Staff Vulnerability Management Analyst- AI Automation Security Researcher
$115.1k - $165.45kUKG (Ultimate Kronos Group)
Why UKG: At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That’s what we do. We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you’ll get flexibility that’s real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters—and so do you. About the Team The research and innovation team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and red team operations. This team has an exceptional automation culture — all team members build production automation to find and remediate vulnerabilities, with the goal to reduce manual work at scale. Role Summary We are seeking a Vulnerability Management engineer to join our team as both a vulnerability management practitioner and an automation builder. This role combines traditional vulnerability analysis and remediation coordination with a strong emphasis on developing AI-powered tools and automations that scale the team's effectiveness. You will analyze vulnerabilities across infrastructure, cloud, and application layers, coordinate remediation with engineering teams, and build automation that makes the entire program faster and smarter. Key Responsibilities Vulnerability Discovery & Security Research (40%) Conduct deep-dive source code audits of UKG products (Java, .NET, Python, JavaScript) to discover novel vulnerabilities — examples could be hardcoded secrets, authentication bypasses, injection flaws, cryptographic weaknesses, access control gaps, unsafe deserialization, etc. Develop working proof-of-concept exploits that demonstrate real impact — not theoretical risk, but provable exploitation with clear data exposure or access escalation Perform variant analysis: when you find a bug, systematically search the entire codebase for every instance of the same root cause pattern Triage and validate findings from automated scanners (SAST, DAST, SCA) — separate real vulnerabilities from false positives using source-level analysis Investigate and reproduce externally reported vulnerabilities (bug bounty, CVEs, vendor advisories) to assess actual exploitability in UKG's environment Collaborate with engineering teams on remediation — not just filing tickets, but working with developers to design, validate fixes, and drive to remediation. AI-Powered Vulnerability Automation (35%) Build AI-assisted vulnerability discovery tools using automation (Claude, MCP servers, custom models, etc.) for automated source code analysis, vulnerability pattern matching, and exploit generation Develop autonomous security scanning agents that can analyze codebases, identify vulnerability patterns, and produce validated findings with minimal human intervention Create AI-powered remediation tools — automation that generates fix recommendations, patches, and pull requests for discovered vulnerabilities, accelerating the path from finding to fix Build automated vulnerability lifecycle pipelines: intake from scanners, AI-assisted triage and deduplication, intelligent ticket routing, SLA tracking, and remediation verification Contribute to the team's shared automation repositories and Claude Code skills store — every tool you build should be reusable by the rest of the team Vulnerability Management & Remediation Driving (20%) Own vulnerability remediation outcomes for assigned product areas — track findings from discovery through verified fix, holding engineering teams accountable to SLAs Produce clear, actionable vulnerability reports that engineering teams can act on immediately — root cause, impact, reproduction steps, and recommended fix Drive mean time to remediate (MTTR) down through better automation, better reports, and direct collaboration with development teams Support vulnerability management program metrics and dashboards — contribute to reporting that gives leadership real-time visibility into risk posture Support compliance-driven vulnerability management requirements, including FedRAMP continuous monitoring and POA&M processes, as UKG expands into federal markets Research & Knowledge Sharing (5%) Publish internal/external research on novel vulnerability classes, AI-assisted discovery techniques, and lessons learned from audits Stay current on emerging vulnerability classes, exploitation techniques, and defensive patterns relevant to UKG's technology stack Mentor other team members on vulnerability research methodology, source code analysis, and AI-augmented security tooling Required Qualifications 7+ years of hands‑on experience in vulnerability research, application security, or penetration testing — with a track record of finding real vulnerabilities in production software Demonstrated ability to read and audit source code in at least two of: Java, C#/.NET, Python, JavaScript/TypeScript, Go, C/C++ Experience developing working proof‑of‑concept exploits — not just scanning, but understanding root causes and proving exploitability Strong proficiency in Python for building security tools, automation pipelines, and integrations Experience with AI/ML tools for security — using LLMs for code analysis, building AI‑assisted security tooling, or developing autonomous security agents Deep understanding of common vulnerability classes: injection (SQL, command, LDAP), broken authentication, cryptographic failures, SSRF, deserialization, path traversal, access control, and their variants Experience with vulnerability management programs — triaging, tracking, and driving remediation of vulnerabilities across engineering organizations Ability to work directly with development teams — explaining vulnerabilities, reviewing proposed fixes, and validating remediations Excellent written communication — ability to produce clear vulnerability reports, technical documentation, and executive summaries Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience Preferred Qualifications Published CVEs, security advisories, or bug bounty findings in production software Experience in SaaS/multi‑tenant environments processing sensitive data (HCM, payroll, healthcare, financial) Familiarity with SAST/DAST/SCA tooling and how to reduce false‑positive rates through source‑level validation Experience with cloud security assessment (AWS, GCP, Azure) including container and Kubernetes vulnerability analysis Familiarity with FedRAMP, NIST SP 800‑53, or federal compliance frameworks — enough to understand vulnerability remediation timelines and reporting requirements in regulated environments Security certifications that demonstrate hands‑on skill: OSCP, OSWE, GWAPT, GXPN, BSCP, or equivalent Conference presentations, published research, or open‑source security tool contributions Experience with reverse engineering, binary analysis, or firmware security What Sets This Role Apart Work on a team where every member builds production automation — this is an engineering‑first security team, not a compliance shop Have access to enterprise AI