Desktop Applications Security/Compliance Specialist - Vulnerability Management

Description :

The Desktop Applications Security & Compliance role is responsible for ensuring that all enterprise desktop applications adhere to security, compliance, and vulnerability management standards.

The role involves validating software packages, enforcing security baselines, mitigating vulnerabilities, and collaborating with cross-functional teams to maintain a secure and compliant endpoint environment.

Roles and Responsibilities :

- Collaborate with enterprise security teams to validate software packages against vulnerability intelligence, threat feeds, and security policies

- Assess CVE reports, identify application-level risks, and coordinate mitigation actions

- Ensure timely remediation of critical vulnerabilities through patch deployment, hotfix rollout, and version upgrades

- Integrate vulnerability scan results from Tenable, Qualys, and Defender ATP with deployment workflows

- Implement and maintain security baselines using Intune Compliance Policies, MEM configuration profiles, Intune Baseline Configuration, and Endpoint Security policies

- Assist in enforcing policies such as BitLocker, antivirus/antimalware, and attack surface reduction

- Administer and optimize Application Control frameworks such as AppLocker and Windows Defender Application Control (WDAC)

- Maintain allow/deny rulesets, handle exceptions, and ensure secure execution of approved applications

- Align application patching strategies with vulnerability insights from Tenable and Qualys

- Coordinate with packaging and deployment teams to ensure continuous compliance

- Track vulnerability remediation SLAs and document closure evidence

- Interpret vulnerability reports including CVSS, exploitability, and exposure levels

- Conduct application-level risk assessments and determine impact on business units

- Drive mitigation plans with clear timelines and document risk acceptance when applicable

- Support audit, compliance tracking, and remediation documentation for ISO, SOC2, and internal controls

Tools and Technology Expertise :

Application Control :

Vulnerability Management :

Endpoint Management :

Endpoint Security :

Security Intelligence and CVE Analysis :

Patch and Deployment Tools :

- Intune Win32, SCCM Application/Patch Deployment

- Assist with policy enforcement, compliance monitoring, and baseline configuration.

- Follow standardized procedures for vulnerability remediation and patch alignment.

- Support security testing, software validation, and endpoint protection policy tuning.

- Work with senior analysts to interpret CVE details and coordinate appropriate
mitigation.

- Lead end-to-end risk assessments for desktop applications and endpoint configurations.

- Interpret vulnerability intelligence and engage cross-functional teams to drive mitigation plans.

- Design and implement secure deployment frameworks, including zero trustaligned application control.

- Build compliance dashboards, reporting frameworks, and SLA tracking for vulnerability closure.

- Advise on improvements to application security posture and enterprise endpoint standards.

Desired Skills :

- Strong understanding of OS-level hardening (Windows 10/11).

- Ability to assess exploitability and prioritize remediation using CVSS, EPSS, and vendor advisories.

- Experience in secure packaging, deployment methodologies, and least-privilege execution principles.

- Knowledge of ISO 27001, CIS benchmarks, SOC2 controls, and internal audit processes.

- Excellent analytical, documentation, and cross-team collaboration skills.