C

Windows Vulnerability Remediation Engineer (Direct Hire, Remote)

CBTS • United State
Remote
Apply
AI Summary

CBTS seeks a Windows Vulnerability Remediation Engineer to accelerate patching and vulnerability remediation across Windows Server 2016/2019/2022 infrastructure. This role leverages automation tools like Qualys, Chef, Ansible, and PowerShell to identify, prioritize, and implement fixes. Requires 6-10 years of experience with Windows Server, Qualys, automation tools, and strong scripting skills.

Key Highlights
Accelerate vulnerability remediation and patching for Windows Server infrastructure.
Utilize automation tools (Qualys, Chef, Ansible, PowerShell) for identification, prioritization, and implementation of fixes.
Collaborate with cross-functional teams to ensure timely remediation while maintaining server stability.
Key Responsibilities
Own and execute end-to-end remediation for vulnerabilities identified on Windows servers (2016/2019/2022), including OS patching and configuration hardening.
Fast-track and manage all Meridian-related remediation requirements as they are received, ensuring adherence to defined SLAs and audit expectations.
Triage vulnerability findings (primarily from Qualys) and translate them into actionable remediation plans, considering exploitability, criticality, asset tiering, and operational risk.
Coordinate remediation activities for Microsoft security updates and configuration hardening aligned to organizational standards.
Develop, enhance, and maintain remediation automation using Chef, Ansible, and PowerShell scripting.
Convert recurring manual remediation steps into repeatable automated solutions and standardized runbooks.
Ensure code follows internal engineering standards: version control, peer review, testing, documentation, and change management.
Validate remediation effectiveness by re-scanning and verifying closure in Qualys.
Confirm fixes did not introduce regressions; coordinate with application and platform teams for post-change verification.
Maintain accurate documentation of remediation actions, approvals, exceptions, and closure evidence to support audit and compliance needs.
Provide progress updates, metrics, and risk status to stakeholders.
Schedule and lead remediation calls with infrastructure support teams, application owners, and other stakeholders to drive timely execution.
Work within change management processes: create/execute change plans, develop rollback steps, and coordinate maintenance windows.
Partner with platform engineering to improve standard server baselines and prevent vulnerability recurrence.
Follow up with vendors for patch availability, release schedules, and remediation guidance when vulnerabilities require vendor action.
Track Microsoft security advisories and coordinate planned rollout timelines where applicable.
Technical Skills Required
Microsoft Windows Server 2016/2019/2022 Qualys PowerShell
Benefits & Perks
100% Remote
Direct Hire (FTE)
Market (Salary)
Nice to Have
Familiarity with compliance/security frameworks and server hardening concepts (e.g., Microsoft Security Baselines, CIS benchmarks, STIG concepts) as applied to Windows Server.
Experience with CI/CD or automated testing for infrastructure code (linting, unit/integration testing where applicable).
Experience operating in large-scale environments (hundreds/thousands of servers) with tiered production controls.
Exposure to enterprise patch orchestration tooling/processes used in Windows server environments (where applicable).

Job Description


Windows Vulnerability Remediation Engineer ( Windows Server 2016/2019/2022) - 100% Remote

Duration: Direct Hire (FTE) - Pay: Market (Salary) - NO (Sponsorship, H1B, F1, OPT, EAD, C2C)


CBTS is searching for a Windows Vulnerability Remediation Engineer who is responsible for accelerating vulnerability remediation and patching activities across server infrastructure. This role focuses on Microsoft Windows Server 2016/2019/2022 and leverages existing automation and scanning technologies (e.g., Qualys, Chef, Ansible, PowerShell/shell scripting, Ruby) to identify, prioritize, implement, validate, and close vulnerabilities in alignment with internal compliance requirements (e.g., Meridian requirements). The engineer partners closely with Operations, Engineering teams, application owners, and support teams to deliver timely fixes while maintaining server stability and change discipline.



Must Have Skills: Microsoft Windows Server 2016/2019/2022, Qualys, (Chef/ruby or Ansible), PowerShell/shell scripting, Playbooks, Windows Server Patching, Triage, STIGs



Responsibilities:

