM / MECM
• Microsoft Intune
• PowerShell scripting
• Vulnerability Management (CVSS, risk‑based prioritization)