Systems Engineer III - Patch Management, First Citizens Bank

Full Details & Application

 Job Description
Overview

This is a remote role that may only be hired in the following location(s): AZ, NC, NJ



Our Patch Management and Governance team requires a highly experienced Senior Infrastructure Engineer responsible for driving engineering, automation and support for security and application patching in the Technology area.  An ideal candidate will be a highly skilled full stack infrastructure engineer with experience in Modern Device Management and automation protecting every endpoint - workstations, laptops, virtual devices and more.


As the Patch Management Engineer, you’ll provide assessment including security, system, and business impact. MEMCM, WSUS and Bigfix administration should be strong skills that you possess.


Our Technology Stack

    Windows 10 /11
    Microsoft Endpoint Manager Configuration Manager (MEMCM) with MDT-based Operating System Deployment (OSD), WSUS, Internet-based Client Management through IBCM and CMG, software deployment
    PatchMyPC for third party application patching
    Office365 with Azure Active Directory hybrid join conditional access, Office ProPlus, and a variety of modern applications.
    Active Directory on-premises with group policy
    Qualys vulnerability management tools
    PowerShell
    Patch Management, USMT, Asset Intelligence, PC Hardware Management (Devices, Drivers, Firmware)
    Ivanti Patch Management for SCCM
    Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports

Responsibilities

PATCH COMPLIANCE

    Identify, assess, and Deploy patches as made available by the vendor for all in scope workstation assets - Laptops and Desktops running Windows Operating System
    Primary responsibility will be focused on Patch management and delivering operating system and software updates via System Center Configuration Manager and reporting to management on progress.
    Manage, administer and update SUGs and ADRs for patch deployments of workstation patches.
    Validate successful patch deployments and systems patch compliance statuses post deployment.
    Regularly review and cleanup outdated, unnecessary patches from MEMCM repository.
    Utilize WSUS environment for approving, declining, and managing patches.
    Provide support & technical leadership to front-end Patch Technicians assisting with patch deployment issues and resolution.
    Identify, understand and collaborate with OEM/Vendors to resolve patch related issues with patching and remediation activities
    Document installation and configuration procedures related to patch management
    Assists the Infrastructure teams with testing, packaging, and deployment of new software releases.
    Deploys software for service packs or emergency security patches.
    Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.
    Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.
    Act as an escalation point for patch execution / partner team mentoring them and resolving complex scenarios and technical issues
    Ensures overall service levels for infrastructure uptimes through patch management standards, firmware upgrades and vendor based advisory
    Analyzes trend data to identify potential patch related issues on various images and assists teams in troubleshooting to implement any resolutions/improvements needed for proactive resolution
    Develops automation scripts and programs to streamline manual patch operations and improve mean time to deliver and first-time right metrics.
    Assist in implementation during patch maintenance windows and assists in documenting completion of the change.
    Measures and recommends improvement for patching service levels and success rates
    Supports the determination of patches needed as well as implementation of corrective actions by doing thorough due diligence
    Perform Patch management tasks include maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.

VULNERABILITY REMEDIATION - Must be skilled in vulnerability assessment, asset-based remediation planning and execution.

PATCH AUTOMATION – Design, build, test, and deploy scripting and automation to reduce the effort required to deploy security patches and support.  Align solutions with the existing technology stack to provide seamless delivery.

ACTIVE DIRECTORY –Possess working knowledge of Active Directory administration, including advanced understanding of delegation, logging, replication, authentication protocols and management techniques/tools.

TEAM PLAYER – Act as a team player supporting peers, department management and business unit leadership to fulfill operational service levels, department initiatives and project deliverables.  Believe in and adopt a “70% agreement, 100% commitment” attitude.

DOCUMENTATION – Build high quality roadmaps, strategies, standards, and procedures to publicize the work of the department and develop the knowledge of others.

CONTINUOUS IMPROVEMENT – Organize continuous improvement efforts by understanding staff insights and concerns and creating a pipeline of change.  Maintains a keen eye on opportunities to improve patch effectiveness, efficiency, compliancy, or cost savings.  Drive resolutions to production.

CHANGE MANAGEMENT – Learn and follow the change management process. Independently test and implement changes in the environment while informing others.

SUBJECT MATTER EXPERT – Act as an expert support resource for multiple server/ desktop technology stack components.  Assist and mentor system administrators and technicians to foster personal growth and accountability.

Qualifications

Bachelor's Degree and 6 years of experience in Systems engineer and systems programmer OR High School Diploma or GED and 10 years of experience in Systems engineer and systems programmer


Preferred Qualifications

    Bachelor's degree and/or some relevant work experience in patching, vulnerability remediation and system/network administration is preferred
    Minimum of 5 years hands on experience with WSUS, SCCM, AD, scripting
    Advanced knowledge of Windows 10 /11
    Exposure with vulnerability Management Tools like Qualys etc.
    Ivanti Patch Management for SCCM
    Working knowledge and demonstrated expertise in using SQL database products and customizing and creating web reports
    Working knowledge and demonstrated expertise with the Microsoft Windows operating system
    Demonstrate verbal, written, and interpersonal skills
    Ability to work independently or as a member of a technical team
    Self-motivated and be able to produce and perform with minimal supervision as well
    Experience Scripting with PowerShell and Bash experience preferred
    Analytical and problem-solving skills for troubleshooting are required
    Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.)
    Familiarity with issue/ticket tracking systems (Jira, ServiceNow, etc.)
    Strong understanding of and experience in Windows Engineering and Windows Modern Management technologies (SCCM / OSD / WSUS / Intune MEM / Autopilot, Azure, AWS)
    The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirements
    Proficiency in scripting of packaged installation of patches, software, and configuration changes
    Advanced knowledge of infrastructure foundation including DNS, DHCP, VDI, SQL Server, Oracle, Mongo, Postgres, IIS, Apache, SAN, Hyper-Converged, LAN, WLAN, VLAN, OSI model, TCP/IP, VPN, firewalls, PKI and/or AWS
    Demonstrated ability to communicate effectively to business and technical audiences.
    Demonstrated self-motivated work ethic and lifelong learner

First Citizens benefits programs are designed to meet our associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. More information regarding our benefits offerings can be found here: https://jobs.firstcitizens.com/benefits.