Lead Engineer

Description

We are looking for a Lead Windows Security Compliance Engineer with deep technical expertise in Windows Server operating systems, automation, and enterprise patch management.

This role will be responsible for maintaining security compliance across all Windows server environments, leveraging tools such as Microsoft SCCM and scripting frameworks to streamline and automate patching, vulnerability remediation, and configuration enforcement.

Key Responsibilities:



* Serve as the primary owner for ensuring Windows Server security compliance across the enterprise.


* Design, implement, and maintain automated patching workflows using Microsoft SCCM/ConfigMgr, including deployment of monthly updates, zero-day patches, and out-of-band fixes.


* Expertise in SCCM Administration, deployment, packaging, network inventory, boundaries, installer, and network designing.


* Develop and maintain compliance baselines, configuration items (CIs), and desired configuration management (DCM) policies in SCCM.


* Integrate SCCM with vulnerability management platforms (e.g., Tenable, Qualys) to automate remediation cycles.


* Lead vulnerability remediation activities with root cause analysis, patch validation, and follow-up audits.


* Utilize advanced PowerShell scripting and Python (as needed) to automate administrative tasks, patch validation, compliance checks, and reporting.


* Perform regular compliance audits, generate detailed reports, and present to security and leadership teams.


* Stay up to date with Windows security updates, hardening techniques, and best practices (e.g., Microsoft Security Baselines, CIS Benchmarks).


* Collaborate with Infrastructure, InfoSec, and Application teams to remediate configuration drifts and security gaps.


* Drive continuous improvements in automation, reporting, and compliance coverage.

Required Qualifications:



* 7 years of experience administering and securing Windows Server environments in enterprise settings (2012 R2, 2016, 2019, 2022).


* Strong understanding of Windows internals, including services, drivers, registry, Group Policies, event logging, and access controls.


* Deep hands-on experience with Microsoft SCCM/Endpoint Configuration Manager, including:



* Software Update Point (SUP) configuration


* ADRs (Automatic Deployment Rules)


* Patch deployment rings


* Troubleshooting client health and update deployment issues


* Reporting using SSRS and Power BI

Proficiency in PowerShell for automation, scripting, and configuration enforcement.

Experience with Python for automation tasks is a strong plus.

Knowledge of vulnerability remediation processes, compliance frameworks (CIS, NIST, STIG), and system hardening practices.

Ability to analyze patch impacts, perform patch testing, and coordinate patch rollout strategies with minimal downtime.

Familiarity with Active Directory, DNS, DHCP, file shares, and other co...