We are seeking an experienced Tanium and Microsoft Intune Administrator to manage and secure the Windows end-user computing environment. This role is responsible for Windows patch management, vulnerability remediation, device compliance, and automation across enterprise endpoints. The ideal candidate has strong scripting skills and hands-on experience using Tanium and Intune to proactively identify, remediate, and prevent endpoint vulnerabilities.

Key Responsibilities

Endpoint & Patch Management:

Own Windows OS patching lifecycle for end-user devices using Tanium and Intune

Plan, test, deploy, and validate monthly security patches and feature updates

Ensure patch compliance across laptops, desktops, and virtual endpoints

Troubleshoot patch failures and resolve endpoint update issues at scale

Vulnerability Management:

Use Tanium modules (e.g., Comply, Patch, Deploy, Discover) to:

Identify endpoint vulnerabilities and misconfigurations

Prioritize remediation based on risk and exposure

Track and report remediation progress

Partner with Security and Risk teams to meet vulnerability SLAs

Create automated remediation workflows for recurring vulnerabilities

Microsoft Intune Administration:

Manage Intune device policies, compliance policies, and configuration profiles

Deploy and maintain applications, updates, and scripts via Intune

Enforce security baselines and endpoint hardening standards

Support Autopilot and modern device provisioning (if applicable)

Automation & Scripting:

Develop and maintain scripts for endpoint automation and remediation:

PowerShell (advanced) – mandatory

Batch / VBScript (as needed)

Automate patch fixes, vulnerability remediation, compliance enforcement, and reporting

Optimize scripts for performance, scalability, and security

Monitoring, Reporting & Troubleshooting:

Create dashboards and reports using Tanium and Intune to track:

Patch compliance

Vulnerability status

Device health

Perform root-cause analysis for endpoint issues

Act as an escalation point for complex EUC-related incidents

Collaboration & Governance

Work closely with:

Cybersecurity teams

Desktop engineering

Infrastructure and SOC teams

Ensure endpoint management aligns with enterprise security policies and compliance requirements

Maintain documentation, SOPs, and runbooks

Required Skills & Experience

Technical Skills (Mandatory)

Hands-on experience with Tanium (Patch, Comply, Deploy, Discover)

Strong Microsoft Intune administration experience

Expert-level PowerShell scripting

Deep knowledge of:

Windows 10 / 11

Windows Update mechanisms

Endpoint security concepts

Experience with vulnerability management and remediation processes

Preferred / Nice-to-Have

Experience with:

Microsoft Defender for Endpoint

SCCM / MECM (co-management is a plus)

Azure AD / Entra ID device management

Knowledge of CIS benchmarks or security baselines