Back to search
All Lines Technology Linkedin · Posted 26d ago

Lead Enterprise Infrastructure Patch & Security Engineer

Hermitage

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

We are seeking a highly skilled Lead Infrastructure Security & Patch Management Engineer to reduce security risk and maintain patch compliance across Infrastructure Services. This role is responsible for managing enterprise-wide remediation efforts using approved tools and processes across Windows Server, Enterprise Linux, cloud and on-prem environments, network devices, and other in-scope assets.

Key Responsibilities

  • Own and manage the Security Remediation Program, ensuring alignment with Security findings (Critical, High, Medium).
  • Plan, schedule, and execute monthly operating system patching for Windows and Linux environments, including canary deployments, defined maintenance windows, and rollback strategies.
  • Lead zero-day and out-of-band patching efforts with expedited risk assessment and adherence to change control processes.
  • Deliver extended remediation activities, including updates to ciphers, protocols, file permissions, and third-party applications; coordinate with vendors as needed.
  • Administer and operate enterprise patching and security tooling, including MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, and Venafi, with manual deployments when required.
  • Manage quarterly component updates and oversee certificate lifecycle processes (PKI/DigiCert), including feasibility analysis for migrations from self-signed to PKI certificates.
  • Develop and publish compliance reports, audit documentation, and governance updates.
  • Facilitate and lead weekly Security–Infrastructure standups to track remediation progress and address risks.

Required Qualifications

  • 5+ years of experience in infrastructure security and patch management.
  • Strong expertise in Windows Server and Enterprise Linux environments (e.g., RHEL).
  • Hands-on experience with enterprise tools such as MECM/SCCM, Ansible, Rapid7, Ivanti ITSM, Cisco DNA, Panorama, and Venafi/PKI.
  • Solid understanding of ITIL processes, including change management, incident management, and CMDB maintenance.
  • Experience with compliance reporting and audit support.
  • Scripting proficiency in PowerShell, Bash, or Python.
  • Demonstrated experience with canary deployments and rollback procedures.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent