Vulnerability Management Analyst III- Eng

Why UKG:

At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That's what we do.

We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you'll get flexibility that's real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters-and so do you.

About UKG

Our Global Security organization protects UKG's customers, data, and infrastructure across a multi-cloud enterprise environment processing sensitive employee and payroll data for tens of thousands of customer tenants.

About the Team

The Security Research & Innovation (SRI) team within Global Security manages UKG's enterprise vulnerability management program - tracking, triaging, and driving remediation of security vulnerabilities across all products, infrastructure, and cloud environments. This is an automation-first team: we build tools that scale our impact beyond what headcount alone can achieve.

Our vulnerability management function leverages AI-assisted automation for vulnerability discovery, intelligent ticket routing, SLA monitoring, and dashboard reporting. Team members are expected to not just process vulnerabilities but actively build automation that eliminates manual toil.

• Analyze and triage vulnerabilities (code and infrastructure) from multiple scanning platforms across cloud, infrastructure, and application layers
• Coordinate remediation with engineering teams by creating actionable tickets with clear ownership, severity, and SLA expectations
• Track remediation SLAs and escalate breaches to engineering management
• Perform root cause analysis on recurring vulnerability patterns and recommend systemic fixes
• Support third-party vulnerability management programs
• Manage vulnerability exceptions, risk acceptances, and compensating controls documentation

• Build and maintain automation pipelines that streamline vulnerability intake, triage, and routing using Python, APIs, and AI/ML tools
• Develop AI-assisted vulnerability analysis tools using LLMs for automated severity assessment, impact analysis, and remediation guidance
• Create and enhance ticket automation workflows that auto-create, route, and escalate vulnerabilities based on severity, asset ownership, and SLA status
• Build integrations between security scanning platforms and ticketing systems for automated vulnerability lifecycle management
• Leverage Claude Code, MCP servers, and enterprise AI tools to automate repetitive analysis tasks and reporting
• Contribute to the team's shared automation repositories and Claude Code skills store

• Maintain and enhance vulnerability dashboards that provide real-time visibility into vulnerability posture, SLA compliance, and remediation trends
• Generate weekly, monthly, and quarterly vulnerability reports for security leadership and engineering stakeholders
• Track and report on key vulnerability metrics: mean time to remediate (MTTR), SLA compliance rates, vulnerability backlog trends, and risk reduction over time
• Support audit and compliance requirements with vulnerability management evidence

• Assist with vulnerability scanning platform operations (scan scheduling, policy configuration, agent deployment)
• Identify gaps in scanning coverage and recommend new tools or configurations
• Support ServiceNow integration for infrastructure vulnerability tracking
• Participate in incident response when vulnerability exploitation is suspected

• 3+ years of experience in vulnerability management, security operations, or a closely related cybersecurity discipline
• 2+ years working with enterprise vulnerability scanning tools
• Proficiency in AI and scripting for automation - ability to write production-quality code that integrate APIs, process data, and automate workflows
• Experience with Jira or similar ticketing systems for vulnerability tracking and remediation coordination
• Understanding of CVE/CVSS scoring, vulnerability lifecycle management, and SLA-based remediation programs
• Familiarity with cloud security concepts and common cloud vulnerability patterns
• Understanding of network, OS, and application-level vulnerabilities and their remediation approaches
• Strong written communication skills - ability to create clear, actionable vulnerability tickets and reports
• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience

• Hands-on experience with Claude Code coding assistants for security tooling development
• Experience building integrations between security platforms and ticketing/workflow systems
• Experience with SCA (Software Composition Analysis) vulnerability management and open-source risk
• Familiarity with common developer workflows (GitHub, Jira, ServiceNow, etc)
• Experience with external risk rating platforms
• Knowledge of container security, Kubernetes vulnerability management, and cloud-native security tooling
• Experience with dashboard development for vulnerability metrics
• Security certifications: CompTIA Security+, CySA+, CEH, or equivalent
• Experience in SaaS/multi-tenant environments processing sensitive data

• Join a team where automation is a core expectation - all team members build production automation tools
• Have access to enterprise AI infrastructure (Claude Code, LiteLLM, MCP servers) to build AI-powered security tools
• Work alongside experienced automation builders who have created integrations, AI-assisted dashboards, and automated routing systems
• Own projects end-to-end - from identifying a manual process to building and deploying the automation that eliminates it
• Grow your career in an environment that values builders