We're in alpha · Starting with US & Canada · Shipping weekly — your feedback shapes RiseMe
RiseMe
LoginSign Up
RJW Logistics logo
RJW Logistics Verified
Transportation, Logistics, Supply Chain and Storage

Windows/Linux Patching, Maintenance & Automation Engineer

Romeoville, Illinois, United StatesOnsiteFull TimePosted 1 day ago

Position Overview
The Windows/Linux Patching, Maintenance & Automation Engineer is responsible for enterprise-wide patching, OS maintenance, and automation across Windows Server 2016–2025 and RHEL 8/9 in VMware and Azure environments. This role will also assist with Identity and Access Management (IAM) technologies to ensure secure, auditable access patterns for systems management, scanning, and automation. You will lead patch strategy, drive remediation based on authenticated scan results and pen test findings and introduce Infrastructure as Code (IaC) to improve standardization, speed, and security.

Essential Duties and Responsibilities

1) Ownership of Patching & Maintenance (Windows + RHEL)

- Lead end-to-end patch operations: strategy, ring-based deployments, testing, maintenance windows, approvals,
and communications.
- Define and maintain patch baselines for Windows Server 2016–2025 and RHEL 8/9/10, including reboot
orchestration and exception workflows.
- Own lifecycle planning: OS version standards, EOL tracking, upgrades, templates/images, and baseline
hardening.
- Drive post-maintenance validation (service health, event/log checks, synthetic probes) and implement rollback
plans.

2) Tooling Leadership (Tanium + Intune)

- Own and optimize Tanium for patch deployment, compliance reporting, remediation actions, and operational
troubleshooting.
- Use Intune for endpoint policy posture and update orchestration where appropriate.
- Build and maintain patch runbooks, automated health checks, and common failure remediation playbooks.

3) Security Validation & Vulnerability Remediation

  • Use Tanium authenticated scans to validate remediation and produce audit-ready evidence.
  • Partner with Security to prioritize remediation based on exploitability, asset criticality, and exposure.
  • Convert Horizon3.ai NodeZero findings into actionable remediation plans; validate closure and prevent recurrence.

4) IAM Responsibilities (Hybrid Identity)

- Assist in the design and enforce IAM patterns for patching, scanning, and automation:
- Least privilege access models for administrators, service accounts, automation identities, and scanners
- Privileged access controls (e.g., tiered admin, just-in-time access, break-glass procedures)
- Credential and secret management practices for scripts/automation (vaulting, rotation, non-interactive
auth)
- Integrate identity controls with Windows and Linux administration models:
- AD/Azure AD identity patterns, RBAC, group-based access, role separation
- Linux privilege delegation patterns (sudoers hygiene, centralized identity where applicable)
- Ensure access is auditable and compliant: logging, review/recertification support, and evidence generation.

5) Azure Configuration Posture (CSPM-driven)

  • Use Microsoft Defender for Cloud recommendations to drive remediation of cloud configuration risks.
  • Work with cloud and security teams to implement secure baselines and reduce drift.

6) Automation & Infrastructure as Code (IaC)

- Build automation for patching workflows: pre-checks, phased rollouts, post-checks, exception handling,
rollbacks, reporting, and ticket/change integration.
- Introduce and design IaC for Azure and supporting infrastructure using Terraform and/or Bicep/ARM, with Gitbased review and promotion workflows.
- Create reusable modules/patterns that standardize provisioning, policy enforcement, and operational readiness.

7) Operational Excellence

- Participate in on-call and after-hours maintenance rotations.
- Lead incident response and root cause analysis for patch-related outages; write postmortems and implement
preventive controls.
- Maintain clear documentation: standards, runbooks, rollback procedures, and known issue libraries.

