Patch Research Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Qualys is looking for a detail-oriented Windows Patch Management Catalog Researcher to join the Patch Management product team. In this role, you will be responsible for building and maintaining a comprehensive, accurate patch catalog covering a wide range of third-party Windows software.
 

Key Responsibilities

Patch Catalog Research & Authoring

• Research, author, and maintain patch metadata for third-party Windows applications across a broad software catalog.
• Identify new software releases, security updates, and version changes from vendor sources, changelogs, and security advisories (CVE/NVD).
• Map vendor releases to structured metadata schemas, including version strings, download URLs, detection logic, and installation parameters.
• Track software End-of-Life (EOL) dates and update catalog entries accordingly.

Windows Patching & Installation Knowledge

• Document and validate silent installation parameters for diverse installer types (MSI, NSIS EXE, InnoSetup, WiX, etc.).
• Research and verify correct msiexec.exe flags, NSIS /S switches, and equivalent silent/unattended arguments per software.
• Determine accurate reboot behavior (Yes / No / Maybe) per installer type and document exit codes (success, reboot-required).
• Manually test patch installation in sandbox environments and verify detection logic post-install.

Detection Logic & Registry Research

• Research and validate Windows registry keys used to detect installed software versions (Uninstall hive, vendor-specific keys, DisplayVersion, etc.).
• Identify and document file-based detection paths (FileVersion, ProductVersion attributes on key executables).
• Understand the difference between 32-bit and 64-bit registry views (WOW6432Node) and apply correct detection architecture per installer variant.
• Validate detection logic against fresh installs and upgrades across supported Windows versions.

Backend Patch Tool Understanding

• Understand how enterprise patch management platforms (e.g., Qualys Patch Management, SCCM, Ivanti, Adaptiva) discover, deploy, and verify patches.
• Familiarity with how catalogs are consumed by patch engines — detection-before-install logic, supersedence evaluation, and deployment policy enforcement.

Required Skills & Qualifications

• 4-5 years of experience in Windows systems administration, patch management, or software packaging.
• Strong understanding of Windows OS internals — registry structure, file system, user vs. system installation scopes, environment variables, and PATH management.
• Hands-on experience with Windows patching tools (WSUS, SCCM/ConfigMgr, Ivanti, Qualys, Chocolatey, or equivalent).
• Experience with manual patch installation — running MSI/EXE installers, using msiexec.exe with switches, repackaging software.
• Solid understanding of installer technologies: MSI/WiX, NSIS, InnoSetup, Squirrel, and their silent install mechanisms.
• Familiarity with the Windows registry and the ability to trace installation artifacts to their registry keys.

Nice to Have

• Experience building or maintaining a software patch catalog (Adaptiva, Chocolatey, ManageEngine, or similar).
• Experience with Windows Installer (MSI) internals — product codes, upgrade codes, component tables.
• Knowledge of ARM64 Windows platform nuances and multi-architecture software distribution.
• Good understanding of Windows Update infrastructure (WUA, WSUS, CBS/SFC).
• Scripting experience in Python or PowerShell.