Drive mean time to remediate (MTTR) down through better automation, better reports, and direct ... This role is eligible for remote work anywhere in the US. Company Overview: UKG is the Workforce ...
Drive mean time to remediate (MTTR) down through better automation, better reports, and direct ... This role is eligible for remote work anywhere in the US. Company Overview: UKG is the Workforce ...
Vulnerability Analyst (Remote)
Stafford, VA · Remote
$90K - $118K/yr
Remote in any United States jurisdiction not excluded from this job advertisement. Defend the ... Minimum/General Experience: 5 years of experience in vulnerability management or security scanning ...
Vulnerability Analyst (Remote)
Stafford, VA · Remote
$90K - $118K/yr
Remote in any United States jurisdiction not excluded from this job advertisement. Defend the ... Minimum/General Experience: 5 years of experience in vulnerability management or security scanning ...
Vulnerability Analyst (Remote)
Stafford, VA · Remote
$90K - $118K/yr
Remote in any United States jurisdiction not excluded from this job advertisement. Defend the ... Minimum/General Experience: 5 years of experience in vulnerability management or security scanning ...
Quick apply
Vulnerability Analyst (Remote)
Stafford, VA · Remote
$90K - $118K/yr
Remote in any United States jurisdiction not excluded from this job advertisement. Defend the ... Minimum/General Experience: 5 years of experience in vulnerability management or security scanning ...
Threat vulnerability Management and reporting Consultant Remote • Responsible for working with individual teams and SLOs in managing threat mitigation for operating systems, third party software ...
Threat vulnerability Management and reporting Consultant Remote • Responsible for working with individual teams and SLOs in managing threat mitigation for operating systems, third party software ...
Regional Managing Director - Remote Work Join BairesDev, a leading technology solutions provider, as a Regional Managing Director (Remote). You will lead a high‑performing team and build lasting ...
Regional Managing Director - Remote Work Join BairesDev, a leading technology solutions provider, as a Regional Managing Director (Remote). You will lead a high‑performing team and build lasting ...
Director, Security Engineering
Winston Salem, NC · On-site +1
This position can be located on site at the headquarters in Winston Salem, NC or remote within the ... Vulnerability management and remediation programs * Security tooling including SIEM, automation ...
Director, Security Engineering
Winston Salem, NC · On-site +1
This position can be located on site at the headquarters in Winston Salem, NC or remote within the ... Vulnerability management and remediation programs * Security tooling including SIEM, automation ...
... Director. Responsibilities Primary Responsibilities Threat & Vulnerability Management (~50%) * Run external/internal vulnerability and application/software scans; analyze, deduplicate, and publish ...
... Director. Responsibilities Primary Responsibilities Threat & Vulnerability Management (~50%) * Run external/internal vulnerability and application/software scans; analyze, deduplicate, and publish ...
Director (Remote)
Johnstown, PA · Remote
Director Concurrent Technologies Corporation Remote Minimum Clearance Required: None Clearance ... The Director is responsible for the strategic leadership, mentoring, and management of a team of ...
Quick apply
Director (Remote)
Johnstown, PA · Remote
Director Concurrent Technologies Corporation Remote Minimum Clearance Required: None Clearance ... The Director is responsible for the strategic leadership, mentoring, and management of a team of ...
Raritan, NJ 08869 / REMOTE * Implement capabilities for a global Vulnerability Management program: internal/external exposure, imminent threats, prioritization, remediation facilitation. * Serve as ...
Quick apply
Raritan, NJ 08869 / REMOTE * Implement capabilities for a global Vulnerability Management program: internal/external exposure, imminent threats, prioritization, remediation facilitation. * Serve as ...
Director (Remote)
Johnstown, PA · Remote
Director Concurrent Technologies Corporation Remote Minimum Clearance Required: None Clearance ... The Director is responsible for the strategic leadership, mentoring, and management of a team of ...
Quick apply
Director (Remote)
Johnstown, PA · Remote
Director Concurrent Technologies Corporation Remote Minimum Clearance Required: None Clearance ... The Director is responsible for the strategic leadership, mentoring, and management of a team of ...
Account Director - Remote Work
Houston, TX · On-site +1
You'll drive strategic growth initiatives while managing key client account relationships and ... Sales)Sales Director (Oil and Gas Industry) - Remote WorkNational Solutions Sales Director ...
Account Director - Remote Work
Houston, TX · On-site +1
You'll drive strategic growth initiatives while managing key client account relationships and ... Sales)Sales Director (Oil and Gas Industry) - Remote WorkNational Solutions Sales Director ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
This position is remote and offers benefits! Responsibilities ... Review and configure Tenable Vulnerability Management for accurate vulnerability identification and ...
