We are seeking a highly skilled Lead Infrastructure Security & Patch Management Engineer to reduce security risk and maintain patch compliance across Infrastructure Services. This role is responsible for managing enterprise-wide remediation efforts using approved tools and processes across Windows Server, Enterprise Linux, cloud and on-prem environments, network devices, and other in-scope assets.

Key Responsibilities

• Own and manage the Security Remediation Program, ensuring alignment with Security findings (Critical, High, Medium).
• Plan, schedule, and execute monthly operating system patching for Windows and Linux environments, including canary deployments, defined maintenance windows, and rollback strategies.
• Lead zero-day and out-of-band patching efforts with expedited risk assessment and adherence to change control processes.
• Deliver extended remediation activities, including updates to ciphers, protocols, file permissions, and third-party applications; coordinate with vendors as needed.
• Administer and operate enterprise patching and security tooling, including MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, and Venafi, with manual deployments when required.
• Manage quarterly component updates and oversee certificate lifecycle processes (PKI/DigiCert), including feasibility analysis for migrations from self-signed to PKI certificates.
• Develop and publish compliance reports, audit documentation, and governance updates.
• Facilitate and lead weekly Security–Infrastructure standups to track remediation progress and address risks.

Required Qualifications

• 5+ years of experience in infrastructure security and patch management.
• Strong expertise in Windows Server and Enterprise Linux environments (e.g., RHEL).
• Hands-on experience with enterprise tools such as MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, and Venafi/PKI.
• Solid understanding of ITIL processes, including change management, incident management, and CMDB maintenance.
• Experience with compliance reporting and audit support.
• Scripting proficiency in PowerShell, Bash, or Python.
• Demonstrated experience with canary deployments and rollback procedures.