Engineer II, Patch Management


The Engineer II is responsible for providing patch related support to meet the latest PCI compliance and other corporate patch governance requirements. The Engineer II will require deep analytical thinking based on research results to assess software patches and configuration changes to be applied to varied infrastructure.

The Engineer II will provide assessment including security, system, and business impact. The candidate must have a good understanding of the security implications of a patch although not a security SME. The Engineer II must analyze and foresee the side effects of the patch. Finally, the Engineer II needs to be able to quantify the risks and opportunities (for better security) when the patch is applied in business impact.


• Assess software patches and create recommended patch list with logical explanation in terms of compliance.

• Develop and optimize pre- and post- patching process to ensure proper implementation without any outages.

• Score each patch based on risks & opportunity to prioritize. Identify which patches are more valuable to the organization than others.

• Coordinate patch schedule with other teams such as patch team, infrastructure management, security operations, governance & risk. Communicate project and operational metrics.

• Assist in developing action plans, schedules, budgets, status and metrics reports as well as other management communications intended to improve the patch management program at Ross.

• Must be able to create deployment patch package using SCCM and WSUS

• Thorough testing of patches in a non-Production environment. Must be able to think ahead to avoid business outages based on the lab results.


• Assist in the process for vulnerability and patch management ensuring they are compatible with the company's business needs and strategic objectives

• Review and analyze new requests, work with IT partners, vendors, and business leaders to understand patch management needs; Partner on solutions and recommendations for business initiatives based on application requirements

• Research, evaluate, develop, design and implement patch remediation designs and standards following industry best practices

• Develop and implement patch and vulnerability remediation process including package creation, testing and deployment.


• Communication

• Listening

• Problem Solving

• Dealing with Ambiguity

• Customer Focus

• Approachability

• Time Management


• 8 to 12 years’ experience supporting diverse IT systems, processes or capabilities

• Five years of Information Technology Security, at least 3 with large enterprise organizations

• A solid understanding of industry best practices for Patch Management; specific demonstrated experience mapping business processes and comparing those processes to industry best practices

• The ability to work closely with Business and development and a thorough understanding of the balance between business and patch requirements

• Must have excellent competency with SCCM, WSUS and other patching tools.

• Proficiency in scripting of packaged installation of patches, software and configuration changes, including power shell automation to improve patch management processes.

• Excellent understanding of network, system and application security

• Demonstrated project management experience


• Experience with the Microsoft Office Suite, Microsoft Project and Visio

• PMP, ITIL, and Six Sigma certificates

• Certified Information Systems Security Professional (CISSP), or other Information Security related certification

• Knowledge of various vulnerability scanning solutions, scripting and automation

• Experience with automation tool like Ansible, data base and Java application development (in-house developed or off-the-shelf) will be a plus

• Excellent written and verbal communication; must be able to communicate technical solutions to senior management

• Available for rotation assignment for on-call support duties


• Requirements: Consistent timeliness and regular attendance. Job requires ability to work in an office environment, primarily on a computer. The job also requires sitting, standing, walking, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.

• Routine deadlines; usually sufficient lead time; variance in work volume seasonal and predictable; priorities can be anticipated; some interruptions are present; travel or other inconveniences have advance notice; involves occasional exposure to demands and pressures from persons other than immediate supervisor.

• Occasional Requirements: Job occasionally requires bending, kneeling, reaching, and lifting up to 25 pounds.

• May also require occasional driving and/or traveling overnight for business functions or site visits.

• Vision requirements: Ability to see information in print and/or electronically.


• May oversee the activities of other associates


This position description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.