Requirement/Must Have: * 1+ years of experience in vulnerability management. * Strong verbal and written communication skills. * Ability to communicate effectively with stakeholders. Responsibilities:
Quick apply
Requirement/Must Have: * 1+ years of experience in vulnerability management. * Strong verbal and written communication skills. * Ability to communicate effectively with stakeholders. Responsibilities:
Microsoft Defender Vulnerability Management * Understanding of security controls across ... Ability to influence stakeholders and drive remediation efforts without direct authority. * Strong ...
Microsoft Defender Vulnerability Management * Understanding of security controls across ... Ability to influence stakeholders and drive remediation efforts without direct authority. * Strong ...
Microsoft Defender Vulnerability Management * Understanding of security controls across ... Ability to influence stakeholders and drive remediation efforts without direct authority. * Strong ...
Microsoft Defender Vulnerability Management * Understanding of security controls across ... Ability to influence stakeholders and drive remediation efforts without direct authority. * Strong ...
Director Remote Vulnerability Management information
What is the difference between Director Remote Vulnerability Management vs Vulnerability Analyst?
| Aspect | Director Remote Vulnerability Management | Vulnerability Analyst |
|---|---|---|
| Certifications | Certified Ethical Hacker (CEH), CISSP, CISA | CompTIA Security+, CEH, GIAC Security Essentials (GSEC) |
| Work Environment | Strategic leadership, cross-department collaboration, overseeing teams | Hands-on analysis, vulnerability scanning, report generation |
| Employer & Industry Usage | Large enterprises, cybersecurity firms, IT departments | Security teams, IT departments, consulting firms |
| Search & Comparison Intent | Understanding leadership roles in vulnerability management | Technical analysis and operational tasks |
The main difference is that the Director Remote Vulnerability Management focuses on strategic oversight, team leadership, and policy development, while the Vulnerability Analyst handles technical vulnerability assessments and analysis. Both roles require cybersecurity certifications, but the director's role is more managerial and strategic, whereas the analyst's role is more technical and operational.
What are the key skills and qualifications needed to thrive as a Director of Remote Vulnerability Management, and why are they important?
What are the main challenges faced by a Director of Remote Vulnerability Management, and how can they be addressed?
What does a Director of Remote Vulnerability Management do?

Full-time
Medical, Dental, Vision, Retirement, PTO
Posted 12 days ago
UKG rating
8.2
Based on 40 frontline employees who took The Breakroom Quiz
87th of 209 rated software companies
Job description
At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That's what we do.
We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you'll get flexibility that's real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters-and so do you.
About the Team
The research and innovation team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and red team operations. This team has an exceptional automation culture - all team members build production automation to find and remediate vulnerabilities, with the goal to reduce manual work at scale.
Role Summary
We are seeking a Vulnerability Management engineer to join our team as both a vulnerability management practitioner and an automation builder. This role combines traditional vulnerability analysis and remediation coordination with a strong emphasis on developing AI-powered tools and automations that scale the team's effectiveness. You will analyze vulnerabilities across infrastructure, cloud, and application layers, coordinate remediation with engineering teams, and build automation that makes the entire program faster and smarter.
Key Responsibilities
Vulnerability Discovery & Security Research (40%)
- Conduct deep-dive source code audits of UKG products (Java, .NET, Python, JavaScript) to discover novel vulnerabilities - examples could be hardcoded secrets, authentication bypasses, injection flaws, cryptographic weaknesses, access control gaps, unsafe deserialization, etc.
- Develop working proof-of-concept exploits that demonstrate real impact - not theoretical risk, but provable exploitation with clear data exposure or access escalation
- Perform variant analysis: when you find a bug, systematically search the entire codebase for every instance of the same root cause pattern
- Triage and validate findings from automated scanners (SAST, DAST, SCA) - separate real vulnerabilities from false positives using source-level analysis
- Investigate and reproduce externally reported vulnerabilities (bug bounty, CVEs, vendor advisories) to assess actual exploitability in UKG's environment
- Collaborate with engineering teams on remediation - not just filing tickets, but working with developers to design, validate fixes, and drive to remediation.
