We are CirrusLabs . Our vision is to become the world's most sought-after niche digital transformation company that helps customers realize value through innovation. Our mission is to co-create success with our customers, partners and community. Our goal is to enable employees to dream, grow and make things happen. We are committed to excellence. We are a dependable partner organization that delivers on commitments. We strive to maintain integrity with our employees and customers. Every action we take is driven by value. The core of who we are is through our well-knit teams and employees. You are the core of a values driven organization.You have an entrepreneurial spirit. You enjoy working as a part of well-knit teams. You value the team over the individual. You welcome diversity at work and within the greater community. You aren't afraid to take risks. You appreciate a growth path with your leadership team that journeys how you can grow inside and outside of the organization. You thrive upon continuing education programs that your company sponsors to strengthen your skills and for you to become a thought leader ahead of the industry curve.You are excited about creating change because your skills can help the greater good of every customer, industry and community. We are hiring a talented J ob Title > to join our team. If you're excited to be part of a winning team, CirrusLabs ( http://www.cirruslabs.io ) is a great place to grow your career.About the OpportunityWe are a trusted technology consultancy supporting a Fortune 50 enterprise IT organization in delivering a large-scale patch compliance transformation. We are building a high-performing team of Security Compliance Engineers to support patching, remediation, reporting, and tooling optimization across an enterprise workstation environment exceeding 215,000 Windows and Linux endpoints.This team will play a central role in improving the client's overall endpoint security posture, reducing vulnerability exposure, and driving compliance maturity. Engineers will work in close coordination with an Architect-level lead and other infrastructure teams across the enterprise.Role SummaryAs a Security Compliance Engineer - SCCM Workstation Patching, you will serve as the subject matter expert in Microsoft System Center Configuration Manager (SCCM) within a broader patch compliance engineering team. You will lead efforts in configuring and executing large-scale patch deployments, building automation scripts, optimizing patch targeting logic, and supporting pre-/post-deployment workflows. While your core focus will be SCCM, you will collaborate across the broader stack, including Intune, Autopatch, PatchMyPC, and Qualys.You will help ensure enterprise-wide consistency and reliability in patching processes, particularly across Windows OS and Microsoft Office deployments, while contributing to the broader mission of reducing endpoint risk and improving vulnerability compliance.Key ResponsibilitiesResponsibilities will include:SCCM-Centric Patch ManagementLead the design, configuration, and execution of patch deployment jobs using SCCMBuild and manage baseline packages and integrate pre- and post-deployment scriptingTroubleshoot patch deployment failures and optimize SCCM query logic to ensure targeted successCross-Tool CollaborationSupport integration and handoffs between SCCM and complementary tools such as Intune, Autopatch, and PatchMyPCContribute to vulnerability remediation strategy through Qualys scan data and compliance trendsProactive RemediationAssist in automating updates for third-party and end-of-life softwareContribute to attack surface reduction and controls for blocking reintroduction of non-compliant applicationsReporting & AnalyticsCollaborate with the reporting engineer to track historical compliance, patch trends, and identify reimage candidatesSupport dashboard development for patch status and SLA metricsTechnology Stack & Tooling FocusWhile SCCM will be your primary domain, you will collaborate across the full platform set:Vulnerability ReportingQualys, Qualys VMDRWindows OS PatchingWindows Autopatch, SCCMMicrosoft Office PatchingCloud Update, SCCMThird-Party Application PatchingPatchMyPC, SCCM, Qualys VMDR, NexthinkRequired Qualifications5+ years of experience in endpoint security or IT operations with a focus on Microsoft SCCMProven ability to manage SCCM patch baselines, package creation, deployment orchestration, and post-deployment validationExperience supporting patching at scale in large enterprise environmentsStrong scripting skills using PowerShell or other automation toolsAbility to interpret vulnerability data and translate into actionable SCCM tasksStrong teamwork and communication skills in a distributed, multi-tool environmentPreferred QualificationsExperience in enterprise environments with 100,000+ endpointsFamiliarity with complementary tools: Intune, Windows Autopatch, PatchMyPC, QualysUnderstanding of compliance frameworks (e.g., NIST, CIS Benchmarks)Experience with vulnerability management and risk orchestration tools such as Brinqa and VulcanPrior experience contributing to a centralized patch governance team
