Job Summary: UKG is seeking a talented Vulnerability Management Researcher to join our Product Security team chartered to identify, assess, and drive remediation of security vulnerabilities within our systems and infrastructure. This role requires a proactive individual with a deep understanding of security best practices, risk management, and vulnerability assessment tools. Our team works closely with cross-functional teams, including IT, development, and security operations, to ensure the timely identification and mitigation of vulnerabilities that could potentially impact the organization's security posture. This is a rare opportunity for the right Vulnerability Management Researcher to join UKGs award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today. Primary/Essential Duties and Key Responsibilities: Analyze vulnerabilities and prioritize them based on risk, exposure, and potential impact. Research emerging vulnerabilities, zero-day threats, and security advisories to evaluate their relevance and risk to UKG. Collaborate with IT, Cloud and Development teams to ensure identified vulnerabilities are remediated according to the SLA. Track remediation efforts and provide technical support to teams for patching and configuration changes. Evaluate the risk and develop compensating controls for vulnerabilities that cannot be patched immediately. Generate detailed reports and dashboards to track the status of vulnerability management activities and trends over time. Engage in the support and improvement of KPIs to monitor the effectiveness of the vulnerability management program. Recommend and implement improvements to the vulnerability management program and processes, including automation and tool enhancements. Basic Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 5+ years of experience in vulnerability management, security operations, or a related cybersecurity role. Hands-on experience with vulnerability management tools (e.g., Rapid7, Wiz, Checkmarx, Black Duck). Experience with cloud environments (AWS, Azure, GCP). Deep knowledge of security vulnerabilities, CVSS scoring, reachability, EPSS. Preferred Qualifications: Knowledge of static code security analysis and container security. Understanding of software development lifecycle processes and CI/CD pipeline security. Proficiency in scripting languages (e.g., Python, Bash, Powershell).