AI-Powered Vulnerability Automation (35%)
- Build AI-assisted vulnerability discovery tools using automation (Claude, MCP servers, custom models, etc.) for automated source code analysis, vulnerability pattern matching, and exploit generation
- Develop autonomous security scanning agents that can analyze codebases, identify vulnerability patterns, and produce validated findings with minimal human intervention
- Create AI-powered remediation tools - automation that generates fix recommendations, patches, and pull requests for discovered vulnerabilities, accelerating the path from finding to fix
- Build automated vulnerability lifecycle pipelines: intake from scanners, AI-assisted triage and deduplication, intelligent ticket routing, SLA tracking, and remediation verification
- Contribute to the team's shared automation repositories and Claude Code skills store - every tool you build should be reusable by the rest of the team
Vulnerability Management & Remediation Driving (20%)
- Own vulnerability remediation outcomes for assigned product areas - track findings from discovery through verified fix, holding engineering teams accountable to SLAs
- Produce clear, actionable vulnerability reports that engineering teams can act on immediately - root cause, impact, reproduction steps, and recommended fix
- Drive mean time to remediate (MTTR) down through better automation, better reports, and direct collaboration with development teams
- Support vulnerability management program metrics and dashboards - contribute to reporting that gives leadership real-time visibility into risk posture
- Support compliance-driven vulnerability management requirements, including FedRAMP continuous monitoring and POA&M processes, as UKG expands into federal markets
Research & Knowledge Sharing (5%)
- Publish internal/external research on novel vulnerability classes, AI-assisted discovery techniques, and lessons learned from audits
- Stay current on emerging vulnerability classes, exploitation techniques, and defensive patterns relevant to UKG's technology stack
- Mentor other team members on vulnerability research methodology, source code analysis, and AI-augmented security tooling
Required Qualifications
- 7+ years of hands-on experience in vulnerability research, application security, or penetration testing - with a track record of finding real vulnerabilities in production software
- Demonstrated ability to read and audit source code in at least two of: Java, C#/.NET, Python, JavaScript/TypeScript, Go, C/C++
- Experience developing working proof-of-concept exploits - not just scanning, but understanding root causes and proving exploitability
- Strong proficiency in Python for building security tools, automation pipelines, and integrations
- Experience with AI/ML tools for security - using LLMs for code analysis, building AI-assisted security tooling, or developing autonomous security agents
- Deep understanding of common vulnerability classes: injection (SQL, command, LDAP), broken authentication, cryptographic failures, SSRF, deserialization, path traversal, access control, and their variants
- Experience with vulnerability management programs - triaging, tracking, and driving remediation of vulnerabilities across engineering organizations
- Ability to work directly with development teams - explaining vulnerabilities, reviewing proposed fixes, and validating remediations
- Excellent written communication - ability to produce clear vulnerability reports, technical documentation, and executive summaries
- Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience
Preferred Qualifications
- Published CVEs, security advisories, or bug bounty findings in production software
- Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial)
- Familiarity with SAST/DAST/SCA tooling and how to reduce false positive rates through source-level validation
- Experience with cloud security assessment (AWS, GCP, Azure) including container and Kubernetes vulnerability analysis
- Familiarity with FedRAMP, NIST SP 800-53, or federal compliance frameworks - enough to understand vulnerability remediation timelines and reporting requirements in regulated environments
- Security certifications that demonstrate hands-on skill: OSCP, OSWE, GWAPT, GXPN, BSCP, or equivalent
- Conference presentations, published research, or open-source security tool contributions
- Experience with reverse engineering, binary analysis, or firmware security
What Sets This Role Apart
This is a role for someone who finds bugs, fixes bugs, and builds tools that find more bugs. You will:
- Work on a team where every member builds production automation - this is an engineering-first security team, not a compliance shop
- Have access to enterprise AI infrastructure (Claude Code, MCP servers, etc.) to build next-generation vulnerability discovery and remediation tools
- Audit one of the largest HCM/payroll platforms in the world - protecting tens of thousands of customer organizations and millions of workers' sensitive data
- Have direct, measurable impact - your findings directly prevent issues across UKG's entire customer base
- Pioneer the use of AI for vulnerability discovery and automated remediation - building tools that change how security research is done at scale
- Grow your career in an environment that values builders and doers over process managers and policy writers
Compensation & Benefits
UKG offers a comprehensive total rewards package including competitive base salary, annual bonus, equity, full medical/dental/vision, 401(k) match, unlimited PTO, and professional development budget. This role is eligible for remote work anywhere in the US.
Company Overview:
UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry - because great organizations know their workforce is their competitive edge. Learn more at ukg.com.
Equal Opportunity Employer
UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories.
View The EEO Know Your Rights poster
UKG participates in E-Verify. View the E-Verify posters here.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Disability Accommodation in the Application and Interview Process
For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.
The pay range for this position is $115,100.00 to $165,450.00. The actual base pay offered may vary depending on skills, experience, job-related knowledge and work location. In addition to base pay, employees may be eligible to participate in a performance-based bonus plan and to receive restricted stock unit awards as part of total compensation. Learn more about UKG's benefits and rewards at https://www.ukg.com/about-us/careers/benefits