Patching and Systems Administrator II (Systems Administrator 2) 27107

Come Join HII! Where Hard Stuff is Done Right!

We are seeking an experienced Patching and Windows Administrator II to join our infrastructure team. This role requires deep technical expertise in enterprise patch management and system administration across Windows Server environments. The ideal candidate will be responsible for managing comprehensive patch management operations, maintaining system health and security, and leveraging automation tools including PowerShell, SCCM, and WSUS to ensure efficient, secure, and compliant infrastructure operations.

Responsibilities: I want to and can do that!

Patch Management & Vulnerability Remediation
•    Plan, schedule, and execute enterprise-wide patch management cycles using WSUS, SCCM, or similar enterprise patching tools across Windows Server environments
•    Develop and maintain comprehensive patch management policies, procedures, and schedules to minimize security vulnerabilities and ensure compliance
•    Coordinate monthly and quarterly patching windows, ensuring minimal disruption to business operations while maintaining security posture
•    Test patches in non-production environments before deploying to production systems to prevent system disruptions and compatibility issues
•    Monitor patch deployment status continuously, identifying failed deployments, and taking immediate corrective actions
•    Integrate patching workflows with PowerShell and Group Policy for automated, orchestrated updates across Windows environments
•    Troubleshoot failed patch deployments and develop comprehensive remediation strategies
•    Maintain and update system baselines and gold images with current patches
System Administration & Management
•    Design, implement, and maintain enterprise Windows Server systems (2016/2019/2022)
•    Administer Active Directory, Group Policy, and domain services in an enterprise environment
•    Perform system installations, configurations, upgrades, and maintenance across all Windows platforms
•    Monitor system performance, troubleshoot issues, and implement solutions to ensure optimal uptime and availability
•    Manage user accounts, permissions, and security policies across Windows environments
•    Maintain system documentation including patch histories, configuration changes, and system inventories
Infrastructure Automation & Configuration Management
•    Design, develop, and maintain PowerShell scripts and modules for system provisioning, configuration, patch deployment, and orchestration
•    Implement Desired State Configuration (DSC) for automated configuration management and patch automation
•    Implement infrastructure as code (IaC) principles using PowerShell DSC and Group Policy across Windows environments
•    Develop and maintain automation scripts using PowerShell, Batch, or VBScript to streamline patching and system management processes
•    Automate patch testing, validation, and rollback procedures
•    Create and maintain system documentation, runbooks, and standard operating procedures
•    Optimize and troubleshoot existing automation workflows for improved efficiency and reliability
Security & Compliance
•    Implement and maintain security hardening standards across Windows Server systems using Group Policy and PowerShell DSC
•    Conduct regular security audits and vulnerability assessments
•    Ensure timely deployment of security patches within defined SLAs to minimize vulnerabilities
•    Ensure compliance with industry standards and regulatory requirements (PCI-DSS, HIPAA, SOX, etc.)
•    Monitor and respond to security vulnerabilities identified through scanning tools (Nessus, Qualys, Tenable, etc.)
•    Maintain detailed records of security incidents, patch activities, response actions, and lessons learned
•    Coordinate with security and compliance teams for audit preparation and remediation activities
Monitoring, Alerts & Reporting
•    Continuously monitor patch deployment status across all systems
•    Configure and maintain alerting for failed patches, system health issues, and security vulnerabilities
•    Generate and distribute regular patch compliance reports to leadership and stakeholders
•    Track and report on patch management KPIs and metrics
•    Maintain compliance dashboards and vulnerability trending reports

What you must have:

•    Security Clearance: No clearance required at start but could be processed for a clearance in the future; U.S. Citizenship required
•    3 years relevant experience with Bachelors in related field; 1-year relevant experience with Masters in related field; or High School Diploma or equivalent and 7 years relevant experience.
•    Minimum 5 years of progressive Windows Server administration experience
•    Minimum 3 years of dedicated patch management experience in enterprise environments
•    Experience managing Windows-based environments with multiple servers and services
•    Proven track record of implementing large-scale patching and automation projects
•    Experience with change management and ITIL processes
•    Experience managing patching for environments with 500+ systems
Soft Skills
•    Excellent problem-solving and analytical abilities
•    Strong communication skills, both written and verbal, with ability to explain technical concepts to non-technical stakeholders
•    Ability to work independently and as part of a team
•    Strong organizational skills and attention to detail
•    Ability to manage multiple priorities in a fast-paced environment
•    Strong project management skills for coordinating complex patching cycles
•    Ability to work under pressure during critical patching events
•    Strong sense of urgency for security vulnerability remediation

Technical Skills
•    5+ years of hands-on experience administering Windows Server systems in enterprise environments
•    3+ years of dedicated experience in enterprise patch management operations
•    Expert-level knowledge of Windows Server (2016/2019/2022)
•    Strong proficiency with Active Directory, Group Policy, and domain services
•    Demonstrated experience with Windows desktop administration (Windows 10/11)
•    Extensive experience with enterprise patch management tools such as WSUS, SCCM, BatchPatch, Ivanti, or similar solutions
•    3+ years of production experience with PowerShell, including script development, modules, and advanced automation
•    Experience with PowerShell Desired State Configuration (DSC) for configuration management
•    Strong understanding of patch management methodologies, testing procedures, and rollback strategies
•    Advanced knowledge of scripting (PowerShell, Batch, VBScript)
•    Experience with Windows package management (Chocolatey, winget)
•    Strong understanding of networking concepts (TCP/IP, DNS, DHCP, routing, firewalls)
•    Experience with virtualization technologies (Hyper-V, VMware, or similar)
•    Proficiency with version control systems (Git, Azure DevOps, GitHub)
•    Experience with monitoring tools (SCOM, Nagios, Zabbix, or similar)
•    Knowledge of vulnerability management tools (Nessus, Qualys, Tenable, Rapid7, or similar)
•    Experience with ticketing systems (ServiceNow, Jira, or similar)

Preferred Requirements

•    Microsoft Certified: Windows Server Hybrid Administrator Associate or higher
•    Microsoft Certified: Azure Administrator Associate
•    Microsoft Certified: Security Operations Analyst Associate
•    Microsoft Endpoint Configuration Manager (SCCM) certification
•    Certified Information Systems Security Professional (CISSP) or Security+ certification
•    Experience with Microsoft Endpoint Configuration Manager (SCCM/ConfigMgr) for patch management
•    Experience with Microsoft Intune for modern device management
•    Experience with Azure Update Management or Azure Automation
•    Experience with containerization technologies (Docker, Kubernetes)
•    Knowledge of cloud platforms (Azure, AWS, or GCP)
•    Experience with CI/CD pipelines and DevOps practices
•    Familiarity with storage technologies (SAN, NAS, Storage Spaces Direct)
•    Experience with infrastructure as code tools (Terraform, ARM templates)
•    ITIL Foundation or similar change management certification
•    Experience with Linux systems administration is a plus

Physical Requirements