Security Engineer (Vulnerability and Patch Management)

Roles and Responsibilities: -

• Provide domain and subject matter expertise in vulnerability and patch management.
• Design, develop, review, and maintain a comprehensive patch management strategy and practice for the overall IT operations environment, considering security, operational, and business requirements.
• Conduct regular patch management and vulnerability assessments to identify potential security risks and prioritize patching based on criticality, urgency, and impact. Such assessment should cover all layers of enterprise infrastructure, endpoints, server hardware, operating systems, and applications.
• Collaborate with the security team to evaluate the risk associated with unpatched vulnerabilities and recommend appropriate mitigation strategies.
• Closely collaborate with colleagues in Group Information Security & Privacy (GISP) team to review guidelines, policies, and procedures for patch management activities and ensure adherence across the organisation.
• Review and coordinate the deployment of patches, updates, and security fixes across all systems, applications, and infrastructure.
• Establish and/or enhance a standardised thorough testing process to verify the compatibility and stability of patches before deployment to production environments.
• Work closely with infrastructure, application, security, and BU IT teams to schedule and implement patching activities with minimal impact on business operations.
• Prepare detailed reports, metrics, and insights on patch compliance, analyse vulnerability remediation progress, and system performance to management and stakeholders. Regularly communicate the progress of patch management initiatives to senior leadership.
• Analyse threats, vulnerability feeds, patch management gaps and propose continuous improvement / remediation plans.
• Demonstrating system health and patching / vulnerability remediation compliance status based on predefined standards and routine maintenance of patch management.
• Provide support during incident response efforts related to vulnerabilities or issues arising from patching activities.
• Investigate and troubleshoot patch-related problems, collaborating with relevant teams to identify root causes and implement corrective actions.
• Work within the change management and service management processes within Group Technology teams for all patch management coordination and execution.
• Support the production of change risk assessments planned by Group Technology teams performing patch management and be able to present the changes to Change Advisory Boards, both internal and external.
• Support technical evaluation and evidence for security assessments and audits.
• Staying updated on new developments, emerging threats and vulnerabilities in cybersecurity standards, best practices and technologies related to patch management.

Desirable Qualifications, Skills and Experience;

• Bachelor’s degree and/or advanced diploma in IT related or relevant field.
• Proven experience in IT patch management, vulnerability remediation, patch deployment experience, or a similar role. (For Senior Profile)
• Proven track record in developing and implementing a vulnerability and patch management program utilising a Vulnerability and Patch Management Framework such as NIST Cybersecurity Framework.
• Demonstrated knowledge in systems vulnerability management and system hardening to mitigate Common Vulnerability and Exposures (CVE).
• Strong knowledge of software patching methodologies and deployment tools such as SCCM, Red Hat Satellite and Jamf is preferred.
• Solid experience in managing patch management for enterprise-wide Operating Systems such as Microsoft, Linux, AIX, AS400, Endpoint Protection software & tools.
• Familiarity with vulnerability assessment tools (Qualys, Nessus, Ivanti, etc.) and techniques is a plus.
• Experience with patch management automation systems and deployment methodologies.
• Solid understanding of legacy and modern IT Infrastructure architectures & related technologies, network/web related protocols, security principles, and common security vulnerabilities.
• Excellent communication and collaboration skills to work effectively with cross-functional teams, and manage stakeholder engagement.
• Must understand cloud computing and IAAS services from patch management aspect.
• Solid experience in project management and execution in IT Infrastructure / Operations.
• Sound knowledge in ITIL, IT operations, project methodology and tools.
• Self-driven & motivated, tenacious problem solver will own issues until full resolution.
• Ability to carry out tasks to a high standard with a strong eye for attention to detail and thorough approach to their work.
• Demonstrate strong analytical and problem-solving skills, excellent judgement, and possess a passion for continuous learning.
• Background in financial institutions regulated global companies a plus or similar.
• Multiple Vendor Certification is advantageous.