Overview
Skills
Job Details
Key Responsibilities
Provide strategic oversight of the Patch Compliance Engineering team, including task prioritization, technical direction, and remediation governance
Serve as Product Owner for patching toolsets and lead coordination with internal teams and external vendors
Approve and oversee large-scale patching jobs across global endpoint fleets, ensuring operational readiness and alignment with risk priorities
Develop and implement continuous improvement strategies to streamline tooling, reporting, and remediation processes
Manage vendor relationships for patch tooling and remediation platforms
Act as a liaison to key teams including Cybersecurity, VMS, Global Infrastructure, SCCM-OSD, LPN, and Intune-Autopilot
Drive regular executive reporting on compliance status, risk posture, and roadmap initiatives
Patch Engineering Team Focus Areas (Under Your Leadership)
1. Proactive Remediation
Auto-update enablement for third-party and end-of-life software
Attack surface reduction strategies
Implementation of controls to block known bad software from reintroduction
2. Advanced Reporting & Analysis
Patch applicability and gap analysis using Qualys
Trend tracking and compliance history
Coordination with CXO/Contact Center teams to identify reimage candidates
3. Active Patching Execution
Mastery of enterprise toolsets to manage patch lifecycle across categories:
Vulnerability Reporting: Qualys (for scanning, prioritization, and remediation insight)
Windows OS Patching: Windows Autopatch, SCCM
Microsoft Office Patching: Cloud Update, SCCM
Third-Party Application Patching:
PatchMyPC, Qualys VMDR, SCCM, Nexthink
Build and configure baseline patch packages, pre-/post-patch scripting, and automation workflows
Optimize query logic and targeting in tooling to reduce deployment failures and improve accuracy
Required Qualifications
10+ years of experience in endpoint security, vulnerability remediation, or IT compliance in large-scale enterprise environments
Strong expertise with SCCM, Microsoft Intune, Windows Autopatch, and third-party patching tools such as PatchMyPC, Nexthink, and Qualys VMDR
Proven ability to lead or oversee patch engineering teams, including performance coaching and remediation governance
Advanced scripting skills (e.g., PowerShell, Python) and automation best practices
Hands-on experience with vulnerability platforms such as Qualys for prioritization and reporting
Excellent communication and reporting skills with the ability to engage and brief executive leadership
Strong track record of process optimization and cross-functional collaboration
Preferred Qualifications
Experience at Big 4 firms, global consulting organizations, or large regulated enterprise environments
Familiarity with GenAI or automation frameworks for improving patch workflows or security posture
Knowledge of GRC frameworks such as NIST, ISO 27001, or CIS Controls
Experience with SCCM-to-Intune modernization programs and endpoint lifecycle management
Familiarity with enterprise reimaging, OS deployment, and vulnerability management workflows