Vulnerabilities, Patch & Obsolescence Management Engineer - UI

Natixis is seeking a Vulnerabilities, Patch & Obsolescence Management Engineer to join our User Infrastructure team. In this pivotal role, you will lead the patch management activities for workstations and printers, proactively identify and remediate vulnerabilities reported by our Head Office or vendors, and manage the lifecycle of both software and hardware across our workstation environment.

You will collaborate closely with Head Office teams on Vulnerability, Patch, and Obsolescence Management (VPM) tasks and projects, ensuring that best practices in security and patch management are upheld.

The ideal candidate will possess strong technical capabilities and a comprehensive understanding of patching, security concepts, technologies, and industry best practices. Furthermore, you should be adept at translating complex technical issues into clear, non-technical language for diverse audiences.

Essential Duties and Responsibilities:
The key responsibilities include, but are not limited to:

Overall Responsibilities:

• Monitor and manage automated Windows patching, collaborating with the Head Office MECM engineering team.
• Manage and test MECM application packages alongside the Porto packaging team.
• Remediate software vulnerabilities on Windows workstations through on-demand patching or software removal.
• Develop and deploy Active Directory group policies to address vulnerabilities on Windows workstations and enhance the security posture of third-party applications and services.
• Report vulnerabilities across all User Infrastructure assets, including Windows workstations (laptops, physical desktops, virtual desktops), printers, Mac workstations, and related assets (docking stations, thin clients).
• Coordinate and escalate vulnerability remediation efforts both domestically and globally.
• Collaborate with infrastructure staff to identify obsolete hardware, software, or OS components and develop remediation plans with detailed steps and timelines.

Management of Proactive Vulnerability Detection and Monitoring:

• Collaborate with the international team for monthly reporting, trend analysis meetings, and develop remediation plans based on the outcomes of these discussions.
• Conduct in-depth analysis of data provided by Head Office through tools like Splunk and Qualys, establishing reconciliation processes between data sources and working with Head Office towards resolution.
• Oversee the creation and maintenance of detailed VPM technical administration documentation, ensuring accuracy and relevance, along with associated IT support and troubleshooting documents.
• Work with internal and external IT auditors to provide necessary audit documentation and evidence.
• Enforce and adhere to policies and procedures for VPM projects across the AMER region, while practicing best practices in system patching, installation, configuration, and monitoring.
• Collaborate with local and global IT teams to achieve short- and long-term goals, managing project plans for local patching and execution processes, and actively participating in all project phases.
• Work with the UI team to create automated solutions for asset scanning, exception reporting, and alerts for defined obsolescence.
• Research systems that may become obsolete within a two-year timeframe and collaborate with infrastructure teams on replacement strategies.

Server/Virtualization Infrastructure:

• Provide operational support for VMware environments as applicable to VDI support and security remediation.
• Provide operational support for Citrix environments, including patch installation and application deployment.

Workstation Infrastructure:

• Support security remediation and patch management of Windows workstations utilizing MECM.
• Assist with application/workstation patching and deployment of security packages.
• Conduct research on patch management and hardening processes for workstations, virtual desktops, and printers using Qualys, MECM, and Group Policy (GPO).
• Automate workstation support tasks using PowerShell.
• Monitor and remediate end-of-life and end-of-service assets, leading obsolescence projects related to workstations and applications.
• Utilize KPIs and generate reports for management presentations during monthly committee meetings.
• Collaborate with the Customer Service team to resolve escalated tickets and engineering support issues.

The salary range for this position will be between $155,000 - 180,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.