Endpoint Configuration & Patching Analyst in Cheshire, Warrington

This role is a 24-month fixed term contract. The Endpoint Configuration & Patching Analyst plays a critical role in ensuring NTS maintains a secure, compliant, and well-managed endpoint estate. Using Microsoft Intune as the primary Mobile Device Management (MDM) platform, the role leads the configuration, patching, and ongoing health of all corporate devices. You will work closely with ICT, Cyber Security, and operational teams to ensure endpoints remain secure, up to date, and aligned with organisational standards, supporting NTS’s commitment to safe, secure, and reliable operations across the nuclear transport sector. Aligned with our culture principles—Freedom, Helpfulness, and Drive—you will contribute to a high-performing ICT function that empowers colleagues, supports customers, and continuously improves.

What you’ll be doing:

• Managing Intune configuration policies, compliance settings, baselines, and application deployments
• Leading patch management across Windows and third-party applications, ensuring timely and secure updates
• Monitoring compliance, resolving patch failures, and maintaining a secure, up-to-date device estate
• Working with Cyber Security teams to prioritise vulnerabilities and support CE+ compliance
• Producing audit-ready reports and maintaining effective device health policies
• Testing patches and configuration changes through pilot groups and supporting CAB submissions
• Troubleshooting update failures, compliance drift, and configuration conflicts
• Supporting users and technicians to maintain stable, update-ready devices
• Optimising update delivery using Delivery Optimisation and automation tools
• Creating scripts or workflows to improve efficiency and reduce network load
• Maintaining accurate documentation for patching processes and Intune configurations
• Ensuring procedures are consistent, repeatable, and aligned with audit requirements
• Support toward Microsoft endpoint management certifications
• Opportunities to develop PowerShell and automation skills
• Exposure to CE+ compliance processes and cyber security collaboration
• Access to NDA Group learning and development pathways

Who we’re looking for:

Experience:

• Supporting or administering an Intune-managed endpoint estate
• Managing patch cycles and responding to zero-day vulnerabilities
• Working with Cyber teams on vulnerability remediation
• Participating in CAB/change management processes
• Creating and maintaining technical documentation
• Exposure to OS upgrade programmes (e.g., Windows 11 rollouts)

Knowledge:

• Understanding of Intune policies, compliance, baselines, and update rings
• Knowledge of Windows Autopatch and Delivery Optimisation
• Awareness of cyber security principles, CVEs, CE+ requirements, and secure configuration standards
• Knowledge of Entra ID device identity, compliance states, and conditional access
• Understanding of ITIL change management processes

Skills & behaviours:

• Hands-on experience managing endpoints through Microsoft Intune
• Ability to deploy and manage Windows Updates and Feature Updates at scale
• Strong troubleshooting skills for update failures, compliance drift, and app deployment issues
• Ability to produce compliance dashboards and audit-ready reports
• Basic to intermediate PowerShell skills for automation and reporting
• Understanding of networking elements affecting update delivery
• Strong communication and collaboration skills
• Commitment to NTS culture principles: Freedom – empowering people to perform, Helpfulness – supporting colleagues and customers, Drive – demonstrating confidence, curiosity, and innovation

The kind of people we’re looking for:

• Take ownership of your work and enjoy being trusted to deliver
• Are collaborative, approachable and naturally supportive of others
• Care about doing the right thing, in the right way
• Are curious and motivated to learn, improve and grow
• Communicate openly and act with integrity and respect