Windows​/Linux Patching, Maintenance & Automation Engineer

Position Overview

The Windows/Linux Patching, Maintenance & Automation Engineer is responsible for enterprise-wide patching, OS maintenance, and automation across Windows Server  and RHEL 8/9 in VMware and Azure environments. This role will also assist with Identity and Access Management (IAM) technologies to ensure secure, auditable access patterns for systems management, scanning, and automation. You will lead patch strategy, drive remediation based on authenticated scan results and pen test findings and introduce Infrastructure as Code (IaC) to improve standardization, speed, and security.

Essential Duties and Responsibilities

1) Ownership of Patching & Maintenance (Windows + RHEL)

* Lead end-to-end patch operations: strategy, ring-based deployments, testing, maintenance windows, approvals,

and communications.

* Define and maintain patch baselines for Windows Server  and RHEL 8/9/10, including reboot

orchestration and exception workflows.

* Own lifecycle planning: OS version standards, EOL tracking, upgrades, templates/images, and baseline

hardening.

* Drive post-maintenance validation (service health, event/log checks, synthetic probes) and implement rollback

plans.

2) Tooling Leadership (Tanium + Intune)

* Own and optimize Tanium for patch deployment, compliance reporting, remediation actions, and operational

troubleshooting.

* Use Intune for endpoint policy posture and update orchestration where appropriate.

* Build and maintain patch runbooks, automated health checks, and common failure remediation playbooks.

3) Security Validation & Vulnerability Remediation

* Use Tanium authenticated scans to validate remediation and produce audit-ready evidence.

* Partner with Security to prioritize remediation based on exploitability, asset criticality, and exposure.

* Convert Horizon
3.ai Node Zero findings into actionable remediation plans; validate closure and prevent recurrence.

4) IAM Responsibilities (Hybrid Identity)

* Assist in the design and enforce IAM patterns for patching, scanning, and automation:

* Least privilege access models for administrators, service accounts, automation identities, and scanners

* Privileged access controls (e.g., tiered admin, just-in-time access, break-glass procedures)

* Credential and secret management practices for scripts/automation (vaulting, rotation, non-interactive

auth)

* Integrate identity controls with Windows and Linux administration models:

* AD/Azure AD identity patterns, RBAC, group-based access, role separation

* Linux privilege delegation patterns (sudoers hygiene, centralized identity where applicable)

* Ensure access is auditable and compliant: logging, review/recertification support, and evidence generation.

5) Azure Configuration Posture (CSPM-driven)

* Use Microsoft Defender for Cloud recommendations to drive remediation of cloud configuration risks.

* Work with cloud and security teams to implement secure baselines and reduce drift.

6) Automation & Infrastructure as Code (IaC)

* Build automation for patching workflows: pre-checks, phased rollouts, post-checks, exception handling,

rollbacks, reporting, and ticket/change integration.

* Introduce and design IaC for Azure and supporting infrastructure using Terraform and/or Bicep/ARM, with Gitbased review and promotion workflows.

* Create reusable modules/patterns that standardize provisioning, policy enforcement, and operational readiness.

7) Operational Excellence

* Participate in on-call and after-hours maintenance rotations.

* Lead incident response and root cause analysis for patch-related outages; write postmortems and implement

preventive controls.

* Maintain clear documentation: standards, runbooks, rollback procedures, and known issue libraries.

Required Qualifications

* Proven ability to lead patch strategy (rings, baselines, risk management, validation, reporting).

* Strong automation skills:
Power Shell + Bash/Python; ability to build reliable, idempotent automation.

* Directory services, RBAC/group-based access, privileged access patterns, service identities

* Audit/logging considerations and access review support

* Comfortable operating within change control and regulated operational processes.

Preferred Qualifications

* VMware experience (vSphere operations, templates, snapshot strategy, maintenance coordination).

* Azure experience (compute/network/storage, RBAC, logging/monitoring, policy governance).

* Experience improving posture using Defender for Cloud (CSPM).

* IaC expertise:
Terraform and/or Bicep/ARM;
Git Ops workflows; module design.

* Familiarity with hardening standards (CIS/STIG) and vulnerability management life cycles.

Technologies & Tooling (Environment Fit)

* Hybrid: VMware, Microsoft Azure

* OS:
Windows Server ; RHEL 8/9

* Mgmt/Patching:
Tanium, Intune

* Security:
Tanium authenticated scans, Horizon
3.ai Node Zero

* Cloud posture:
Microsoft Defender for Cloud (CSPM)

* Automation/IaC:
Power Shell, Bash/Python, Terraform/Bicep/ARM, Git workflows

* IAM: AD/Azure AD (Entra ), RBAC/role design, privileged access patterns, service…