Sr. Patching and Vulnerability Management Analyst (Hybrid)

What We Are Looking For

Primary Purpose: We are seeking a skilled Sr. Patching and Vulnerability Management Analyst to support enterprise-wide patch management and vulnerability remediation across Windows servers and endpoints. This role operates as part of a collaborative team of SCCM/MECM and security professionals, contributing to the design, optimization, and execution of patching strategies.

The ideal candidate brings strong technical expertise, automation skills, and a proactive approach to improving patch compliance and reducing security risk while working closely with peers, security teams, and infrastructure teams. Experience handling zero-day threats, third-party patching, and risk-based prioritization is essential.

 

About the role:

This role plays an important part in maintaining the organization’s security posture by helping ensure systems are patched, compliant, and protected against emerging threats—working as part of a broader team dedicated to infrastructure reliability and cybersecurity.

 

What You Will Do

Essential Duties and Responsibilities

SCCM / MECM Engineering & Support

• Support the design, maintenance, and optimization of Microsoft Endpoint Configuration Manager (SCCM/MECM) infrastructure
• Monitor SCCM client health and assist in resolving performance and reliability issues
• Troubleshoot client, deployment, and update-related issues in collaboration with the team
• Contribute to improvements in SCCM architecture, scalability, and performance

Patch Management Operations

• Participate in the end-to-end Windows patch lifecycle (assessment, testing, deployment, validation, and reporting)
• Execute monthly patch cycles (Patch Tuesday), including support for out-of-band and urgent patching activities
• Assist in implementing phased deployment strategies (pilot groups and production rollouts)
• Help ensure patch deployments minimize business disruption

Vulnerability Management

• Support vulnerability assessment and remediation efforts by analyzing vulnerability data (CVE, CVSS scoring)
• Assist in prioritizing remediation activities based on risk and business impact
• Partner with cybersecurity teams to align patching activities with threat intelligence
• Contribute to reducing exposure to critical and high-risk vulnerabilities

Automation & Process Improvement

• Develop and maintain PowerShell scripts to automate routine patching and operational tasks
• Identify opportunities to improve efficiency and reduce manual processes
• Support continuous improvement of patch management procedures and standards

Compliance, Auditing & Reporting

• Help ensure all endpoints are properly inventoried and compliant with patching policies
• Assist with compliance tracking, reporting, and audit support activities
• Perform routine validation checks to ensure adherence to security standards

Incident Support & Troubleshooting

• Provide support for patch-related incidents and endpoint issues
• Troubleshoot failed deployments, update issues, and client health problems
• Participate in after-hours support for patching windows or critical issues as needed

Collaboration & Governance

• Work within established change management processes
• Collaborate with team members, security, and infrastructure teams on patching activities
• Contribute to documentation of processes, procedures, and system configurations
• Share knowledge and best practices within the team

What You Need

Required Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or related field (or equivalent experience)
• 3–5+ years of experience with Microsoft Endpoint Configuration Manager (SCCM/MECM)
• Experience supporting enterprise Windows patching environments
• Experience handling zero-day and out-of-band patching scenarios
• Strong knowledge of:
• Windows Server and Windows 10/11
• Windows Update processes and troubleshooting
• Proficiency in PowerShell scripting and automation
• Experience with:
• Vulnerability remediation processes
• Risk-based patch prioritization
• CVE / CVSS scoring concepts
• Solid understanding of:
• Active Directory, DNS, DHCP
• Networking fundamentals
• Strong troubleshooting skills across SCCM and Windows update issues

 

Preferred Qualifications

• Experience with Microsoft Intune / Endpoint Manager (co-management)
• Familiarity with Vulnerability Management tools
• Understanding of hybrid environments (on-premises and cloud)
• Experience with cloud platforms such as Microsoft Azure
• Experience with virtualization platforms:
• VMware
• Hyper-V
• Citrix
• Experience with alternative patching and endpoint management tools (beyond SCCM) is a plus

Why Join Kinder Morgan

Kinder Morgan is a large energy infrastructure company operating in North America. Access to reliable, affordable energy is a critical component for improving lives around the world. We are committed to providing energy transportation and storage services in a safe, efficient, and environmentally responsible manner for the benefit of the people, communities, and businesses we serve.

 

Kinder Morgan provides equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, sex, pregnancy, childbirth and related medical conditions, gender (including gender identity and expression), sexual orientation, national origin, ancestry, citizenship status, age, physical or mental disability, genetic information, marital status, military or veteran status, family status, status as an individual authorized to work in the U.S., or any other status protected by law.

 

For more information about Kinder Morgan, our culture, opportunities available, and to join our Talent Community, please visit our careers site at www.kindermorgan.com.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or related field (or equivalent experience)
• 3–5+ years of experience with Microsoft Endpoint Configuration Manager (SCCM/MECM)
• Experience supporting enterprise Windows patching environments
• Experience handling zero-day and out-of-band patching scenarios
• Strong knowledge of:
• Windows Server and Windows 10/11
• Windows Update processes and troubleshooting
• Proficiency in PowerShell scripting and automation
• Experience with:
• Vulnerability remediation processes
• Risk-based patch prioritization
• CVE / CVSS scoring concepts
• Solid understanding of:
• Active Directory, DNS, DHCP
• Networking fundamentals
• Strong troubleshooting skills across SCCM and Windows update issues

 

Preferred Qualifications

• Experience with Microsoft Intune / Endpoint Manager (co-management)
• Familiarity with Vulnerability Management tools
• Understanding of hybrid environments (on-premises and cloud)
• Experience with cloud platforms such as Microsoft Azure
• Experience with virtualization platforms:
• VMware
• Hyper-V
• Citrix
• Experience with alternative patching and endpoint management tools (beyond SCCM) is a plus

Essential Duties and Responsibilities

SCCM / MECM Engineering & Support

• Support the design, maintenance, and optimization of Microsoft Endpoint Configuration Manager (SCCM/MECM) infrastructure
• Monitor SCCM client health and assist in resolving performance and reliability issues
• Troubleshoot client, deployment, and update-related issues in collaboration with the team
• Contribute to improvements in SCCM architecture, scalability, and performance

Patch Management Operations

• Participate in the end-to-end Windows patch lifecycle (assessment, testing, deployment, validation, and reporting)
• Execute monthly patch cycles (Patch Tuesday), including support for out-of-band and urgent patching activities
• Assist in implementing phased deployment strategies (pilot groups and production rollouts)
• Help ensure patch deployments minimize business disruption

Vulnerability Management

• Support vulnerability assessment and remediation efforts by analyzing vulnerability data (CVE, CVSS scoring)
• Assist in prioritizing remediation activities based on risk and business impact
• Partner with cybersecurity teams to align patching activities with threat intelligence
• Contribute to reducing exposure t