research
Posted 7 hours agoSenior Patch Research Engineer
at Qualys
Pune, IndiaHybrid
Responsibilities
- Define and maintain catalog standards: field derivation rules, naming conventions, supersedence logic, and schema versioning.
- Proactively identify coverage gaps and prioritise onboarding based on customer demand and vulnerability risk.
- Build and maintain supersedence chains across software versions and architectures (x86, x64, ARM64).
- Track software End-of-Life (EOL) dates and manage timely catalog updates as support windows close.
- Research, document, and validate silent installation parameters, exit codes, and reboot behaviors for complex installer types.
- Design and maintain test procedures for patch validation across multiple Windows OS versions.
- Troubleshoot installation failures, detection mismatches, and edge-case patching behaviours.
- Define team detection standards - documenting which detection approach is preferred per installer type and why.
- Validate detection logic across 32-bit/64-bit registry views (WOW6432Node) and post-upgrade scenarios.
- Review and approve detection logic authored by junior researchers before catalog publishing.
- Establish coding standards, code review practices, and documentation requirements for team scripts.
- Identify opportunities to reduce manual effort through automation and lead implementation.
- Evaluate and integrate third-party data sources (NVD API, GitHub Releases API, vendor RSS feeds) into the pipeline.
- Conduct peer reviews of catalog entries for schema correctness, detection accuracy, and quality.
- Collaborate cross-functionally with Qualys VMDR, Engineering, QA, and Product Management teams. Required Skills and
- Proven track record of producing high-quality, schema-compliant technical documentation and metadata at scale.
Requirements
- Windows Patching - Advanced Expertise Serve as subject matter expert on Windows installer technologies: MSI/WiX, NSIS, InnoSetup, Squirrel, MSIX, and vendor-specific custom installers.
- Backend Patch Tool Architecture Deep understanding of how enterprise patch platforms (Qualys, SCCM, Ivanti, Adaptiva) discover, deploy, and verify patches at agent level.
- Automation and Tooling Leadership Design, build, and own the Python automation pipeline for data collection, metadata generation, hash computation, and schema validation.
- experience in Windows systems administration, patch management, or software packaging.
- Expert-level knowledge of Windows OS internals - registry architecture, file system, WOW6432Node, user vs. system scope. Deep hands-on
- experience with 2+ enterprise patch platforms (Qualys, SCCM, Ivanti, Adaptiva, WSUS, or equivalent). Strong
- experience with manual patch installation - troubleshooting and repackaging MSI/EXE installers across diverse environments.
- Demonstrated ability to design and validate detection logic using registry keys, file attributes, and hybrid strategies.
- Familiarity with OVAL, SCAP, or other standardized patch/vulnerability description formats.
- Experience with CI/CD pipelines for automated catalog generation and deployment.
- Understanding of code signing, Authenticode verification, and SHA-256 hash validation workflows.
- Knowledge of ARM64 Windows platform nuances and multi-architecture software distribution challenges.
- Deep understanding of Windows Update infrastructure: WUA, WSUS, CBS/SFC, Windows Update for Business.
- PowerShell scripting for on-system detection validation and registry inspection.
- Exposure to Linux/macOS patching as secondary cross-platform awareness. Prior
- experience in a technical lead, catalog owner, or senior individual contributor role.
Additional details
- Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
- About the Role Qualys is seeking an experienced Senior Windows Patch Management Catalog Researcher to take ownership of the patch catalog for the Patch Management team.
- In this senior role, you will not only research and author high-quality patch metadata for a broad range of third-party Windows applications but will also drive catalog strategy, define quality standards, mentor junior researchers, and lead automation initiatives.
- Your expertise will directly influence the reliability and breadth of Qualys Patch Management. Key
- Responsibilities Patch Catalog Ownership and Strategy Own end-to-end delivery of patch metadata for assigned software families - from initial research to production publishing.
- Detection Logic and Registry Expertise Architect robust, version-specific detection logic using registry keys, file attributes, and hybrid (Registry_and_File) detection methods.
- Understand the full agent-side workflow: download, hash verification, installer invocation, detection, reboot handling, and reporting.
- Provide technical input to Engineering on catalog schema design, detection engine requirements, and policy edge cases.
- Stay current on patch platform architecture changes and proactively adapt catalog practices.
- Mentoring and Team Leadership Mentor and guide junior Catalog Researchers - reviewing work, providing feedback, and building expertise.