Senior Patch Research Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Qualys is seeking an experienced Senior Windows Patch Management Catalog Researcher to take ownership of the patch catalog for the Patch Management team. In this senior role, you will not only research and author high-quality patch metadata for a broad range of third-party Windows applications but will also drive catalog strategy, define quality standards, mentor junior researchers, and lead automation initiatives. Your expertise will directly influence the reliability and breadth of Qualys Patch Management.

Patch Catalog Ownership and Strategy

• Own end-to-end delivery of patch metadata for assigned software families - from initial research to production publishing.
• Define and maintain catalog standards: field derivation rules, naming conventions, supersedence logic, and schema versioning.
• Proactively identify coverage gaps and prioritise onboarding based on customer demand and vulnerability risk.
• Build and maintain supersedence chains across software versions and architectures (x86, x64, ARM64).
• Track software End-of-Life (EOL) dates and manage timely catalog updates as support windows close.

Windows Patching - Advanced Expertise

• Serve as subject matter expert on Windows installer technologies: MSI/WiX, NSIS, InnoSetup, Squirrel, MSIX, and vendor-specific custom installers.
• Research, document, and validate silent installation parameters, exit codes, and reboot behaviors for complex installer types.
• Design and maintain test procedures for patch validation across multiple Windows OS versions.
• Troubleshoot installation failures, detection mismatches, and edge-case patching behaviours.

Detection Logic and Registry Expertise

• Architect robust, version-specific detection logic using registry keys, file attributes, and hybrid (Registry_and_File) detection methods.
• Define team detection standards - documenting which detection approach is preferred per installer type and why.
• Validate detection logic across 32-bit/64-bit registry views (WOW6432Node) and post-upgrade scenarios.
• Review and approve detection logic authored by junior researchers before catalog publishing.

Backend Patch Tool Architecture

• Deep understanding of how enterprise patch platforms (Qualys, SCCM, Ivanti, Adaptiva) discover, deploy, and verify patches at agent level.
• Understand the full agent-side workflow: download, hash verification, installer invocation, detection, reboot handling, and reporting.
• Provide technical input to Engineering on catalog schema design, detection engine requirements, and policy edge cases.
• Stay current on patch platform architecture changes and proactively adapt catalog practices.

Automation and Tooling Leadership

• Design, build, and own the Python automation pipeline for data collection, metadata generation, hash computation, and schema validation.
• Establish coding standards, code review practices, and documentation requirements for team scripts.
• Identify opportunities to reduce manual effort through automation and lead implementation.
• Evaluate and integrate third-party data sources (NVD API, GitHub Releases API, vendor RSS feeds) into the pipeline.

Mentoring and Team Leadership

• Mentor and guide junior Catalog Researchers - reviewing work, providing feedback, and building expertise.
• Conduct peer reviews of catalog entries for schema correctness, detection accuracy, and quality.
• Collaborate cross-functionally with Qualys VMDR, Engineering, QA, and Product Management teams.

Required Skills and Qualifications

• 6-8 years of experience in Windows systems administration, patch management, or software packaging.
• Expert-level knowledge of Windows OS internals - registry architecture, file system, WOW6432Node, user vs. system scope.
• Deep hands-on experience with 2+ enterprise patch platforms (Qualys, SCCM, Ivanti, Adaptiva, WSUS, or equivalent).
• Strong experience with manual patch installation - troubleshooting and repackaging MSI/EXE installers across diverse environments.
• Demonstrated ability to design and validate detection logic using registry keys, file attributes, and hybrid strategies.
• Proven track record of producing high-quality, schema-compliant technical documentation and metadata at scale.
• Strong communication skills - ability to articulate complex topics to both technical and non-technical stakeholders.

Nice to Have

• Prior experience building or maintaining an enterprise software patch catalog (Chocolatey, Adaptiva, ManageEngine, or similar).
• Familiarity with OVAL, SCAP, or other standardized patch/vulnerability description formats.
• Experience with CI/CD pipelines for automated catalog generation and deployment.
• Understanding of code signing, Authenticode verification, and SHA-256 hash validation workflows.
• Knowledge of ARM64 Windows platform nuances and multi-architecture software distribution challenges.
• Deep understanding of Windows Update infrastructure: WUA, WSUS, CBS/SFC, Windows Update for Business.
• PowerShell scripting for on-system detection validation and registry inspection.
• Exposure to Linux/macOS patching as secondary cross-platform awareness.
• Prior experience in a technical lead, catalog owner, or senior individual contributor role.