Systems Engineer III - Patch Management

Overview This is a remote role that may only be hired in the following location(s) : AZ, NC, NJ, TX Our Patch Management and Governance team requires a highly experienced Senior Infrastructure Engineer responsible for driving engineering, automation and support for security and application patching in the Technology area.

An ideal candidate will be a highly skilled full stack infrastructure engineer with experience in Modern Device Management and automation protecting every endpoint - workstations, laptops, virtual devices and more.

As the Patch Management Engineer, you’ll provide assessment including security, system, and business impact. MEMCM, WSUS and Bigfix administration should be strong skills that you possess.

Our Technology Stack Windows 10 / 11 Microsoft Endpoint Manager Configuration Manager (MEMCM) with MDT-based Operating System Deployment (OSD), WSUS, Internet-based Client Management through IBCM and CMG, software deployment PatchMyPC for third party application patching Office365 with Azure Active Directory hybrid join conditional access, Office ProPlus, and a variety of modern applications.

Active Directory on-premises with group policy Qualys vulnerability management tools PowerShell Patch Management, USMT, Asset Intelligence, PC Hardware Management (Devices, Drivers, Firmware) Ivanti Patch Management for SCCM Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports Responsibilities PATCH COMPLIANCE Identify, assess, and Deploy patches as made available by the vendor for all in scope workstation assets - Laptops and Desktops running Windows Operating System Primary responsibility will be focused on Patch management and delivering operating system and software updates via System Center Configuration Manager and reporting to management on progress.

Manage, administer and update SUGs and ADRs for patch deployments of workstation patches. Validate successful patch deployments and systems patch compliance statuses post deployment.

Regularly review and cleanup outdated, unnecessary patches from MEMCM repository. Utilize WSUS environment for approving, declining, and managing patches.

Provide support & technical leadership to front-end Patch Technicians assisting with patch deployment issues and resolution.

Identify, understand and collaborate with OEM / Vendors to resolve patch related issues with patching and remediation activities Document installation and configuration procedures related to patch management Assists the Infrastructure teams with testing, packaging, and deployment of new software releases.

Deploys software for service packs or emergency security patches. Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.

Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.

Act as an escalation point for patch execution / partner team mentoring them and resolving complex scenarios and technical issues Ensures overall service levels for infrastructure uptimes through patch management standards, firmware upgrades and vendor based advisory Analyzes trend data to identify potential patch related issues on various images and assists teams in troubleshooting to implement any resolutions / improvements needed for proactive resolution Develops automation scripts and programs to streamline manual patch operations and improve mean time to deliver and first-time right metrics.

Assist in implementation during patch maintenance windows and assists in documenting completion of the change. Measures and recommends improvement for patching service levels and success rates Supports the determination of patches needed as well as implementation of corrective actions by doing thorough due diligence Perform Patch management tasks include maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.

VULNERABILITY REMEDIATION - Must be skilled in vulnerability assessment, asset-based remediation planning and execution.

PATCH AUTOMATION Design, build, test, and deploy scripting and automation to reduce the effort required to deploy security patches and support.

Align solutions with the existing technology stack to provide seamless delivery. ACTIVE DIRECTORY Possess working knowledge of Active Directory administration, including advanced understanding of delegation, logging, replication, authentication protocols and management techniques / tools.

TEAM PLAYER Act as a team player supporting peers, department management and business unit leadership to fulfill operational service levels, department initiatives and project deliverables.

Believe in and adopt a 70% agreement, 100% commitment attitude. DOCUMENTATION Build high quality roadmaps, strategies, standards, and procedures to publicize the work of the department and develop the knowledge of others.

CONTINUOUS IMPROVEMENT Organize continuous improvement efforts by understanding staff insights and concerns and creating a pipeline of change.

Maintains a keen eye on opportunities to improve patch effectiveness, efficiency, compliancy, or cost savings. Drive resolutions to production.

CHANGE MANAGEMENT Learn and follow the change management process. Independently test and implement changes in the environment while informing others.

SUBJECT MATTER EXPERT Act as an expert support resource for multiple server / desktop technology stack components. Assist and mentor system administrators and technicians to foster personal growth and accountability.

Qualifications Bachelor's Degree and 6 years of experience in Systems engineer and systems programmer OR High School Diploma or GED and 10 years of experience in Systems engineer and systems programmer Preferred Qualifications Bachelor's degree and / or some relevant work experience in patching, vulnerability remediation and system / network administration is preferred Minimum of 5 years hands on experience with WSUS, SCCM, AD, scripting Advanced knowledge of Windows 10 / 11 Exposure with vulnerability Management Tools like Qualys etc.

Ivanti Patch Management for SCCM Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports Working knowledge and demonstrated expertise with the Microsoft Windows operating system Demonstrate verbal, written, and interpersonal skills Ability to work independently or as a member of a technical team Self-motivated and be able to produce and perform with minimal supervision as well Experience Scripting with PowerShell and Bash experience preferred Analytical and problem-solving skills for troubleshooting are required Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.

