Vulnerabilities, Patch & Obsolescence Management Engineer

• CDI
• WORKDAY_JR00947
• New York

Natixis is seeking a Vulnerabilities, Patch & Obsolescence Management Engineer to join our Servers, Storage & Database team. This individual will play a pivotal role in the patch management of both physical and virtual servers, identifying and remediating vulnerabilities reported by our primary sources at the Head Office or from vendors, and managing the overall lifecycle of server software and hardware.

He/she/they will work closely with Head Office teams on Vulnerability, Patch, and Obsolescence Management (VPM) related tasks and projects.

Key Responsibilities:

• Monitor and manage automated Windows patching, collaborating with the Head Office MECM engineering team.
• Manage and test MECM application packages in conjunction with the Porto packaging team.
• Remediate software vulnerabilities on Windows and Linux servers through on-demand patching or removal.
• Develop and deploy Active Directory group policies to address vulnerabilities discovered on Windows servers, as well as to harden third-party applications and services.
• Report vulnerabilities across all Server, Storage, and Database team assets, including Windows servers, Linux/Unix systems, VMware hosts, appliances, and virtual machines. Coordinate and escalate vulnerability remediation efforts both domestically and globally.
• Collaborate with infrastructure staff to identify obsolete software or OS components and provide detailed remediation plans with timelines.
• Manage proactive vulnerability detection and monitoring.
• Work with the international team on monthly reporting and trend analysis meetings, developing remediation plans based on the outcomes of these discussions.
• Conduct in-depth analysis of Head Office data provided by Splunk and Qualys. Develop reconciliation processes between data sources and collaborate with the Head Office on resolutions.
• Oversee the creation and maintenance of detailed VPM technical administration documentation, ensuring its accuracy, along with the associated IT support and troubleshooting documents.
• Collaborate with internal and external IT auditors to provide necessary audit evidence and documentation.
• Enforce and adhere to policies and procedures for VPM projects in the AMER region, exercising best practices in system patching, installation, configuration, and monitoring.
• Work with local and global IT teams to achieve short- and long-term goals, manage the project plan for local patching and execution processes, and actively participate in all project phases.
• Collaborate with the SSD team to create automated solutions for scanning and capturing assets for exception reporting, and provide alerts for defined obsolescence.
• Research systems that may become obsolete within a two-year timeframe and work with infrastructure on replacement strategies.

The salary range for this position will be between $155,000 - $180,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.

Minimum Qualifications:
Bachelor's degree in a relevant field.
Strong understanding of industry-leading security and VPM tools for supported operating systems from a design, engineering, and troubleshooting perspective.
Self-starter with the ability to work with minimal supervision.
Strong communication skills to effectively convey project/work status to management and peers.
Proven ability to take full ownership and responsibility for tasks assigned to oneself and the team, ensuring completion.

Preferred Technical Experience:
Senior-level Windows Administration
MECM/SCCM
Qualys
Splunk
Linux Administration, particularly with RHEL and package tools
VMware engineering
Networking administration concepts
Scripting/Automation
Security and remediation practices