Principal Vulnerability Management Analyst- Eng

**Job description****Company and benefits** Job ID**PRINC017915** Employment Type**Regular** Work Style**remote** Location**United States** Travel**Up to 25%** Role**Principal Vulnerability Management Analyst\- Eng** Why UKG: At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That’s what we do. We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you’ll get flexibility that’s real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters—and so do you. About the Team The Security Research \& Innovation (SRI) team within Global Security is a high\-impact, automation\-first security organization responsible for vulnerability management, security research, and red team operations. This team has an exceptional automation culture — all team members build production automation that eliminates manual work at scale. Our security researchers conduct deep\-dive source code audits, discover novel vulnerabilities in UKG products, build AI\-powered tools that find and help fix bugs at scale, and drive measurable risk reduction across the entire product portfolio. This team has produced findings that protected thousands of customer environments and built automation platforms that multiply the team's impact far beyond headcount. \*\*This position may perform work with the U.S. government therefore: \*\* * UKG is unable to offer sponsorship for this position. * Ideal candidate should be a U.S. Citizen Role Summary We are seeking a Sr. Staff Security Researcher who finds and fixes security vulnerabilities — and builds AI\-powered automation to do it at scale. This is a hands\-on technical role. You will audit source code, discover novel vulnerabilities in UKG's products and infrastructure, develop working proof\-of\-concept exploits, drive remediation with engineering teams, and build AI\-assisted tools that accelerate every phase of that lifecycle. The ideal candidate is someone who has found real bugs in real products, written real exploits, and built real tools — not someone who writes policies about how other people should do those things. You will be expected to produce tangible security outcomes: vulnerabilities found, vulnerabilities fixed, and automation that makes the next round faster. Key Responsibilities Vulnerability Discovery \& Security Research (35%) * Conduct deep\-dive source code audits of UKG products (Java, .NET, Python, JavaScript) to discover novel vulnerabilities — examples could be hardcoded secrets, authentication bypasses, injection flaws, cryptographic weaknesses, access control gaps, unsafe deserialization