First Citizens
Systems Engineer III - Patch Management
First Citizens, Trenton, New Jersey, United States,
Overview
This is a remote role that may only be hired in the following location(s): AZ, NC, NJ.Our Patch Management and Governance team requires a highly experienced Senior Infrastructure Engineer responsible for driving engineering, automation and support for security and application patching in the Technology area. An ideal candidate will be a highly skilled full stack infrastructure engineer with experience in Modern Device Management and automation protecting every endpoint - workstations, laptops, virtual devices and more.As the Patch Management Engineer, you’ll provide assessment including security, system, and business impact. MEMCM, WSUS and Bigfix administration should be strong skills that you possess.Our Technology StackWindows 10 /11Microsoft Endpoint Manager Configuration Manager (MEMCM) with MDT-based Operating System Deployment (OSD), WSUS, Internet-based Client Management through IBCM and CMG, software deploymentPatchMyPC for third party application patchingOffice365 with Azure Active Directory hybrid join conditional access, Office ProPlus, and a variety of modern applications.Active Directory on-premises with group policyQualys vulnerability management toolsPowerShellPatch Management, USMT, Asset Intelligence, PC Hardware Management (Devices, Drivers, Firmware)Ivanti Patch Management for SCCMWorking knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports
Responsibilities
PATCH COMPLIANCEIdentify, assess, and deploy patches as made available by the vendor for all in-scope workstation assets - laptops and desktops running Windows Operating System.Primary responsibility will be focused on patch management and delivering operating system and software updates via System Center Configuration Manager and reporting to management on progress.Manage, administer and update SUGs and ADRs for patch deployments of workstation patches.Validate successful patch deployments and systems patch compliance statuses post deployment.Regularly review and cleanup outdated, unnecessary patches from MEMCM repository.Utilize WSUS environment for approving, declining, and managing patches.Provide support & technical leadership to front-end Patch Technicians assisting with patch deployment issues and resolution.Identify, understand and collaborate with OEM/Vendors to resolve patch related issues with patching and remediation activities.Document installation and configuration procedures related to patch management.Assist the Infrastructure teams with testing, packaging, and deployment of new software releases.Deploy software for service packs or emergency security patches.Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.Act as an escalation point for patch execution / partner team mentoring them and resolving complex scenarios and technical issues.Ensure overall service levels for infrastructure uptimes through patch management standards, firmware upgrades and vendor based advisory.Analyze trend data to identify potential patch related issues on various images and assist teams in troubleshooting to implement any resolutions/improvements needed for proactive resolution.Develop automation scripts and programs to streamline manual patch operations and improve mean time to deliver and first-time right metrics.Assist in implementation during patch maintenance windows and assist in documenting completion of the change.Measure and recommend improvement for patching service levels and success rates.Support the determination of patches needed as well as implementation of corrective actions by doing thorough due diligence.Perform patch management tasks including maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.VULNERABILITY REMEDIATION
- Must be skilled in vulnerability assessment, asset-based remediation planning and execution.PATCH AUTOMATION
– Design, build, test, and deploy scripting and automation to reduce the effort required to deploy security patches and support. Align solutions with the existing technology stack to provide seamless delivery.ACTIVE DIRECTORY
– Possess working knowledge of Active Directory administration, including advanced understanding of delegation, logging, replication, authentication protocols and management techniques/tools.TEAM PLAYER
– Act as a team player supporting peers, department management and business unit leadership to fulfill operational service levels, department initiatives and project deliverables. Believe in and adopt a “70% agreement, 100% commitment” attitude.DOCUMENTATION
– Build high quality roadmaps, strategies, standards, and procedures to publicize the work of the department and develop the knowledge of others.CONTINUOUS IMPROVEMENT
– Organize continuous improvement efforts by understanding staff insights and concerns and creating a pipeline of change. Maintain a keen eye on opportunities to improve patch effectiveness, efficiency, compliance, or cost savings. Drive resolutions to production.CHANGE MANAGEMENT
– Learn and follow the change management process. Independently test and implement changes in the environment while informing others.SUBJECT MATTER EXPERT
– Act as an expert support resource for multiple server/desktop technology stack components. Assist and mentor system administrators and technicians to foster personal growth and accountability.
