Req ID: 373588 

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Patch/Deployment Management to join our team in Noida, Uttar Pradesh (IN-UP), India (IN).

The Grade 9 Senior Specialist – Patch Management & Software Deployment is a senior hands-on technical role within NTT DATA's Enterprise Endpoint Management (EPM) practice. This individual owns the design, execution, and continuous improvement of enterprise patch management and software deployment operations across Microsoft Endpoint Configuration Manager (SCCM/MECM) and Microsoft Intune for one or more enterprise client accounts.

At Grade 9, the engineer operates with a high degree of independence on complex patching and deployment challenges, serves as the L3 escalation point for patch and software deployment issues within the team, and actively contributes to process governance, automation, and junior team development. The role is critical to client patch compliance posture, vulnerability remediation SLA adherence, and software lifecycle discipline across large, diverse endpoint estates.

Patch Management – SCCM / MECM

• Design and govern the end-to-end software update management lifecycle in SCCM — from SUP synchronisation through ADR execution, deployment targeting, and compliance reporting.
• Architect and maintain WSUS topology — upstream/downstream server configuration, product and classification scoping, synchronisation schedules, and cleanup routines.
• Build and manage Automatic Deployment Rules (ADRs) for Patch Tuesday, out-of-band, and zero-day update scenarios across tiered deployment ring strategies.
• Define and enforce maintenance window frameworks across server, workstation, and critical asset device collections aligned to client change management policies.
• Manage phased patch deployment pipelines — Pilot, UAT, and Production ring progressions with dwell periods and compliance gates.
• Monitor patch compliance dashboards and produce client-facing SLA compliance reports; drive remediation for non-compliant devices.
• Govern Software Update Point (SUP) health — synchronisation failures, WSUS certificate management, expired update cleanup, and IIS health monitoring.
• Manage third-party patch management integration within SCCM where applicable — SCUP, or third-party update catalogue publishing.
• Lead post-patch validation activities — confirming deployment success, identifying failed devices, and driving re-deployment or manual remediation workflows.

Patch Management – Microsoft Intune / Windows Update for Business

• Design and manage Windows Update for Business (WUfB) update ring policies in Intune for Quality Updates, Feature Updates, and driver update management.
• Configure and maintain Feature Update policies and Windows 11 readiness targeting for Intune-managed device populations.
• Govern Intune update compliance reporting — identify deferred, failed, and non-compliant devices and drive resolution within SLA.
• Manage Expedite Update workflows in Intune for emergency/zero-day patch scenarios requiring accelerated deployment.
• Align Intune update ring configurations with SCCM co-management patch workload authority assignments to prevent policy conflicts.
• Support Windows Autopatch readiness assessment and onboarding activities for eligible client environments.

Software Deployment – SCCM / MECM

• Lead application and software deployment design in SCCM — MSI, MSIX, EXE, and script-based deployments with accurate detection rules, supersedence chains, and dependency modelling.
• Build and manage SCCM deployment types, requirement rules, and global conditions for complex multi-platform application targeting.
• Design and govern phased deployment pipelines for critical software rollouts — piloting, staged production expansion, and rollback capability.
• Manage SCCM application catalogue health, deployment monitoring, and failed deployment investigation across client device estates.
• Govern SCCM Distribution Point (DP) content management — content pre-staging, validation, redistribution, and bandwidth throttling for remote site deployments.
• Lead software lifecycle management within SCCM — application versioning, supersedence, retirement, and catalogue hygiene.
• Support Software Metering configuration for licence compliance monitoring and usage reporting.

Software Deployment – Microsoft Intune

• Build and manage Win32 application deployments in Intune — IntuneWinAppUtil packaging, detection rules, requirement rules, and dependency targeting.
• Manage LOB app, Microsoft Store for Business, and MSIX package deployments in Intune with appropriate assignment targeting.
• Govern app deployment monitoring and remediation — resolve installation failures, assignment conflicts, and detection rule mismatches.
• Manage Intune app supersedence and update workflows for deployed Win32 and LOB applications.
• Support PowerShell script and remediation deployment via Intune for configuration enforcement and break-fix automation.

