OverviewThis is a remote role that may only be hired in the following location(s): AZ, NC, NJOur Patch Management and Governance team requires a highly experienced Senior Infrastructure Engineer responsible for driving engineering, automation and support for security and application patching in the Technology area. An ideal candidate will be a highly skilled full stack infrastructure engineer with experience in Modern Device Management and automation protecting every endpoint - workstations, laptops, virtual devices and more.As the Patch Management Engineer, you'll provide assessment including security, system, and business impact. MEMCM, WSUS and Bigfix administration should be strong skills that you possess.Our Technology StackWindows 10 /11Microsoft Endpoint Manager Configuration Manager (MEMCM) with MDT-based Operating System Deployment (OSD), WSUS, Internet-based Client Management through IBCM and CMG, software deploymentPatchMyPC for third party application patchingOffice365 with Azure Active Directory hybrid join conditional access, Office ProPlus, and a variety of modern applications.Active Directory on-premises with group policyQualys vulnerability management toolsPowerShellPatch Management, USMT, Asset Intelligence, PC Hardware Management (Devices, Drivers, Firmware)Ivanti Patch Management for SCCMWorking knowledge and demonstrated expertise in using SQL database products and customizing and creating web reportsResponsibilitiesPATCH COMPLIANCEIdentify, assess, and Deploy patches as made available by the vendor for all in scope workstation assets - Laptops and Desktops running Windows Operating SystemPrimary responsibility will be focused on Patch management and delivering operating system and software updates via System Center Configuration Manager and reporting to management on progress.Manage, administer and update SUGs and ADRs for patch deployments of workstation patches.Validate successful patch deployments and systems patch compliance statuses post deployment.Regularly review and cleanup outdated, unnecessary patches from MEMCM repository.Utilize WSUS environment for approving, declining, and managing patches.Provide support & technical leadership to front-end Patch Technicians assisting with patch deployment issues and resolution.Identify, understand and collaborate with OEM/Vendors to resolve patch related issues with patching and remediation activitiesDocument installation and configuration procedures related to patch managementAssists the Infrastructure teams with testing, packaging, and deployment of new software releases.Deploys software for service packs or emergency security patches.Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.Act as an escalation point for patch execution / partner team mentoring them and resolving complex scenarios and technical issuesEnsures overall service levels for infrastructure uptimes through patch management standards, firmware upgrades and vendor based advisoryAnalyzes trend data to identify potential patch related issues on various images and assists teams in troubleshooting to implement any resolutions/improvements needed for proactive resolutionDevelops automation scripts and programs to streamline manual patch operations and improve mean time to deliver and first-time right metrics.Assist in implementation during patch maintenance windows and assists in documenting completion of the change.Measures and recommends improvement for patching service levels and success ratesSupports the determination of patches needed as well as implementation of corrective actions by doing thorough due diligencePerform Patch management tasks include maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.VULNERABILITY REMEDIATION - Must be skilled in vulnerability assessment, asset-based remediation planning and execution.PATCH AUTOMATION - Design, build, test, and deploy scripting and automation to reduce the effort required to deploy security patches and support. Align solutions with the existing technology stack to provide seamless delivery.ACTIVE DIRECTORY -Possess working knowledge of Active Directory administration, including advanced understanding of delegation, logging, replication, authentication protocols and management techniques/tools.TEAM PLAYER - Act as a team player supporting peers, department management and business unit leadership to fulfill operational service levels, department initiatives and project deliverables. Believe in and adopt a "70% agreement, 100% commitment" attitude.DOCUMENTATION - Build high quality roadmaps, strategies, standards, and procedures to publicize the work of the department and develop the knowledge of others.CONTINUOUS IMPROVEMENT - Organize continuous improvement efforts by understanding staff insights and concerns and creating a pipeline of change. Maintains a keen eye on opportunities to improve patch effectiveness, efficiency, compliancy, or cost savings. Drive resolutions to production.CHANGE MANAGEMENT - Learn and follow the change management process. Independently test and implement changes in the environment while informing others.SUBJECT MATTER EXPERT - Act as an expert support resource for multiple server/ desktop technology stack components. Assist and mentor system administrators and technicians to foster personal growth and accountability.QualificationsBachelor's Degree and 6 years of experience in Systems engineer and systems programmer OR High School Diploma or GED and 10 years of experience in Systems engineer and systems programmerPreferred QualificationsBachelor's degree and/or some relevant work experience in patching, vulnerability remediation and system/network administration is preferredMinimum of 5 years hands on experience with WSUS, SCCM, AD, scriptingAdvanced knowledge of Windows 10 /11Exposure with vulnerability Management Tools like Qualys etc.Ivanti Patch Management for SCCMWorking knowledge and demonstrated expertise in using SQL database products and customizing and creating web reportsWorking knowledge and demonstrated expertise with the Microsoft Windows operating systemDemonstrate verbal, written, and interpersonal skillsAbility to work independently or as a member of a technical teamSelf-motivated and be able to produce and perform with minimal supervision as wellExperience Scripting with PowerShell and Bash experience preferredAnalytical and problem-solving skills for troubleshooting are requiredFamiliarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.)Familiarity with issue/ticket tracking systems (Jira, ServiceNow, etc.)Strong understanding of and experience in Windows Engineering and Windows Modern Management technologies (SCCM / OSD / WSUS / Intune MEM / Autopilot, Azure, AWS)The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirementsProficiency in scripting of packaged installation of patches, software, and configuration changesAdvanced knowledge of infrastructure foundation including DNS, DHCP, VDI, SQL Server, Oracle, Mongo, Postgres, IIS, Apache, SAN, Hyper-Converged, LAN, WLAN, VLAN, OSI model, TCP/IP, VPN, firewalls, PKI and/or AWSDemonstrated ability to communicate effectively to business and technical audiences.Demonstrated self-motivated work ethic and lifelong learnerFirst Citizens benefits programs are designed to meet our associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. More information regarding our benefits offerings can be found here: Citizens Bank is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race (including traits historically associated with race, such as hair texture and protective hairstyles), color, religion, national origin, sex, age, disability, protected veteran status, sexual orientation, gender identity, genetic information, military membership, application, or obligation, or any other legally protected status.