Patching and Systems Administrator II (Systems Administrator 2) 27107

About The Position

Requirements

• Security Clearance: No clearance required at start but could be processed for a clearance in the future; U.S. Citizenship required
• 3 years relevant experience with Bachelors in related field; 1-year relevant experience with Masters in related field; or High School Diploma or equivalent and 7 years relevant experience.
• Minimum 5 years of progressive Windows Server administration experience
• Minimum 3 years of dedicated patch management experience in enterprise environments
• Experience managing Windows-based environments with multiple servers and services
• Proven track record of implementing large-scale patching and automation projects
• Experience with change management and ITIL processes
• Experience managing patching for environments with 500+ systems
• Excellent problem-solving and analytical abilities
• Strong communication skills, both written and verbal, with ability to explain technical concepts to non-technical stakeholders
• Ability to work independently and as part of a team
• Strong organizational skills and attention to detail
• Ability to manage multiple priorities in a fast-paced environment
• Strong project management skills for coordinating complex patching cycles
• Ability to work under pressure during critical patching events
• Strong sense of urgency for security vulnerability remediation
• 5+ years of hands-on experience administering Windows Server systems in enterprise environments
• 3+ years of dedicated experience in enterprise patch management operations
• Expert-level knowledge of Windows Server (2016/2019/2022)
• Strong proficiency with Active Directory, Group Policy, and domain services
• Demonstrated experience with Windows desktop administration (Windows 10/11)
• Extensive experience with enterprise patch management tools such as WSUS, SCCM, BatchPatch, Ivanti, or similar solutions
• 3+ years of production experience with PowerShell, including script development, modules, and advanced automation
• Experience with PowerShell Desired State Configuration (DSC) for configuration management
• Strong understanding of patch management methodologies, testing procedures, and rollback strategies
• Advanced knowledge of scripting (PowerShell, Batch, VBScript)
• Experience with Windows package management (Chocolatey, winget)
• Strong understanding of networking concepts (TCP/IP, DNS, DHCP, routing, firewalls)
• Experience with virtualization technologies (Hyper-V, VMware, or similar)
• Proficiency with version control systems (Git, Azure DevOps, GitHub)
• Experience with monitoring tools (SCOM, Nagios, Zabbix, or similar)
• Knowledge of vulnerability management tools (Nessus, Qualys, Tenable, Rapid7, or similar)
• Experience with ticketing systems (ServiceNow, Jira, or similar)

Nice To Haves

• Microsoft Certified: Windows Server Hybrid Administrator Associate or higher
• Microsoft Certified: Azure Administrator Associate
• Microsoft Certified: Security Operations Analyst Associate
• Microsoft Endpoint Configuration Manager (SCCM) certification
• Certified Information Systems Security Professional (CISSP) or Security+ certification
• Experience with Microsoft Endpoint Configuration Manager (SCCM/ConfigMgr) for patch management
• Experience with Microsoft Intune for modern device management
• Experience with Azure Update Management or Azure Automation
• Experience with containerization technologies (Docker, Kubernetes)
• Knowledge of cloud platforms (Azure, AWS, or GCP)
• Experience with CI/CD pipelines and DevOps practices
• Familiarity with storage technologies (SAN, NAS, Storage Spaces Direct)
• Experience with infrastructure as code tools (Terraform, ARM templates)
• ITIL Foundation or similar change management certification
• Experience with Linux systems administration is a plus

Responsibilities

• Plan, schedule, and execute enterprise-wide patch management cycles using WSUS, SCCM, or similar enterprise patching tools across Windows Server environments
• Develop and maintain comprehensive patch management policies, procedures, and schedules to minimize security vulnerabilities and ensure compliance
• Coordinate monthly and quarterly patching windows, ensuring minimal disruption to business operations while maintaining security posture
• Test patches in non-production environments before deploying to production systems to prevent system disruptions and compatibility issues
• Monitor patch deployment status continuously, identifying failed deployments, and taking immediate corrective actions
• Integrate patching workflows with PowerShell and Group Policy for automated, orchestrated updates across Windows environments
• Troubleshoot failed patch deployments and develop comprehensive remediation strategies
• Maintain and update system baselines and gold images with current patches
• Design, implement, and maintain enterprise Windows Server systems (2016/2019/2022)
• Administer Active Directory, Group Policy, and domain services in an enterprise environment
• Perform system installations, configurations, upgrades, and maintenance across all Windows platforms
• Monitor system performance, troubleshoot issues, and implement solutions to ensure optimal uptime and availability
• Manage user accounts, permissions, and security policies across Windows environments
• Maintain system documentation including patch histories, configuration changes, and system inventories
• Design, develop, and maintain PowerShell scripts and modules for system provisioning, configuration, patch deployment, and orchestration
• Implement Desired State Configuration (DSC) for automated configuration management and patch automation
• Implement infrastructure as code (IaC) principles using PowerShell DSC and Group Policy across Windows environments
• Develop and maintain automation scripts using PowerShell, Batch, or VBScript to streamline patching and system management processes
• Automate patch testing, validation, and rollback procedures
• Create and maintain system documentation, runbooks, and standard operating procedures
• Optimize and troubleshoot existing automation workflows for improved efficiency and reliability
• Implement and maintain security hardening standards across Windows Server systems using Group Policy and PowerShell DSC
• Conduct regular security audits and vulnerability assessments
• Ensure timely deployment of security patches within defined SLAs to minimize vulnerabilities
• Ensure compliance with industry standards and regulatory requirements (PCI-DSS, HIPAA, SOX, etc.)
• Monitor and respond to security vulnerabilities identified through scanning tools (Nessus, Qualys, Tenable, etc.)
• Maintain detailed records of security incidents, patch activities, response actions, and lessons learned
• Coordinate with security and compliance teams for audit preparation and remediation activities
• Continuously monitor patch deployment status across all systems
• Configure and maintain alerting for failed patches, system health issues, and security vulnerabilities
• Generate and distribute regular patch compliance reports to leadership and stakeholders
• Track and report on patch management KPIs and metrics
• Maintain compliance dashboards and vulnerability trending reports

Benefits

• We offer competitive benefits such as best-in-class medical, dental and vision plan choices; wellness resources; employee assistance programs; Savings Plan Options (401(k)); financial planning tools, life insurance; employee discounts; paid holidays and paid time off; tuition reimbursement; as well as early childhood and post-secondary education scholarships.