Patch Management Engineer

We're looking for a hands-on Patch Management Engineer to own end to end vulnerability remediation across servers, endpoints, and cloud workloads. You'll partner with IT, Security, and application owners to keep our environment current, secure, and compliant by driving patch orchestration, asset visibility, and risk-based prioritization.

What You'll Do

Patch Management

• Design, implement, and operate patching cycles for Windows, macOS, Linux, and third party applications.

• Build deployment rings, pilot groups, and maintenance windows; handle rollback strategies and post patch validation.

• Automate patch approvals, scheduling, and reporting using enterprise tools (e.g., ActionOne/Action1, Microsoft SCCM/MECM, K21, or equivalent platforms).

• Maintain patch baselines and hardening standards aligned to security policies and regulatory requirements.

Asset Management

• Maintain accurate inventory of hardware and software assets; ensure CMDB/asset repository health (ownership, criticality, lifecycle).

• Map assets to business services and patch groups; reconcile discovery data with endpoint management tooling.

• Track EOL/EOS software and OS versions; coordinate upgrades/migrations.

Risk Management

• Correlate vulnerability intelligence (e.g., CVEs, CVSS, KEV lists) with asset context to prioritize remediation.

• Define SLAs based on risk tiers; monitor adherence and escalate exceptions.

• Partner with SecOps to integrate patching into the vulnerability management program and incident response playbooks.

• Report risk reduction metrics, exposure windows, and remediation progress to stakeholders.

Operations & Continuous Improvement

• Develop and maintain runbooks, standard operating procedures, and knowledge base articles.

• Troubleshoot patch failures, deployment anomalies, and agent health issues.

• Drive automation and reliability via scripting (e.g., PowerShell is a plus) and API integrations.

• Collaborate with App Owners to coordinate application-aware patching (IIS/SQL middleware, drivers, etc.).

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:

Required Skills & Experience

• 3-5+ years in endpoint/server management, patching, or vulnerability remediation.

• Hands-on experience with any enterprise patch management system (e.g., ActionOne/Action1, SCCM/MECM, K21, Intune, WSUS, Tanium, Ivanti, BigFix, or similar).

• Strong understanding of operating system update mechanisms (Windows Update, yum/apt, Homebrew, etc.) and third-party software patching.

• Practical knowledge of Asset Management (inventory accuracy, CMDB relationships, lifecycle) and Risk Management (CVEs/CVSS, prioritization, SLAs).

• Experience planning patch windows, piloting, rollbacks, and change management in production environments.

• Excellent documentation, stakeholder communication, and cross-functional coordination skills.

Nice to Have Skills & Experience

• PowerShell scripting for automation (reporting, compliance checks, remediation tasks); Python/Bash a plus.

• Experience with vulnerability scanners (e.g., Tenable, Qualys, Rapid7) and integrating scan outputs with patch workflows.

• Familiarity with Intune, Azure AD, Group Policy, and endpoint configuration baselines.

• Knowledge of compliance frameworks (CIS, NIST, ISO 27001, PCI, SOX, HIPAA) and audit readiness.

• Exposure to cloud workload patching (Azure/AWS), container base image updates, and CI/CD hygiene.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.