Enterprise Infrastructure Patch and Security Engineer

Reduce security risk and maintain patch compliance across Infrastructure Services using approved tooling and processes (Windows Server, Enterprise Linux, cloud/on-prem, network devices, and assets in scope). What You'll Do

• Own Security Remediation Program management aligned to Security's findings (Critical/High/Medium).
• Plan, schedule, and execute monthly OS patching (Windows/Linux) with canaries, maintenance windows, and rollback.
• Run zero-day/out-of-band patching with expedited assessment and change controls.
• Deliver extended remediations (cipher/protocol, file rights, 3rd-party updates) and coordinate vendor engagement.
• Operate tooling: MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, Venafi; perform manual deployments where required.
• Manage quarterly component updates and certificate lifecycle (PKI/DigiCert), including self-signed to PKI migration feasibility.
• Publish compliance reports, audit artifacts, and governance updates; chair weekly Security-Infrastructure standups.
• Maintain strong communication across IT teams, upholding established procedures, and helping drive continuous improvement in service performance and end-user satisfaction

• 7-8+ years in infrastructure security/patch management across Windows Server & Enterprise Linux (RHEL/others).
• Hands-on experience with MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, Venafi/PKI.
• Strong ITIL change & incident management, CMDB updates, compliance reporting.
• Scripting skills (PowerShell/Bash/Python), canary strategies, rollback procedures.
• Nice-to-have: ITIL v4, Security+, RHCSA/RHCE, Microsoft Certified, CCNA/CCNP, GIAC/GVM.