Windows Client Security Specialist

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent work experience.
• Minimum of 10 years of hands-on technical experience in a similar endpoint security, Windows client security, or desktop engineering role within a medium-to-large enterprise environment.
• Experience in operational endpoint security, IT security operations, or Windows administration in a medium-to-large enterprise environment.
• Experience with industry-standard endpoint management and security tools such as Microsoft Intune, ManageEngine, or similar platforms, including policy deployment, compliance monitoring, and configuration troubleshooting.
• Operational familiarity with Microsoft Defender for Endpoint, including alert triage, threat investigation, and remediation workflows.
• Strong working knowledge of Windows 11 configuration, hardening practices, registry management, and endpoint security troubleshooting.
• Understanding vulnerability remediation, patching processes, and compliance validation.
• Ability to investigate and resolve endpoint security issues efficiently in a fast-paced operational environment.
• Demonstrated experience leading small-to-medium sized IT or security projects, including planning, execution, coordination, and status reporting.
• Strong organizational and documentation skills with an emphasis on consistency, accountability, and delivery.
• Clear written and verbal communication skills with the ability to collaborate effectively across IT and Cybersecurity teams.

Responsibilities

• Perform daily operational tasks to maintain the security and compliance of all Windows client endpoints.
• Administer and support endpoint management platforms (Intune, ManageEngine, or similar) to ensure successful deployment of security configurations, updates, and applications.
• Maintain and apply Windows security baselines, GPO settings, and Intune compliance policies to ensure consistent device hardening.
• Respond to Microsoft Defender for Endpoint alerts, investigate endpoint-level threats, and coordinate remediation steps with Cybersecurity and IT Operations.
• Conduct vulnerability and patch compliance checks; coordinate remediation activities to close security gaps.
• Track and report on endpoint health, patch status, security compliance, and configuration drift.
• Support operational execution of Zero Trust requirements, including Conditional Access enforcement and device compliance validation.
• Troubleshoot security-related endpoint issues such as BitLocker encryption failures, agent health issues, and policy misalignment.
• Perform routine audits of device inventory, baseline adherence, application versions, and policy compliance.
• Maintain accurate documentation for operational processes, troubleshooting guides, standard operating procedures, and endpoint security workflows.
• Partner with Desktop Engineering, Service Desk, Infrastructure, and Cybersecurity teams to resolve endpoint issues and improve operational processes.
• Remediate penetration test findings on endpoints, including coordinating fixes, validating remediation effectiveness, and ensuring long-term compliance.
• Deploy Windows updates using the Semi-Annual Channel to ensure operating systems remain current and compliant.
• Lead small-to-medium sized endpoint security projects, such as security tool rollouts, OS upgrades, baseline enhancements, and remediation initiatives.
• Plan and coordinate project activities, including scope definition, timelines, dependencies, and resource needs, to ensure delivery with minimal business and end-user disruption.
• Track and communicate project progress, risks, and issues, providing regular status updates and documentation to stakeholders and leadership.