Enterprise Infrastructure Patch and Security Engineer

Purpose of this role Reduce security risk and maintain patch compliance across Infrastructure Services using approved tooling and processes (Windows Server, Enterprise Linux, cloud/on‑prem, network devices, and assets in scope).

What You’ll Do

• Own Security Remediation Program management aligned to Security’s findings (Critical/High/Medium).
• Plan, schedule, and execute monthly OS patching (Windows/Linux) with canaries, maintenance windows, and rollback.
• Run zero-day/out‑of‑band patching with expedited assessment and change controls.
• Deliver extended remediations (cipher/protocol, file rights, 3rd‑party updates) and coordinate vendor engagement.
• Operate tooling: MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, Venafi; perform manual deployments where required.
• Manage quarterly component updates and certificate lifecycle (PKI/DigiCert), including self‑signed to PKI migration feasibility.
• Publish compliance reports, audit artifacts, and governance updates; chair weekly Security–Infrastructure standups.

What You’ll Bring

• 5+ years in infrastructure security/patch management across Windows Server & Enterprise Linux (RHEL/others).
• Hands‑on experience with MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, Venafi/PKI.
• Strong ITIL change & incident management, CMDB updates, compliance reporting.
• Scripting skills (PowerShell/Bash/Python), canary strategies, rollback procedures.
• Nice‑to‑have: ITIL v4, Security+, RHCSA/RHCE, Microsoft Certified, CCNA/CCNP, GIAC/GVM.