"Alerted.org

Job Description

We’re looking for a hands-on Patch Management Engineer to own end to end vulnerability remediation across servers, endpoints, and cloud workloads. You’ll partner with IT, Security, and application owners to keep our environment current, secure, and compliant by driving patch orchestration, asset visibility, and risk-based prioritization.

What You’ll Do

Patch Management

• Design, implement, and operate patching cycles for Windows, macOS, Linux, and third party applications.

• Build deployment rings, pilot groups, and maintenance windows; handle rollback strategies and post patch validation.

• Automate patch approvals, scheduling, and reporting using enterprise tools (e.g., ActionOne/Action1, Microsoft SCCM/MECM, K21, or equivalent platforms).

• Maintain patch baselines and hardening standards aligned to security policies and regulatory requirements.

Asset Management

• Maintain accurate inventory of hardware and software assets; ensure CMDB/asset repository health (ownership, criticality, lifecycle).

• Map assets to business services and patch groups; reconcile discovery data with endpoint management tooling.

• Track EOL/EOS software and OS versions; coordinate upgrades/migrations.

Risk Management

• Correlate vulnerability intelligence (e.g., CVEs, CVSS, KEV lists) with asset context to prioritize remediation.

• Define SLAs based on risk tiers; monitor adherence and escalate exceptions.

• Partner with SecOps to integrate patching into the vulnerability management program and incident response playbooks.

• Report risk reduction metrics, exposure windows, and remediation progress to stakeholders.

Operations & Continuous Improvement

• Develop and maintain runbooks, standard operating procedures, and knowledge base articles.

• Troubleshoot patch failures, deployment anomalies, and agent health issues.

• Drive automation and reliability via scripting (e.g., PowerShell is a plus) and API integrations.

• Collaborate with App Owners to coordinate application-aware patching (IIS/SQL middleware, drivers, etc.).

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• 3–5+ years in endpoint/server management, patching, or vulnerability remediation.

• Hands-on experience with any enterprise patch management system (e.g., ActionOne/Action1, SCCM/MECM, K21, Intune, WSUS, Tanium, Ivanti, BigFix, or similar).

• Strong understanding of operating system update mechanisms (Windows Update, yum/apt, Homebrew, etc.) and third‑party software patching.

• Practical knowledge of Asset Management (inventory accuracy, CMDB relationships, lifecycle) and Risk Management (CVEs/CVSS, prioritization, SLAs).

• Experience planning patch windows, piloting, rollbacks, and change management in production environments.

• Excellent documentation, stakeholder communication, and cross‑functional coordination skills. • PowerShell scripting for automation (reporting, compliance checks, remediation tasks); Python/Bash a plus.

• Experience with vulnerability scanners (e.g., Tenable, Qualys, Rapid7) and integrating scan outputs with patch workflows.

• Familiarity with Intune, Azure AD, Group Policy, and endpoint configuration baselines.

• Knowledge of compliance frameworks (CIS, NIST, ISO 27001, PCI, SOX, HIPAA) and audit readiness.

• Exposure to cloud workload patching (Azure/AWS), container base image updates, and CI/CD hygiene.