infrastructure (Claude Code, MCP servers, etc.) to build next‑generation vulnerability discovery and remediation tools Audit one of the largest HCM/payroll platforms in the world — protecting tens of thousands of customer organizations and millions of workers' sensitive data Have direct, measurable impact — your findings directly prevent issues across UKG's entire customer base Pioneer the use of AI for vulnerability discovery and automated remediation — building tools that change how security research is done at scale Grow your career in an environment that values builders and doers over process managers and policy writers Compensation & Benefits UKG offers a comprehensive total rewards package including competitive base salary, annual bonus, equity, full medical/dental/vision, 401(k) match, unlimited PTO, and professional development budget. This role is eligible for remote work anywhere in the US. Company Overview: UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people‑first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge. Learn more at ukg.com. Equal Opportunity Employer UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories. View The EEO Know Your Rights poster ( UKG participates in E-Verify. View the E-Verify posters here ( . It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Disability Accommodation in the Application and Interview Process For individuals with disabilities that need additional assistance at any point in the application and interview process, please email View email address on click.appcast.io . The pay range for this position is $115,100.00 to $165,450.00. The actual base pay offered may vary depending on skills, experience, job‑related knowledge and work location. In addition to base pay, employees may be eligible to participate in a performance‑based bonus plan and to receive restricted stock unit awards as part of total compensation. Learn more about UKG’s benefits and rewards at It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti‑discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay‑offs, terminations, leave of absence, and training opportunities. #J-18808-Ljbffr UKG (Ultimate Kronos Group)
- We’re excited for a Senior Vulnerability Management Analyst to join our high-energy team - to help shape the future of Vanguard’s... ...VulnOps. This role sits at the intersection of security risk, automation, and emerging AI‑driven capabilities. If you’re a cybersecurity professional...SuggestedWork experience placement
$121.4k - $218.6k
...hardware and software used. We build automation infrastructure for... ...development Have experience in managing and troubleshooting Juniper or... ...world work faster and stay more secure, making the internet a better... ...biggest moments without a glitch. AI: Enabling our customers to...SuggestedWork experience placementWork at officeWorldwide$40 per hour
A cybersecurity solutions company is seeking experienced professionals to train AI models by evaluating cybersecurity content and solving technical problems. This role allows for remote work and offers the flexibility to choose projects and work on your own schedule. The...SuggestedRemote jobHourly payFlexible hours- ...cybersecurity firm is seeking experienced cybersecurity professionals for a remote position focused on training AI models. Candidates will evaluate AI-generated security content, tackle technical issues, and provide feedback for developing reliable cybersecurity tools. The...SuggestedHourly payRemote work
- ...We're a leader in data and AI. Through our software and services... ..., you will assist in creating automated test suites as well as... ...all. Ensure all applicable security policies and processes are followed... ...skills. Demonstrated ability to manage time across multiple projects;...SuggestedFull timeLocal areaWork visa
- ...innovative solutions, and a managed XDR service, to... ...a Senior Application Security Engineer, you’ll help... ...Ruby, Java, Go CI/CD automation tools (SAST, SCA, Secrets Scanning, etc.) AI security controls and... ...Drive risk rating and vulnerability management processes Partner...Worldwide
- Lenovo is seeking a Staff Researcher specialized in Intelligent Computing & AI Systems, focusing on developing next-gen computing architectures for LLM inference acceleration. The role is ideal for motivated PhD graduates eager to contribute to cutting-edge AI technologies...
$95.3k - $158.8k
...in the Raleigh N.C. office 2-3 days a week. Senior Security Engineer II - Compliance Automation & Controls About Us LexisNexis, a part of RELX,... ...controls and documentation · Strong stakeholder management and auditor-facing communication skills · Experience...Work at officeLocal areaRemote workFlexible hours2 days per week3 days per week$104.9k - $174.7k
...shapes how we approach security across the... ...leadership decisions Research emerging threats, new... ...technical audiences alike AI / LLM Security Lead... ...application and API security vulnerabilities and how to actually... ...and build lightweight automation ~ Experience working...Local area$50k
...About Digital.ai Digital.ai is the only AI-powered software delivery... ...organizations to build, test, secure, and deliver high-quality... ...unifying AI-driven insights, automation, and security across the software... ...Responsibilities Identify and research potential clients within the...Base plus commissionWork at officeMonday to Friday- Apollo.io is looking for a Senior Application Security Engineer II to enhance their secure software development lifecycle across... ...application security reviews, threat modeling, and driving vulnerability management in a collaborative environment. The ideal candidate will...Remote work
- ...Bachelor's Degree and over 7 years of related experience, ideally in Software Development Engineering in Test. Knowledge in automation and security concepts is essential. This position offers competitive salary and benefits in line with Cisco's commitment to employee...Work at office
$146.4k - $263.6k
...performance, reliability, and security? Does the opportunity to... ...the platform running Akamai's AI and Compute platform excite you... ...building, and scaling advanced automated test frameworks to validate... ...virtio drivers, cgroups, memory management, file systems, block IO,...Work experience placement- ...The Sales Operations Analyst plays a critical role... ...enablement, territory management, and data stewardship.... ...opportunities for process automation and system... ...organization. Leverage AI-powered tools and automation... ...helping to accelerate research and product development...Local area
- ...We are seeking a Principal Security Engineer to join a highly collaborative and globally distributed... ...including the evolving risks surrounding AI technologies.Key Responsibilities •... ...Azure, or GCP) • Experience with SOAR/automation and scripting (Python/PowerShell) •...
