Windows Server Engineer

We are looking for an experienced Windows Server Engineer with deep expertise in vulnerability management and patch lifecycle management. In this role, you will be responsible for the health, security, and compliance of our Windows server ecosystem. You will play a critical role in protecting our infrastructure from cyber threats by systematically identifying, assessing, and remediating vulnerabilities through a structured patching process.

Key Responsibilities

Vulnerability Management

Proactively scan, identify, and assess vulnerabilities within the Windows server environment using tools like Qualys, Tenable, or Rapid7.

Triage vulnerabilities based on CVSS scores, exploitability, and business impact to prioritize remediation efforts.

Collaborate with the Security team to investigate and respond to vulnerability-related incidents and threats.

End-to-end management of the patch lifecycle for Windows Server (2012 R2 - 2022), including testing, deployment, and validation.

Utilize WSUS, SCCM/Config Mgr, or Intune for automated patch deployment in a large-scale, multi-domain environment.

Develop and maintain detailed patching schedules and maintenance windows to minimize business disruption.

Create and manage automated scripts (Power Shell) to streamline patch deployment and post-patch validation.

Server Infrastructure Management

Administer and maintain a large, distributed fleet of physical and virtual (VMware/Hyper‑V) Windows servers.

Perform system hardening based on CIS benchmarks and company security policies.

Manage and configure core services including Active Directory, DNS, DHCP, Group Policy, and File/Print services.

Monitor server performance, capacity, and health, implementing proactive improvements.

Compliance & Documentation

Maintain meticulous records of all patching activities, compliance reports, and system changes for audit purposes.

Ensure the server environment complies with internal security policies and external regulatory standards (e.g., SOX, HIPAA, PCI‑DSS).

Create and update Standard Operating Procedures (SOPs) for vulnerability and patch management processes.

Serve as an escalation point for L2/L3 support teams for server‑related issues.

Work closely with other IT teams (Network, Security, Application) to coordinate changes and resolve complex problems.

Participate in a rotational on-call schedule for after‑hours support during critical patching cycles or outages.

Qualifications & Skills

5+ years

of hands‑on experience as a Windows Server Engineer in an enterprise environment.

Proven expertise

in enterprise vulnerability management and patch management tools (e.g., WSUS, SCCM, Qualys, Tenable).

Deep knowledge

of the Windows Server OS (2016, 2019, 2022) and its core roles and features.

Strong Power Shell scripting skills

for automation and task automation (e.g., automating patch deployments, generating reports).

Solid understanding of Active Directory, Group Policy, and DNS.

Experience with server virtualization platforms (VMware v Sphere or Microsoft Hyper‑V).

Excellent problem‑solving and analytical skills, with the ability to work under pressure.

Preferred

Experience with cloud platforms (Microsoft Azure/AWS) and hybrid infrastructure.

Familiarity with ITIL framework, specifically Change and Incident Management processes.

Knowledge of cybersecurity frameworks (e.g., NIST, CIS Controls).

Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

Information Technology, Health Care Provider, and Engineering

Industries: IT Services and IT Consulting, Hospitals and Health Care

Karachi Division, Sindh, Pakistan 3 days ago

#J-18808-Ljbffr