Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Qualys is looking for a detail-oriented Windows Patch Management Catalog Researcher to join the Patch Management product team. In this role, you will be responsible for building and maintaining a comprehensive, accurate patch catalog covering a wide range of third-party Windows software.
Key Responsibilities
Patch Catalog Research & Authoring
-
Research, author, and maintain patch metadata for third-party Windows applications across a broad software catalog.
-
Identify new software releases, security updates, and version changes from vendor sources, changelogs, and security advisories (CVE/NVD).
-
Map vendor releases to structured metadata schemas, including version strings, download URLs, detection logic, and installation parameters.
-
Track software End-of-Life (EOL) dates and update catalog entries accordingly.
Windows Patching & Installation Knowledge
-
Document and validate silent installation parameters for diverse installer types (MSI, NSIS EXE, InnoSetup, WiX, etc.).
-
Research and verify correct msiexec.exe flags, NSIS /S switches, and equivalent silent/unattended arguments per software.
-
Determine accurate reboot behavior (Yes / No / Maybe) per installer type and document exit codes (success, reboot-required).
-
Manually test patch installation in sandbox environments and verify detection logic post-install.
Detection Logic & Registry Research
-
Research and validate Windows registry keys used to detect installed software versions (Uninstall hive, vendor-specific keys, DisplayVersion, etc.).
-
Identify and document file-based detection paths (FileVersion, ProductVersion attributes on key executables).
-
Understand the difference between 32-bit and 64-bit registry views (WOW6432Node) and apply the correct detection architecture per installer variant.
-
Validate detection logic against fresh installs and upgrades across supported Windows versions.
Backend Patch Tool Understanding
-
Understand how enterprise patch management platforms (e.g., Qualys Patch Management, SCCM, Ivanti, Adaptiva) discover, deploy, and verify patches.
-
Familiarity with how catalogs are consumed by patch engines — detection-before-install logic, supersedence evaluation, and deployment policy enforcement.
Required Skills & Qualifications
-
4-5 years of experience in Windows systems administration, patch management, or software packaging.
-
Strong understanding of Windows OS internals — registry structure, file system, user vs. system installation scopes, environment variables, and PATH management.
-
Hands-on experience with Windows patching tools (WSUS, SCCM/ConfigMgr, Ivanti, Qualys, Chocolatey, or equivalent).
-
Experience with manual patch installation — running MSI/EXE installers, using msiexec.exe with switches, repackaging software.
-
Solid understanding of installer technologies: MSI/WiX, NSIS, InnoSetup, Squirrel, and their silent install mechanisms.
-
Familiarity with the Windows registry and the ability to trace installation artifacts to their registry keys.
Nice to Have
-
Experience building or maintaining a software patch catalog (Adaptiva, Chocolatey, ManageEngine, or similar).
-
Experience with Windows Installer (MSI) internals — product codes, upgrade codes, component tables.
-
Knowledge of ARM64 Windows platform nuances and multi-architecture software distribution.
-
Good understanding of Windows Update infrastructure (WUA, WSUS, CBS/SFC).
-
Scripting experience in Python or PowerShell.
