Windows Engineer

A Windows Engineer job in Cincinnati, OH is currently available s is a hybrid role working two days per week in the Belcan office in Blue Ash. Belcan has an immediate need for a Windows Systems Engineer to serve as a technical lead and central coordinator for our enterprise Patch Management Program. This role owns the end-to-end patching operating rhythm (intake → test → deploy → validate → report), driving standardization, automation, and measurable risk reduction across Windows endpoints and Windows Server workloads.

The technical core of the role is automation with Microsoft Configuration Manager (SCCM/MECM) and Microsoft Intune, with additional responsibilities supporting Windows Server deployments in AWS and administration of Box Enterprise as part of the broader endpoint and server management ecosystem.

This role requires U.S. citizenship and the ability to obtain or maintain a U.S. DoD Secret security clearance.

• Serve as technical lead for the enterprise Patch Management Program, defining and maintaining patching standards, tooling patterns, and operating procedures.
• Plan and run the recurring patch cadence: patch intake and prioritization, pilot/testing rings, phased deployment waves, maintenance window coordination, and post-deployment validation.
• Engineer and maintain automated patching frameworks using SCCM/MECM and Intune (update rings/policies, deployment packages, baselines, required deployments, compliance targeting).
• Coordinate cross-platform patching schedules and dependencies with Linux and Network teams to ensure comprehensive coverage and minimal service impact.
• Integrate vulnerability management and remediation workflows (e.g., CVE/critical bulletins) into patch prioritization; track exceptions, compensating controls, and risk acceptance.
• Build and deliver patch compliance reporting and executive dashboards (coverage, compliance %, aging, SLA attainment, failure rates, and trends) and drive corrective actions.
• Own incident and problem follow-up related to patching (failed deployments, reboot coordination, application impact), including root-cause analysis and preventative automation.
• Partner with Change Management to ensure patch deployments are planned, documented, communicated, and executed in alignment with enterprise change controls.
• Administer and optimize Box Enterprise client deployment/management patterns where relevant to endpoint configuration and software lifecycle.
• Deploy and manage Windows Server workloads in AWS (build/standard images, patching, monitoring, backups, and configuration hardening) in coordination with infrastructure and security requirements.
• Create and maintain audit-ready documentation (runbooks, standard operating procedures, exception logs, and evidence artifacts) for the Patch Management Program.
• Provide after-hours support during critical or user-impacting outages and for time-sensitive security patch events.
• Other duties as assigned.

• Strong understanding of enterprise patch management concepts (risk-based prioritization, maintenance windows, phased rollouts, compliance measurement, exception handling).
• Hands‑on expertise with Microsoft SCCM/MECM and WSUS at scale (software update points, deployment packages, collections/targeting, baselines, reporting, troubleshooting).
• Hands‑on expertise with Microsoft Intune (Windows Update for Business policies/rings, feature update strategies, endpoint configuration and compliance policies).
• Proven automation/scripting experience with Power Shell (preferred) and/or Python, including building repeatable workflows and self‑service tooling.
• Experience integrating patching with vulnerability remediation processes and producing compliance evidence for audit and security stakeholders.
• Experience deploying and administering Box Enterprise (user/group management, device trust and client deployment considerations, policy configuration).
• Experience deploying and managing Windows Server in AWS (EC2, AMIs, security groups, patching/maintenance, monitoring/logging).
• Experience using Azure Dev Ops (or equivalent) for planning, tasking, backlog management, and documenting technical work.
• Deep…