Software Patching and Lifecycle Management Engineer III
Mitsubishi Power Americas · Orlando, FL · 3 wk ago
EngineeringFull-time
Key Responsibilities
- Demonstrates our core competencies: Action oriented, change champion, customer-focused, developing self & others, and ownership
- Assess and validate patch applicability by reviewing OS patches, hotfixes, firmware updates, antivirus definitions, and third-party releases for use in OT and control system environments.
- Perform patch validation and testing in lab environments to confirm compatibility, cybersecurity impact, and operational safety prior to deployment.
- Execute patch deployment for Windows and Linux systems in accordance with defined schedules, maintenance windows, and change management processes.
- Conduct vulnerability scanning and analysis, evaluating CVEs, severity, and exploitability to determine remediation actions or risk disposition.
- Career with remediation activities with system owners, field teams, and customers, validating fixes through re-scan or functional verification.
- Develop and maintain patch deployment packages for offline, air-gapped, and restricted environments, including secure distribution methods.
- Administer centralized patch management tools (e.g., WSUS) and support associated reporting and tracking workflows.
- Develop and utilize automation and scripting tools (PowerShell, Python, Bash) to support patching, validation, reporting, and system health checks.
- Support lifecycle maintenance of virtualized environments (e.g., VMware ESXi, Proxmox), including coordination of patching activities and validation.
- Troubleshoot patching and scanning issues, performing root cause analysis and coordinating resolution with internal teams or vendors.
- Maintain comprehensive technical documentation, including procedures, validation records, vulnerability evidence, release notes, and customer guidance.
- Document patch decisions and risk posture, including approved/deferred patches, known issues, incompatibilities, and mitigation strategies.
- Support configuration and change management processes, including backup, rollback, and recovery planning.
- Support compliance and audit readiness, including documentation and evidence collection for regulated environments (e.g., NERC CIP).
- Collaborate cross-functionally with engineering, cybersecurity, infrastructure, product management, and field service teams to align priorities and release timing.
- Provide remote and on-site support for customer patching, vulnerability remediation, lifecycle maintenance, and system recovery activities.
- Drive continuous improvement initiatives to enhance patch quality, operational efficiency, and cybersecurity posture.
- Ensure adherence to company policies, cybersecurity standards, safety requirements, and customer expectations.
Requirements
- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Computer Engineering, Electrical Engineering, or a related field; or equivalent relevant work experience.
- 3–7 years in patch management, systems engineering, OT support, cybersecurity operations, vulnerability management, or a related technical field.
- Strong hands-on experience administering Windows and Linux systems.
- Experience supporting patching and lifecycle maintenance in offline, air-gapped, or restricted environments, including maintaining offline update repositories for Windows and Linux.
- Experience executing and interpreting vulnerability scans, including CVE analysis, severity scoring, exploitability assessment, remediation tracking, and closure verification.
- Familiarity with Active Directory, Group Policy, Windows Remote Management (WinRM), and WSUS in domain environments.
- Proficiency with PowerShell, Python, and/or Bash for automation, reporting, and operational support.
- Experience supporting virtualization platforms such as VMware and related infrastructure.
- Experience with endpoint management tools such as Tanium, including scripting and/or package deployment (preferred).
- Experience supporting operational technology (OT), industrial control systems (ICS), or critical infrastructure environments.
- Familiarity with vulnerability management workflows, least privilege, secure update handling, audit documentation, and risk acceptance processes.
- Knowledge of NERC CIP or other regulated cybersecurity requirements (preferred).
- Strong troubleshooting, root cause analysis, and problem-solving skills.
- Ability to produce clear technical documentation (procedures, validation records, reports, release notes) and customer-facing guidance/correspondence; ability to present technical information and respond to questions from managers, customers, and field personnel.
- Strong organizational and time-management skills, including managing recurring deliverables and remediation tracking.
- Experience supporting customers remotely and onsite in production environments.
- Flexibility to work outside standard business hours to support maintenance windows.
- Ability to travel up to 20%.