Compliance Reporting & Vulnerability Remediation

• Produce and maintain patch compliance dashboards in SCCM SSRS, Power BI, or equivalent reporting tooling for client account review.
• Integrate patch compliance data with vulnerability management outputs (Qualys, Tenable, Defender Vulnerability Management) to drive prioritised remediation workflows.
• Maintain SLA compliance tracking for patch deployment targets — Critical, High, Medium, and Low severity update timelines.
• Lead monthly patch reporting packs for client QSR (Quarterly Service Review) inputs and governance reporting.
• Identify systemic compliance failures — analyse root causes (hardware, connectivity, agent health, exclusions) and drive permanent fixes.

Automation & Scripting

• Develop and maintain PowerShell automation for SCCM patch operations — ADR management, collection membership, compliance queries, and remediation scripts.
• Build Microsoft Graph API integrations for Intune patch compliance reporting, update ring management, and bulk device operations.
• Automate WSUS maintenance routines — expired update decline, computer cleanup, and synchronisation health monitoring.
• Create PowerShell-based deployment health check scripts for post-patch and post-deployment validation.

Documentation, Governance & Mentoring

• Author and maintain patch management SOPs, runbooks, deployment playbooks, and maintenance window calendars.
• Represent patch and deployment changes in the client CAB (Change Advisory Board) process — RFC preparation and impact assessment.
• Provide L3 technical guidance and mentoring to Grade 7 and Grade 8 engineers on patch and software deployment operations.
• Conduct peer reviews of deployment configurations, ADR setups, and compliance reporting produced by junior team members.
• Contribute to EPM practice knowledge base, lessons learned documentation, and internal technical communities.

SCCM / MECM – Patch & Deployment

• SCCM Current Branch – Software Update Management: SUP, WSUS, ADR, Maintenance Windows, Phased Deployments (advanced level)
• Application deployment – MSI/MSIX/EXE, detection rules, supersedence, dependency modelling, phased rollout
• Distribution Point management – content prestaging, bandwidth throttling, remote DP operations
• SCCM reporting – SSRS built-in reports, custom compliance queries, WQL collection queries
• Third-party patch integration – SCUP or third-party catalogue publishing experience (desirable)
• Co-management – patch workload authority, Intune/SCCM policy conflict avoidance

Microsoft Intune – Patch & Deployment

• Windows Update for Business (WUfB) – update rings, Feature Update policies, driver management, expedite workflows
• Win32 app packaging and deployment – IntuneWinAppUtil, detection rules, requirement rules, dependency
• Intune compliance and update reporting – built-in reports, Graph API-based custom reporting
• Remediation scripts and PowerShell deployment via Intune
• Intune co-management alignment – patch workload and policy authority coordination with SCCM

Vulnerability & Compliance Integration

• Integration of patch compliance with vulnerability management tools – Qualys VMDR, Tenable, or Microsoft Defender Vulnerability Management
• SLA-based patch compliance tracking and executive reporting
• Power BI or SSRS for patch compliance dashboard development

Scripting & Automation

• PowerShell – advanced scripting for SCCM patch operations, WSUS maintenance, Intune automation
• Microsoft Graph API – Intune patch compliance, update ring management, bulk device operations
• WMI/CIM – SCCM device collection queries, patch state interrogation

• Microsoft Certified: Endpoint Administrator Associate (MD-102) – held or in progress
• Microsoft Certified: Azure Administrator Associate (AZ-104)
• ITIL v4 Foundation
• Experience with Windows Autopatch assessment and onboarding
• Familiarity with SCCM CMG (Cloud Management Gateway) for internet-based patch management
• Exposure to Qualys VMDR, Tenable.io, or Microsoft Defender Vulnerability Management integration with SCCM/Intune
• Prior experience delivering patch compliance in regulated environments — ISO 27001, HIPAA, SOX, or PCI-DSS

• 9–12 years of progressive experience in enterprise endpoint management.
• Minimum 5 years of hands-on SCCM/MECM Software Update Management and application deployment experience.
• Minimum 2 years of Microsoft Intune WUfB and Win32 application deployment experience.
• Proven track record managing patch compliance across multi-site enterprise estates of 5,000+ endpoints.
• Experience working in managed services, IT outsourcing, or large enterprise IT delivery models preferred.

• B.E. / B.Tech in Computer Science, Information Technology, or a related engineering discipline.
• MCA or equivalent postgraduate qualification considered with commensurate experience.

About NTT DATA

NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D.

Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us.

NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.