$106.3k - $234.6k
...biggest challenges. As a Principal Hardware Security Engineer you will be involved in ensuring... ...to establish best practices for managing security for devices in our cloud infrastructure... ...to life-saving care. And with AI embedded across our products and services...Temporary workFlexible hours- The Senior Security Engineer on the Proxy Team is responsible for evolving... ...security landscape driven by AI, cloud-native architectures,... ...features, and leveraging automation to improve visibility,... ...access platform configuration management, enabling consistent deployment...Full timePart timeWork at officeWork visaShift workDay shift
$40 per hour
A cybersecurity firm is seeking experienced professionals to join their team. This role involves evaluating AI-generated security content and solving technical cybersecurity problems. Successful candidates will work flexibly and can choose projects while earning $40+ per...Remote jobHourly pay- Eliassen Group seeks a Senior AI Security Architect to own the end-to-end security architecture for the Agentic AI platform and lead the data security mandate for AI, unifying DSPM and platform security. The role spans Azure and AWS workloads, identity and access controls...Remote job
$168k - $210k
...seeking a Senior Product Security Engineer to join our... ...for identifying vulnerabilities and providing expert remediation... ...cutting‑edge AI and MCP to create context‑aware security automation. This is a hybrid role... ...Assist with vulnerability management reporting and tracking...Work experience placementWork at officeFlexible hours2 days per week- Senior AI Security Architect - Data Security & DSPM Anywhere Contract-to-Hire • Architecture • Life Sciences • Remote • Reference ID:... ...unifies Agentic AI security architecture and Data Security Posture Management into a single accountable owner who designs the secure...Contract workLocal areaRemote work
- ...experienced professional for a role in identity engineering and applied AI security, tasked with designing identity solutions for various applications. The candidate will be responsible for managing client relationships while leading multi-disciplinary teams. Key...
- ...System (DFS) Microsoft Key Management Services (KMS) Microsoft... ...Performs threat modeling, security testing, and penetration testing... ...and remediate significant vulnerabilities. Integrates and configures... ...configuration patterns, automation, and handoff steps for assigned...Permanent employmentFull timePart timeWork experience placementH1bWork at officeRemote workWork visaShift workDay shift
$250k - $315k
...Networks is seeking a Principal Engineer - Security Architecture to drive the security... ...systems, cryptography, and Identity and Access Management. Ideal candidates will have at least 12... ...the opportunity to impact the future of AI and data storage. #J-18808-Ljbffr DataDirect...$50 - $60 per hour
DataAnnotation is seeking an International Lawyer in North Carolina to join our team in training AI models. In this role, you will measure the progress of AI chatbots, evaluate their logic, and solve legal problems to enhance model quality. The ideal candidate will have...Hourly payFlexible hours- Lenovo is looking for a Staff Researcher to join their advanced intelligent computing team. This position focuses on the development of next-... ...computing architectures with an emphasis on LLM inference and AI systems. The role is ideal for recent PhD graduates eager to contribute...Flexible hours
$40 per hour
A cybersecurity firm is seeking experienced cybersecurity professionals to evaluate AI-generated content and solve technical security problems. The ideal candidate has over 2 years of hands-on experience in cybersecurity and coding skills. This role is remote and offers...Remote jobHourly pay$272k - $431.25k
...informed response, and audit evidence that security, IT, product, and business leaders can... ...direct-egress controls, audit evidence, managing anomalies, and break-glass procedures. Represent... ..., and security operations teams. Agent AI Security Judgment: Practical...$168k - $210k
Collibra Inc. is seeking a Senior Product Security Engineer in Raleigh, NC, responsible for identifying vulnerabilities and providing expert remediation for our product... ...and security leadership, utilizing AI for automation. Ideal candidates should have at least 5 years...- Hitachi Energy is looking for a Research Scientist specialized in AI for Power Electronics, based in Raleigh, NC. In this role, you will work on cutting-edge technologies to improve design workflows through AI integration, collaborating with global teams to develop and...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Staff Vulnerability Management Analyst- AI Automation Security Researcher. Be the first to apply!
- business analyst law firm Raleigh, NC
- order management analyst Raleigh, NC
- vendor management analyst Raleigh, NC
- business analyst healthcare Raleigh, NC
- senior business analyst Raleigh, NC
- public sector business analyst Raleigh, NC
- agile business analyst Raleigh, NC
- records management analyst Raleigh, NC
- senior data management analyst Raleigh, NC
- senior business analyst contract Raleigh, NC


