Software Patching, Lifecycle Management Engineer III

Company Overview

At Mitsubishi Power, we're not just building better clean energy technologies; we're architecting a better future. Our team is boldly redefining power generation to accelerate the world's energy transition. We operate as one team, pushing toward our vision of the future. We value problem solvers, prioritize collaboration, and support each other in an inclusive culture built on accountability and authenticity by demonstrating our values: Safety, Family, Innovative, Inclusive, Accountable & Courageous. Together, we’re building the future we all aspire to - making net zero a reality.

Role Overview

The Software Patching, Lifecycle & OT Cybersecurity Management Engineer is responsible for the review, validation, packaging, documentation, and deployment support of software, firmware, and security updates across secure operational technology (OT) and control system environments. This role supports Windows and Linux systems operating in both air‑gapped control systems and enterprise OT networks, ensuring updates are applied in a controlled, secure, and auditable manner.

The position owns the end‑to‑end patch and vulnerability management lifecycle, including patch applicability review, lab validation, vulnerability scanning, risk assessment, remediation coordination, scripting and automation, and compliance documentation. Working closely with engineering, cybersecurity, and field teams, the engineer ensures updates are implemented accurately and aligned with operational and security requirements.

The ideal candidate is a self‑driven professional with strong technical expertise in operating systems, virtualization, scripting, and cybersecurity fundamentals. This role requires sound engineering judgment, the ability to communicate technical risks and remediation strategies effectively, and a commitment to supporting critical infrastructure environments with a high degree of reliability and security awareness.

Key Responsibilities

• Demonstrates our core competencies: Action oriented, change champion, customer-focused, developing self & others, and ownership
• Assess and validate patch applicability by reviewing OS patches, hotfixes, firmware updates, antivirus definitions, and third‑party releases for use in OT and control system environments.
• Perform patch validation and testing in lab environments to confirm compatibility, cybersecurity impact, and operational safety prior to deployment.
• Execute patch deployment for Windows and Linux systems in accordance with defined schedules, maintenance windows, and change management processes.
• Conduct vulnerability scanning and analysis, evaluating CVEs, severity, and exploitability to determine remediation actions or risk disposition.
• Coordinate and track remediation activities with system owners, field teams, and customers, validating fixes through re‑scan or functional verification.
• Develop and maintain patch deployment packages for offline, air‑gapped, and restricted environments, including secure distribution methods.
• Administer centralized patch management tools (e.g., WSUS) and support associated reporting and tracking workflows.
• Develop and utilize automation and scripting tools (PowerShell, Python, Bash) to support patching, validation, reporting, and system health checks.
• Support lifecycle maintenance of virtualized environments (e.g., VMware ESXi, Proxmox), including coordination of patching activities and validation.
• Troubleshoot patching and scanning issues, performing root cause analysis and coordinating resolution with internal teams or vendors.
• Maintain comprehensive technical documentation, including procedures, validation records, vulnerability evidence, release notes, and customer guidance.
• Document patch decisions and risk posture, including approved/deferred patches, known issues, incompatibilities, and mitigation strategies.
• Support configuration and change management processes, including backup, rollback, and recovery planning.
• Support compliance and audit readiness, including documentation and evidence collection for regulated environments (e.g., NERC CIP).
• Collaborate cross‑functionally with engineering, cybersecurity, infrastructure, product management, and field service teams to align priorities and release timing.
• Provide remote and on‑site support for customer patching, vulnerability remediation, lifecycle maintenance, and system recovery activities.
• Drive continuous improvement initiatives to enhance patch quality, operational efficiency, and cybersecurity posture.
• Ensure adherence to company policies, cybersecurity standards, safety requirements, and customer expectations.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Computer Engineering, Electrical Engineering, or a related field; or equivalent relevant work experience.
• 3–7 years in patch management, systems engineering, OT support, cybersecurity operations, vulnerability management, or a related technical field.
• Strong hands‑on experience administering Windows and Linux systems.
• Experience supporting patching and lifecycle maintenance in offline, air‑gapped, or restricted environments, including maintaining offline update repositories for Windows and Linux.
• Experience executing and interpreting vulnerability scans, including CVE analysis, severity scoring, exploitability assessment, remediation tracking, and closure verification.
• Familiarity with Active Directory, Group Policy, Windows Remote Management (WinRM), and WSUS in domain environments.
• Proficiency with PowerShell, Python, and/or Bash for automation, reporting, and operational support.
• Experience supporting virtualization platforms such as VMware and related infrastructure.
• Experience with endpoint management tools such as Tanium, including scripting and/or package deployment (preferred).
• Experience supporting operational technology (OT), industrial control systems (ICS), or critical infrastructure environments.
• Familiarity with vulnerability management workflows, least privilege, secure update handling, audit documentation, and risk acceptance processes.
• Knowledge of NERC CIP or other regulated cybersecurity requirements (preferred).
• Strong troubleshooting, root cause analysis, and problem‑solving skills.
• Ability to produce clear technical documentation (procedures, validation records, reports, release notes) and customer‑facing guidance/correspondence; ability to present technical information and respond to questions from managers, customers, and field personnel.
• Strong organizational and time‑management skills, including managing recurring deliverables and remediation tracking.
• Experience supporting customers remotely and onsite in production environments.
• Flexibility to work outside standard business hours to support maintenance windows.
• Ability to travel up to 20%.

Why Should You Apply?

• Excellent Benefits (Medical, Dental, Vision & 401K Matching).
• Excellent development programs and advancement opportunities.
• Tuition reimbursement and on-the-job training.
• Paid vacation, sick time, and holidays.
• Committed to quality products and services.
• Great working environment and culture.
• Employee Appreciation Programs and Event.

Mitsubishi Power is an Equal Employment Opportunity (EEO) employer actively seeking to diversify the workforce and is committed to a policy of equal employment opportunity. Therefore, all qualified applicants regardless of race, color, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, or any other legally recognized protected basis under applicable law, are strongly encouraged to apply.