  • Vulnerability Remediation & Patch Management
  • Own and execute end-to-end remediation for vulnerabilities identified on Windows servers (2016/2019/2022), including OS patching and configuration hardening.
  • Fast-track and manage all Meridian-related remediation requirements as they are received, ensuring adherence to defined SLAs and audit expectations.
  • Triage vulnerability findings (primarily from Qualys) and translate them into actionable remediation plans, considering exploitability, criticality, asset tiering, and operational risk.
  • Coordinate remediation activities for:
  • Microsoft security updates (monthly/Out-of-Band as needed) and required reboots where applicable.
  • Configuration hardening aligned to organizational standards and security baselines (as applicable in the environment).
  • Mitigations/compensating controls when immediate patching is not feasible (documented and approved per process).
  • Automation, Configuration Management & Engineering
  • Develop, enhance, and maintain remediation automation using:
  • Chef (cookbooks/recipes, attributes, templates, policy files as applicable)
  • Ansible (playbooks, roles, inventories, modules—Windows modules/WinRM-based execution as applicable)
  • PowerShell and scripting (server-side automation and custom remediation logic)
  • Ruby for maintaining/extending Chef-based remediation code and custom logic
  • Convert recurring manual remediation steps into repeatable automated solutions and standardized runbooks.
  • Ensure code follows internal engineering standards: version control, peer review, testing, documentation, and change management.
  • Validation, Closure & Reporting
  • Validate remediation effectiveness by re-scanning and verifying closure in Qualys (and/or approved internal validation methods).
  • Confirm fixes did not introduce regressions; coordinate with application and platform teams for post-change verification.
  • Maintain accurate documentation of remediation actions, approvals, exceptions, and closure evidence to support audit and compliance needs.
  • Provide progress updates, metrics, and risk status to stakeholders (e.g., open critical/high items, aging items, SLA adherence).
  • Cross-Team Coordination & Operational Execution
  • Schedule and lead remediation calls with infrastructure support teams, application owners, and other stakeholders to drive timely execution.
  • Work within change management processes: create/execute change plans, develop rollback steps, and coordinate maintenance windows.
  • Partner with platform engineering to improve standard server baselines and prevent vulnerability recurrence.
  • Vendor & Release Coordination (as needed)
  • Follow up with vendors (Microsoft and/or third-party software providers installed on servers) for patch availability, release schedules, and remediation guidance when vulnerabilities require vendor action.
  • Track Microsoft security advisories and coordinate planned rollout timelines where applicable.


Scope (In-Scope / Out-of-Scope)

In-Scope

  • Server infrastructure running Windows Server 2016, 2019, 2022
  • Vulnerability remediation, hardening, and patching activities related to server OS and server-installed software/packages
  • Automation for server remediation workflows

Out-of-Scope

  • End-user computing (desktops/laptops)
  • Network/security appliances, storage appliances, or specialized non-server devices


Requirements:

  • 6–10 years of strong hands-on experience with Windows Server 2016/2019/2022 in enterprise environments.
  • Proven experience driving vulnerability remediation and patch management for Windows servers.
  • Expertise with Qualys (or equivalent vulnerability scanners) including interpreting findings, false-positive validation, and closure verification.
  • Automation experience with Chef and/or Ansible in production Windows server environments.
  • Strong scripting skills (PowerShell; plus ability to use/maintain shell scripting where applicable in the environment).
  • Working proficiency in Ruby (or ability to maintain/extend existing Ruby codebases used for Chef remediation).
  • Strong understanding of Windows security fundamentals (patching, services, permissions, registry, authentication, TLS/cipher considerations as applicable).
  • Experience working with change management, incident/problem management, and coordinating across multiple support teams.


Preferred Qualifications

  • Familiarity with compliance/security frameworks and server hardening concepts (e.g., Microsoft Security Baselines, CIS benchmarks, STIG concepts) as applied to Windows Server.
  • Experience with CI/CD or automated testing for infrastructure code (linting, unit/integration testing where applicable).
  • Experience operating in large-scale environments (hundreds/thousands of servers) with tiered production controls.
  • Exposure to enterprise patch orchestration tooling/processes used in Windows server environments (where applicable).


Key Skills & Competencies

  • Remediation prioritization and risk-based decision making
  • Strong troubleshooting and root-cause analysis (patch failures, dependency/application impact, service restart/reboot coordination)
  • Clear communication and ability to drive closure across stakeholders
  • Documentation discipline and audit readiness mindset
  • Ability to deliver under tight timelines while maintaining system stability


Deliverables / Success Measures

  • Reduction in open Patch NOW/Critical/High vulnerabilities and improved SLA compliance.
  • Consistent, repeatable remediation through Chef/Ansible automation.
  • Verified closures in Qualys with clear evidence and minimal re-open rates.
  • Improved remediation cycle time for Meridian requirements and other prioritized findings.
  • Fewer recurring vulnerability patterns through baseline improvements and preventive controls.


CBTS provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws.


Similar Jobs

Explore other opportunities that match your interests

Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

lake states tappi/north centra...

United State

Senior Robotics Engineer - Autonomous Vehicles

Programming
•
2h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

John Deere

United State

Senior Software Development Engineer

Programming
•
3h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

Seeq Corporation

United State

Subscribe our newsletter

New Things Will Always Update Regularly