| Description:
|
A Windows Engineer job in Cincinnati, OH is currently available at Belcan. This is a hybrid role working two days per week in the Belcan office in Blue Ash. Belcan has an immediate need for a Windows Systems Engineer to serve as a technical lead and central coordinator for our enterprise Patch Management Program. This role owns the end-to-end patching operating rhythm (intake → test → deploy → validate → report), driving standardization, automation, and measurable risk reduction across Windows endpoints and Windows Server workloads. The technical core of the role is automation with Microsoft Configuration Manager (SCCM/MECM) and Microsoft Intune, with additional responsibilities supporting Windows Server deployments in AWS and administration of Box Enterprise as part of the broader endpoint and server management ecosystem.
Additional info: This role requires U.S. citizenship and the ability to obtain or maintain a U.S. DoD Secret security clearance.
Job Duties:
* Serve as technical lead for the enterprise Patch Management Program, defining and maintaining patching standards, tooling patterns, and operating procedures.
* Plan and run the recurring patch cadence: patch intake and prioritization, pilot/testing rings, phased deployment waves, maintenance window coordination, and post-deployment validation.
* Engineer and maintain automated patching frameworks using SCCM/MECM and Intune (update rings/policies, deployment packages, baselines, required deployments, compliance targeting).
* Coordinate cross-platform patching schedules and dependencies with Linux and Network teams to ensure comprehensive coverage and minimal service impact.
* Integrate vulnerability management and remediation workflows (e.g., CVE/critical bulletins) into patch prioritization; track exceptions, compensating controls, and risk acceptance.
* Build and deliver patch compliance reporting and executive dashboards (coverage, compliance %, aging, SLA attainment, failure rates, and trends) and drive corrective actions.
* Own incident and problem follow-up related to patching (failed deployments, reboot coordination, application impact), including root-cause analysis and preventative automation.
* Partner with Change Management to ensure patch deployments are planned, documented, communicated, and executed in alignment with enterprise change controls.
* Administer and optimize Box Enterprise client deployment/management patterns where relevant to endpoint configuration and software lifecycle.
* Deploy and manage Windows Server workloads in AWS (build/standard images, patching, monitoring, backups, and configuration hardening) in coordination with infrastructure and security requirements.
* Create and maintain audit-ready documentation (runbooks, standard operating procedures, exception logs, and evidence artifacts) for the Patch Management Program.
* Provide after-hours support during critical or user-impacting outages and for time-sensitive security patch events.
* Other duties as assigned
Required Qualifications:
* Strong understanding of enterprise patch management concepts (risk-based prioritization, maintenance windows, phased rollouts, compliance measurement, exception handling).
* Hands-on expertise with Microsoft SCCM/MECM and WSUS at scale (software update points, deployment packages, collections/targeting, baselines, reporting, troubleshooting).
* Hands-on expertise with Microsoft Intune (Windows Update for Business policies/rings, feature update strategies, endpoint configuration and compliance policies).
* Proven automation/scripting experience with PowerShell (preferred) and/or Python, including building repeatable workflows and self-service tooling.
* Experience integrating patching with vulnerability remediation processes and producing compliance evidence for audit and security stakeholders.
* Experience deploying and administering Box Enterprise (user/group management, device trust and client deployment considerations, policy configuration).
* Experience deploying and managing Windows Server in AWS (EC2, AMIs, security groups, patching/maintenance, monitoring/logging).
* Experience using Azure DevOps (or equivalent) for planning, tasking, backlog management, and documenting technical work.
* Deep understanding of technology principles and the ability to design and implement complex solutions drawing on multiple tools and platforms.
* Outstanding organizational, communication, and problem-solving skills; comfortable coordinating across infrastructure, security, and application owners.
* Attention to detail and ability to thrive in a fast-paced environment with time-sensitive security priorities
* Bachelor's degree in computer science, Information Technology, or equivalent experience.
Preferred Qualifications & Skills:
* Minimum of 5 years of experience as a Systems Administrator or Systems Engineer supporting enterprise Windows environments.
* Demonstrated experience leading or significantly contributing to a Patch Management Program (planning, testing rings, phased deployments, compliance reporting, exception management).
* Expertise in Windows 11 and Windows Server administration, including troubleshooting patch-related issues and scripting/automation.
* Experience with Windows management tooling such as SCCM/MECM and Intune in a production enterprise environment.
* Experience with Windows Server workloads in AWS and familiarity with Box Enterprise administration is a strong plus.
* Familiarity with IT service design principles, change management, and best practices for operational documentation.
We provide a competitive pay and benefits package. This position offers a salary range of $105,000 to $130,000. Belcan considers several factors when extending an offer, including but not limited to education, experience, geographic location, and discipline. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
As an employee with Belcan, you will be part of one of the largest engineering firms in the United States. We maintain a small- company atmosphere as well as open communication at all levels of our organization, allowing for much more dynamic decision-making processes. We offer flexible schedules as well as an excellent mentoring system to ensure that you have all the knowledge and tools you need to meet a diverse range of engineering challenges. You will also have opportunities to advance to positions of greater responsibility, including management roles. Your hard work and professional dedication will be rewarded with a competitive compensation package. Build a challenging and rewarding career with an industry leader!
|