Qualifications
Bachelor's Degree and 6 years of experience in Systems engineer and systems programmer OR High School Diploma or GED and 10 years of experience in Systems engineer and systems programmer.Preferred QualificationsBachelor's degree and/or some relevant work experience in patching, vulnerability remediation and system/network administration is preferred.Minimum of 5 years hands-on experience with WSUS, SCCM, AD, scripting.Advanced knowledge of Windows 10 /11.Exposure with vulnerability Management Tools like Qualys etc.Ivanti Patch Management for SCCM.Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports.Working knowledge and demonstrated expertise with the Microsoft Windows operating system.Demonstrate verbal, written, and interpersonal skills.Ability to work independently or as a member of a technical team.Self-motivated and be able to produce and perform with minimal supervision as well.Experience Scripting with PowerShell and Bash experience preferred.Analytical and problem-solving skills for troubleshooting are required.Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.).Familiarity with issue/ticket tracking systems (Jira, ServiceNow, etc.).Strong understanding of and experience in Windows Engineering and Windows Modern Management technologies (SCCM / OSD / WSUS / Intune MEM / Autopilot, Azure, AWS).The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirements.Proficiency in scripting of packaged installation of patches, software, and configuration changes.Advanced knowledge of infrastructure foundation including DNS, DHCP, VDI, SQL Server, Oracle, Mongo, Postgres, IIS, Apache, SAN, Hyper-Converged, LAN, WLAN, VLAN, OSI model, TCP/IP, VPN, firewalls, PKI and/or AWS.Demonstrated ability to communicate effectively to business and technical audiences.Demonstrated self-motivated work ethic and lifelong learner.First Citizens benefits programs are designed to meet our associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. More information regarding our benefits offerings can be found here:
https://jobs.firstcitizens.com/benefits .
#J-18808-Ljbffr
This is a remote role that may only be hired in the following location(s): AZ, NC, NJ.Our Patch Management and Governance team requires a highly experienced Senior Infrastructure Engineer responsible for driving engineering, automation and support for security and application patching in the Technology area. An ideal candidate will be a highly skilled full stack infrastructure engineer with experience in Modern Device Management and automation protecting every endpoint - workstations, laptops, virtual devices and more.As the Patch Management Engineer, you’ll provide assessment including security, system, and business impact. MEMCM, WSUS and Bigfix administration should be strong skills that you possess.Our Technology StackWindows 10 /11Microsoft Endpoint Manager Configuration Manager (MEMCM) with MDT-based Operating System Deployment (OSD), WSUS, Internet-based Client Management through IBCM and CMG, software deploymentPatchMyPC for third party application patchingOffice365 with Azure Active Directory hybrid join conditional access, Office ProPlus, and a variety of modern applications.Active Directory on-premises with group policyQualys vulnerability management toolsPowerShellPatch Management, USMT, Asset Intelligence, PC Hardware Management (Devices, Drivers, Firmware)Ivanti Patch Management for SCCMWorking knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports
Responsibilities
PATCH COMPLIANCEIdentify, assess, and deploy patches as made available by the vendor for all in-scope workstation assets - laptops and desktops running Windows Operating System.Primary responsibility will be focused on patch management and delivering operating system and software updates via System Center Configuration Manager and reporting to management on progress.Manage, administer and update SUGs and ADRs for patch deployments of workstation patches.Validate successful patch deployments and systems patch compliance statuses post deployment.Regularly review and cleanup outdated, unnecessary patches from MEMCM repository.Utilize WSUS environment for approving, declining, and managing patches.Provide support & technical leadership to front-end Patch Technicians assisting with patch deployment issues and resolution.Identify, understand and collaborate with OEM/Vendors to resolve patch related issues with patching and remediation activities.Document installation and configuration procedures related to patch management.Assist the Infrastructure teams with testing, packaging, and deployment of new software releases.Deploy software for service packs or emergency security patches.Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.Act as an escalation point for patch execution / partner team mentoring them and resolving complex scenarios and technical issues.Ensure overall service levels for infrastructure uptimes through patch management standards, firmware upgrades and vendor based advisory.Analyze trend data to identify potential patch related issues on various images and assist teams in troubleshooting to implement any resolutions/improvements needed for proactive resolution.Develop automation scripts and programs to streamline manual patch operations and improve mean time to deliver and first-time right metrics.Assist in implementation during patch maintenance windows and assist in documenting completion of the change.Measure and recommend improvement for patching service levels and success rates.Support the determination of patches needed as well as implementation of corrective actions by doing thorough due diligence.Perform patch management tasks including maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.VULNERABILITY REMEDIATION
- Must be skilled in vulnerability assessment, asset-based remediation planning and execution.PATCH AUTOMATION
– Design, build, test, and deploy scripting and automation to reduce the effort required to deploy security patches and support. Align solutions with the existing technology stack to provide seamless delivery.ACTIVE DIRECTORY
– Possess working knowledge of Active Directory administration, including advanced understanding of delegation, logging, replication, authentication protocols and management techniques/tools.TEAM PLAYER
– Act as a team player supporting peers, department management and business unit leadership to fulfill operational service levels, department initiatives and project deliverables. Believe in and adopt a “70% agreement, 100% commitment” attitude.DOCUMENTATION
– Build high quality roadmaps, strategies, standards, and procedures to publicize the work of the department and develop the knowledge of others.CONTINUOUS IMPROVEMENT
– Organize continuous improvement efforts by understanding staff insights and concerns and creating a pipeline of change. Maintain a keen eye on opportunities to improve patch effectiveness, efficiency, compliance, or cost savings. Drive resolutions to production.CHANGE MANAGEMENT
– Learn and follow the change management process. Independently test and implement changes in the environment while informing others.SUBJECT MATTER EXPERT
– Act as an expert support resource for multiple server/desktop technology stack components. Assist and mentor system administrators and technicians to foster personal growth and accountability.
Qualifications
Bachelor's Degree and 6 years of experience in Systems engineer and systems programmer OR High School Diploma or GED and 10 years of experience in Systems engineer and systems programmer.Preferred QualificationsBachelor's degree and/or some relevant work experience in patching, vulnerability remediation and system/network administration is preferred.Minimum of 5 years hands-on experience with WSUS, SCCM, AD, scripting.Advanced knowledge of Windows 10 /11.Exposure with vulnerability Management Tools like Qualys etc.Ivanti Patch Management for SCCM.Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports.Working knowledge and demonstrated expertise with the Microsoft Windows operating system.Demonstrate verbal, written, and interpersonal skills.Ability to work independently or as a member of a technical team.Self-motivated and be able to produce and perform with minimal supervision as well.Experience Scripting with PowerShell and Bash experience preferred.Analytical and problem-solving skills for troubleshooting are required.Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.).Familiarity with issue/ticket tracking systems (Jira, ServiceNow, etc.).Strong understanding of and experience in Windows Engineering and Windows Modern Management technologies (SCCM / OSD / WSUS / Intune MEM / Autopilot, Azure, AWS).The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirements.Proficiency in scripting of packaged installation of patches, software, and configuration changes.Advanced knowledge of infrastructure foundation including DNS, DHCP, VDI, SQL Server, Oracle, Mongo, Postgres, IIS, Apache, SAN, Hyper-Converged, LAN, WLAN, VLAN, OSI model, TCP/IP, VPN, firewalls, PKI and/or AWS.Demonstrated ability to communicate effectively to business and technical audiences.Demonstrated self-motivated work ethic and lifelong learner.First Citizens benefits programs are designed to meet our associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. More information regarding our benefits offerings can be found here:
https://jobs.firstcitizens.com/benefits .
#J-18808-Ljbffr