Windows Endpoint and Server Administrator

This is a remote job with travel to client location at least 1-2 days per week Chicago, IL

• The Systems Engineer / Windows SME with 5-8-year Experience - Patch & Vulnerability Management is responsible for planning and executing patching and vulnerability remediation activities across Windows Servers and Endpoints within a multi-sector enterprise environment.
• This role focuses on Microsoft SCCM/MECM-based endpoint patching, Windows Server patching leveraging Tanium, and configuration-based vulnerability remediation aligned with CIS benchmarks, Qualys policies, Microsoft security baselines, and healthcare regulatory requirements.
• The role also requires foundational knowledge of Red Hat Satellite to support coordination of Linux server patching activities.

• Perform monthly and ad-hoc Windows Endpoints (Windows 10 &11) Server patching (2012 R2, 2016, 2019, 2022) across Test, DR, and Production environments.
• Coordinate maintenance windows, change records (Service Now), and post-patch validation with application owners.
• Manage ESU activation, license validation
  , and remediation of patch-related failures.
• Troubleshoot patching issues related to Windows Update, servicing stack, .NET, and cumulative updates
  .

• Administer Microsoft SCCM/MECM for Windows endpoint patching and update deployments.
• Design and manage phased patching cycles (Pilot, Phase 1, Phase 2, Production).
• Deploy Microsoft security updates, feature updates, and third-party patches where applicable.
• Monitor deployment success, compliance levels
  , and remediate failed or non-compliant endpoints.

• Remediate configuration-based vulnerabilities identified through tools such as Qualys, Tanium, or similar platforms
  .
• Implement CIS Level 1 benchmark controls
  , Microsoft Security Baselines, and hardening standards.
• Address vulnerabilities related to:
• Registry settings
• TLS/SSL & cipher configurations
• Local security policies
• Windows services & permissions
• Validate remediation results and ensure continuous compliance
  .
• Possess basic working knowledge of Red Hat Enterprise Linux (RHEL) patching.
• Assist with or coordinate Red Hat Satellite-based patching activities.
• Support remediation tracking for Linux servers in collaboration with Linux SMEs.

• Create and manage Service Now Change Requests (CRs) for patching and remediation activities.
• Ensure alignment with freezes, holiday schedules, and clinical blackout periods
  .
• Support audit readiness for HIPAA, internal security audits, and regulatory assessments.
• Maintain documentation, patch reports, and compliance evidence.

• Strong experience in Windows Server patching and lifecycle management
  .
• Hands-on expertise with Microsoft SCCM / MECM for endpoint patching.
• Experience in vulnerability remediation
  , especially configuration-based findings
  .
• Knowledge of CIS benchmarks, Microsoft security baselines
  , and security hardening practices.
• Familiarity with Qualys, Tanium, SCCM reports, and compliance dashboards
  .
• Experience working in healthcare or regulated enterprise environments preferred.
• Ability to collaborate with Infrastructure, Endpoint, Security, and Application teams
  .

• Working knowledge of Red Hat Satellite and Linux patching concepts.
• Exposure to Power Shell scripting for automation and remediation.
• Experience supporting large enterprise environments (20K+ endpoints).
• Understanding of ITIL processes and Service Now workflows
  .

• Bachelor's degree in IT, Computer Science, or equivalent experience.