Job Title: Security Compliance Engineer Lead Location: Remote (U.S.-based) Employment Type: Contract (12+ months, with potential for extension) About Us: CirrusLabs is a leading consulting firm based in Alpharetta, GA, specializing in delivering innovative technical solutions to clients across various industries. We are committed to excellence, agility, and exceeding customer expectations. About the Opportunity: We are a trusted technology consultancy supporting a Fortune 50 enterprise IT organization in delivering a large-scale patch compliance transformation. We are building a high-performing team of Security Compliance Engineers to support patching, remediation, reporting, and tooling optimization across an enterprise workstation environment exceeding 215,000 Windows and Linux endpoints. This team will play a central role in improving the client's overall endpoint security posture, reducing vulnerability exposure, and driving compliance maturity. Engineers will work in close coordination with an Architect-level lead and other infrastructure teams across the enterprise. Role Summary: As a Security Compliance Engineer – SCCM Workstation Patching, you will serve as the subject matter expert in Microsoft System Center Configuration Manager (SCCM) within a broader patch compliance engineering team. You will lead efforts in configuring and executing large-scale patch deployments, building automation scripts, optimizing patch targeting logic, and supporting pre-/post-deployment workflows. While your core focus will be SCCM, you will collaborate across the broader stack, including Intune, Autopatch, PatchMyPC, and Qualys. You will help ensure enterprise-wide consistency and reliability in patching processes, particularly across Windows OS and Microsoft Office deployments, while contributing to the broader mission of reducing endpoint risk and improving vulnerability compliance. Key Responsibilities: SCCM-Centric Patch Management • Lead the design, configuration, and execution of patch deployment jobs using SCCM • Build and manage baseline packages and integrate pre- and post-deployment scripting • Troubleshoot patch deployment failures and optimize SCCM query logic to ensure targeted success Cross-Tool Collaboration: • Support integration and handoffs between SCCM and complementary tools such as Intune, Autopatch, and PatchMyPC • Contribute to vulnerability remediation strategy through Qualys scan data and compliance trends Proactive Remediation: • Assist in automating updates for third-party and end-of-life software • Contribute to attack surface reduction and controls for blocking reintroduction of non-compliant applications Reporting & Analytics: • Collaborate with the reporting engineer to track historical compliance, patch trends, and identify reimage candidates • Support dashboard development for patch status and SLA metrics Technology Stack & Tooling Focus: While SCCM will be your primary domain, you will collaborate across the full platform set: Vulnerability Reporting • Qualys, Qualys VMDR Windows OS Patching • Windows Autopatch, SCCM Microsoft Office Patching • Cloud Update, SCCM Third-Party Application Patching • PatchMyPC, SCCM, Qualys VMDR, Nexthink Required Qualifications: • 5+ years of experience in endpoint security or IT operations with a focus on Microsoft SCCM • Proven ability to manage SCCM patch baselines, package creation, deployment orchestration, and post-deployment validation • Experience supporting patching at scale in large enterprise environments • Strong scripting skills using PowerShell or other automation tools • Ability to interpret vulnerability data and translate into actionable SCCM tasks • Strong teamwork and communication skills in a distributed, multi-tool environment Preferred Qualifications: • Experience in enterprise environments with 100,000+ endpoints • Familiarity with complementary tools: Intune, Windows Autopatch, PatchMyPC, Qualys • Understanding of compliance frameworks (e.g., NIST, CIS Benchmarks) • Experience with vulnerability management and risk orchestration tools such as Brinqa and Vulcan • Prior experience contributing to a centralized patch governance team