← Back to all jobs
U

Staff Vulnerability Management Analyst- AI Automation Security Researcher

UKG

12h ago

0$115k - $165kOtherUSjobspy_indeed
remoteindeed

Job Description

Job description Company and benefits Job ID STAFF019043 Employment Type Regular Work Style remote Location United States Travel Up to 25% Role Staff Vulnerability Management Analyst\- AI Automation Security Researcher Why UKG: At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That’s what we do. We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you’ll get flexibility that’s real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters—and so do you. About the Team The research and innovation team within Global Security is a high\-impact, automation\-first security organization responsible for vulnerability management, security research, and red team operations. This team has an exceptional automation culture — all team members build production automation to find and remediate vulnerabilities, with the goal to reduce manual work at scale. ##### **Role Summary** We are seeking a Vulnerability Management engineer to join our team as both a vulnerability management practitioner and an automation builder. This role combines traditional vulnerability analysis and remediation coordination with a strong emphasis on developing AI\-powered tools and automations that scale the team's effectiveness. You will analyze vulnerabilities across infrastructure, cloud, and application layers, coordinate remediation with engineering teams, and build automation that makes the entire program faster and smarter. Key Responsibilities Vulnerability Discovery \& Security Research (40%) * Conduct deep\-dive source code audits of UKG products (Java, .NET, Python, JavaScript) to discover novel vulnerabilities — examples could be hardcoded secrets, authentication bypasses, injection flaws, cryptographic weaknesses, access control gaps, unsafe deserialization, etc. * Develop working proof\-of\-concept exploits that demonstrate real impact — not theoretical risk, but provable exploitation with clear data exposure or access escalation * Perform variant analysis: when you find a bug, systematically search the entire codebase for every instance of the same root cause pattern * Triage and validate findings from automated scanners (SAST, DAST, SCA) — separate real vulnerabilities from false positives using source\-level analysis * Investigate and reproduce externally reported vulnerabilities (bug bounty, CVEs, vendor advisories) to assess actual exploitability in UKG's environment * Collaborate with engineering teams on remediation — not just filing tickets, but working with developers to design, validate fixes, and drive to remediation. AI\-Powered Vulnerability Automation (35%