Familiarity with issue / ticket tracking systems (Jira, ServiceNow, etc.) Strong understanding of and experience in Windows Engineering and Windows Modern Management technologies (SCCM / OSD / WSUS / Intune MEM / Autopilot, Azure, AWS) The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirements Proficiency in scripting of packaged installation of patches, software, and configuration changes Advanced knowledge of infrastructure foundation including DNS, DHCP, VDI, SQL Server, Oracle, Mongo, Postgres, IIS, Apache, SAN, Hyper-Converged, LAN, WLAN, VLAN, OSI model, TCP / IP, VPN, firewalls, PKI and / or AWS Demonstrated ability to communicate effectively to business and technical audiences.

Demonstrated self-motivated work ethic and lifelong learner First Citizens benefits programs are designed to meet our associates where they are in life.

Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined.

More information regarding our benefits offerings can be found here : benefits.PATCH COMPLIANCE Identify, assess, and Deploy patches as made available by the vendor for all in scope workstation assets - Laptops and Desktops running Windows Operating System Primary responsibility will be focused on Patch management and delivering operating system and software updates via System Center Configuration Manager and reporting to management on progress.

Manage, administer and update SUGs and ADRs for patch deployments of workstation patches. Validate successful patch deployments and systems patch compliance statuses post deployment.

Regularly review and cleanup outdated, unnecessary patches from MEMCM repository. Utilize WSUS environment for approving, declining, and managing patches.

Provide support & technical leadership to front-end Patch Technicians assisting with patch deployment issues and resolution.

Identify, understand and collaborate with OEM / Vendors to resolve patch related issues with patching and remediation activities Document installation and configuration procedures related to patch management Assists the Infrastructure teams with testing, packaging, and deployment of new software releases.

Deploys software for service packs or emergency security patches. Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.

Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.

Act as an escalation point for patch execution / partner team mentoring them and resolving complex scenarios and technical issues Ensures overall service levels for infrastructure uptimes through patch management standards, firmware upgrades and vendor based advisory Analyzes trend data to identify potential patch related issues on various images and assists teams in troubleshooting to implement any resolutions / improvements needed for proactive resolution Develops automation scripts and programs to streamline manual patch operations and improve mean time to deliver and first-time right metrics.

Assist in implementation during patch maintenance windows and assists in documenting completion of the change. Measures and recommends improvement for patching service levels and success rates Supports the determination of patches needed as well as implementation of corrective actions by doing thorough due diligence Perform Patch management tasks include maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.

VULNERABILITY REMEDIATION - Must be skilled in vulnerability assessment, asset-based remediation planning and execution.

PATCH AUTOMATION Design, build, test, and deploy scripting and automation to reduce the effort required to deploy security patches and support.

Align solutions with the existing technology stack to provide seamless delivery. ACTIVE DIRECTORY Possess working knowledge of Active Directory administration, including advanced understanding of delegation, logging, replication, authentication protocols and management techniques / tools.

TEAM PLAYER Act as a team player supporting peers, department management and business unit leadership to fulfill operational service levels, department initiatives and project deliverables.

Believe in and adopt a 70% agreement, 100% commitment attitude. DOCUMENTATION Build high quality roadmaps, strategies, standards, and procedures to publicize the work of the department and develop the knowledge of others.

CONTINUOUS IMPROVEMENT Organize continuous improvement efforts by understanding staff insights and concerns and creating a pipeline of change.

Maintains a keen eye on opportunities to improve patch effectiveness, efficiency, compliancy, or cost savings. Drive resolutions to production.

CHANGE MANAGEMENT Learn and follow the change management process. Independently test and implement changes in the environment while informing others.

SUBJECT MATTER EXPERT Act as an expert support resource for multiple server / desktop technology stack components. Assist and mentor system administrators and technicians to foster personal growth and accountability.

Bachelor's Degree and 6 years of experience in Systems engineer and systems programmer OR High School Diploma or GED and 10 years of experience in Systems engineer and systems programmer Preferred Qualifications Bachelor's degree and / or some relevant work experience in patching, vulnerability remediation and system / network administration is preferred Minimum of 5 years hands on experience with WSUS, SCCM, AD, scripting Advanced knowledge of Windows 10 / 11 Exposure with vulnerability Management Tools like Qualys etc.

Ivanti Patch Management for SCCM Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports Working knowledge and demonstrated expertise with the Microsoft Windows operating system Demonstrate verbal, written, and interpersonal skills Ability to work independently or as a member of a technical team Self-motivated and be able to produce and perform with minimal supervision as well Experience Scripting with PowerShell and Bash experience preferred Analytical and problem-solving skills for troubleshooting are required Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.

Familiarity with issue / ticket tracking systems (Jira, ServiceNow, etc.) Strong understanding of and experience in Windows Engineering and Windows Modern Management technologies (SCCM / OSD / WSUS / Intune MEM / Autopilot, Azure, AWS) The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirements Proficiency in scripting of packaged installation of patches, software, and configuration changes Advanced knowledge of infrastructure foundation including DNS, DHCP, VDI, SQL Server, Oracle, Mongo, Postgres, IIS, Apache, SAN, Hyper-Converged, LAN, WLAN, VLAN, OSI model, TCP / IP, VPN, firewalls, PKI and / or AWS Demonstrated ability to communicate effectively to business and technical audiences.

Demonstrated self-motivated work ethic and lifelong learner First Citizens benefits programs are designed to meet our associates where they are in life.

Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined.

More information regarding our benefits offerings can be found here : benefits.