Required Qualifications

  • Proven ability to lead patch strategy (rings, baselines, risk management, validation, reporting).
  • Strong automation skills: PowerShell + Bash/Python; ability to build reliable, idempotent automation.
  • Directory services, RBAC/group-based access, privileged access patterns, service identities
  • Audit/logging considerations and access review support
  • Comfortable operating within change control and regulated operational processes.

Preferred Qualifications

  • VMware experience (vSphere operations, templates, snapshot strategy, maintenance coordination).
  • Azure experience (compute/network/storage, RBAC, logging/monitoring, policy governance).
  • Experience improving posture using Defender for Cloud (CSPM).
  • IaC expertise: Terraform and/or Bicep/ARM; GitOps workflows; module design.
  • Familiarity with hardening standards (CIS/STIG) and vulnerability management lifecycles.

Technologies & Tooling (Environment Fit)

  • Hybrid: VMware, Microsoft Azure
  • OS: Windows Server 2016–2025; RHEL 8/9
  • Mgmt/Patching: Tanium, Intune
  • Security: Tanium authenticated scans, Horizon3.ai NodeZero
  • Cloud posture: Microsoft Defender for Cloud (CSPM)
  • Automation/IaC: PowerShell, Bash/Python, Terraform/Bicep/ARM, Git workflows
  • IAM: AD/Azure AD (Entra ID), RBAC/role design, privileged access patterns, service identities/secret Management

Success Metrics

  • Patch compliance and vulnerability SLA adherence (verified by authenticated scanning)
  • Reduction in critical/high findings over time (including NodeZero-driven issues)
  • Decrease in manual patching effort via automation/IaC (hours saved / workflows automated)
  • Improvement in Defender for Cloud posture metrics and recommendation closure rate
  • Reduction in patch-related incidents and faster recovery when issues occur

Education and Experience

  • 5+ years of enterprise experience managing Windows Server and RHEL patching/maintenance at scale.
  • Experience with Tanium systems management/patching and compliance reporting (strongly preferred).
  • Experience with IAM technologies in hybrid environments (on-prem + Azure):

Work Environment

  • While performing the duties of this Job, the employee is occasionally exposed to moving mechanical parts, and fumes or airborne particles. The noise level in the work environment will range from quiet to moderately loud.

Employer Rights:
This job description is intended to provide general information about the Windows/Linux Patching, Maintenance & Automation Engineer position. The above does not constitute an exhaustive list of the job duties to be performed by an associate holding the position of Windows/Linux Patching, Maintenance & Automation Engineer, nor are the lists of the physical requirements and environmental conditions exhaustive. You may be asked by your supervisor or managers to perform other duties. Your performance will be evaluated in part based upon your performance of the job duties listed in this job description, as well as any job duties not specifically listed above that you may be asked
from time to time to perform.

As with all positions, the duties and responsibilities are subject to change at any time as needs arise and at the
discretion of the RJW Transport, Inc. The Company has the right to revise this job description at any time.

Employment-At-Will:
It is the Company's policy that all associates, other than those covered by a written individual employment or labor agreement with the Company that has been authorized in writing by the Company's Chief Executive Officer or Board of Directors, are not employed for any fixed term and are employed at the will of the Company for an indefinite period. Just as our associate's, reserve the right to resign their employment at any time for any reason the Company reserves its right to terminate an associate any time for any reason either with or without cause.

Neither this Job Description nor any of its individual terms constitute commitments between the Company and its associates as to the terms, conditions, or duration of employment, nor does it modify the prevailing Employment-At-Will relationship.

Req Benefits: We offer a competitive benefits package that includes health, dental, and vision insurance, life and disability, paid holidays, time off, retirement savings plan participation, and additional employee programs. Pay Transparency In order to support the Fair Compensation Strategy by the US Govt., HR Dept., clients are required to adhere to "Pay Transparency Law"; in the impacted states; that have mandated the employers to list the salary ranges in Job advertisements or postings for job opportunities and Job promotions.

Ready to apply?
You'll be redirected to RJW Logistics's application page.