Software Patching and Lifecycle Management Engineer III

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Computer Engineering, Electrical Engineering, or a related field; or equivalent relevant work experience.
• 3–7 years in patch management, systems engineering, OT support, cybersecurity operations, vulnerability management, or a related technical field.
• Strong hands‑on experience administering Windows and Linux systems.
• Experience supporting patching and lifecycle maintenance in offline, air‑gapped, or restricted environments, including maintaining offline update repositories for Windows and Linux.
• Experience executing and interpreting vulnerability scans, including CVE analysis, severity scoring, exploitability assessment, remediation tracking, and closure verification.
• Familiarity with Active Directory, Group Policy, Windows Remote Management (WinRM), and WSUS in domain environments.
• Proficiency with PowerShell, Python, and/or Bash for automation, reporting, and operational support.
• Experience supporting virtualization platforms such as VMware and related infrastructure.
• Experience with endpoint management tools such as Tanium, including scripting and/or package deployment (preferred).
• Experience supporting operational technology (OT), industrial control systems (ICS), or critical infrastructure environments.
• Familiarity with vulnerability management workflows, least privilege, secure update handling, audit documentation, and risk acceptance processes.
• Knowledge of NERC CIP or other regulated cybersecurity requirements (preferred).
• Strong troubleshooting, root cause analysis, and problem-solving skills.
• Ability to produce clear technical documentation (procedures, validation records, reports, release notes) and customer‑facing guidance/correspondence; ability to present technical information and respond to questions from managers, customers, and field personnel.
• Strong organizational and time‑management skills, including managing recurring deliverables and remediation tracking.
• Experience supporting customers remotely and onsite in production environments.
• Flexibility to work outside standard business hours to support maintenance windows.
• Ability to travel up to 20%.

Nice To Haves

• Experience with endpoint management tools such as Tanium, including scripting and/or package deployment
• Knowledge of NERC CIP or other regulated cybersecurity requirements

Responsibilities

• Demonstrates our core competencies: Action oriented, change champion, customer-focused, developing self & others, and ownership
• Assess and validate patch applicability by reviewing OS patches, hotfixes, firmware updates, antivirus definitions, and third‑party releases for use in OT and control system environments.
• Perform patch validation and testing in lab environments to confirm compatibility, cybersecurity impact, and operational safety prior to deployment.
• Execute patch deployment for Windows and Linux systems in accordance with defined schedules, maintenance windows, and change management processes.
• Conduct vulnerability scanning and analysis, evaluating CVEs, severity, and exploitability to determine remediation actions or risk disposition.
• Coordinate and track remediation activities with system owners, field teams, and customers, validating fixes through re‑scan or functional verification.
• Develop and maintain patch deployment packages for offline, air‑gapped, and restricted environments, including secure distribution methods.
• Administer centralized patch management tools (e.g., WSUS) and support associated reporting and tracking workflows.
• Develop and utilize automation and scripting tools (PowerShell, Python, Bash) to support patching, validation, reporting, and system health checks.
• Support lifecycle maintenance of virtualized environments (e.g., VMware ESXi, Proxmox), including coordination of patching activities and validation.
• Troubleshoot patching and scanning issues, performing root cause analysis and coordinating resolution with internal teams or vendors.
• Maintain comprehensive technical documentation, including procedures, validation records, vulnerability evidence, release notes, and customer guidance.
• Document patch decisions and risk posture, including approved/deferred patches, known issues, incompatibilities, and mitigation strategies.
• Support configuration and change management processes, including backup, rollback, and recovery planning.
• Support compliance and audit readiness, including documentation and evidence collection for regulated environments (e.g., NERC CIP).
• Collaborate cross‑functionally with engineering, cybersecurity, infrastructure, product management, and field service teams to align priorities and release timing.
• Provide remote and on‑site support for customer patching, vulnerability remediation, lifecycle maintenance, and system recovery activities.
• Drive continuous improvement initiatives to enhance patch quality, operational efficiency, and cybersecurity posture.
• Ensure adherence to company policies, cybersecurity standards, safety requirements, and customer expectations.

Benefits

• Medical
• Dental
• Vision
• 401K Matching
• Excellent development programs and advancement opportunities
• Tuition reimbursement
• On-the-job training
• Paid vacation
• Sick time
• Holidays