2

Director Remote Vulnerability Management Jobs (NOW HIRING)

This position can be located on site at the headquarters in Winston Salem, NC or remote within the ... Vulnerability management and remediation programs * Security tooling including SIEM, automation ...

... Director. Responsibilities Primary Responsibilities Threat & Vulnerability Management (~50%) * Run external/internal vulnerability and application/software scans; analyze, deduplicate, and publish ...

You'll drive strategic growth initiatives while managing key client account relationships and ... Sales)Sales Director (Oil and Gas Industry) - Remote WorkNational Solutions Sales Director ...

next page

Showing results 1-20

Director Remote Vulnerability Management information

What is the difference between Director Remote Vulnerability Management vs Vulnerability Analyst?

AspectDirector Remote Vulnerability ManagementVulnerability Analyst
CertificationsCertified Ethical Hacker (CEH), CISSP, CISACompTIA Security+, CEH, GIAC Security Essentials (GSEC)
Work EnvironmentStrategic leadership, cross-department collaboration, overseeing teamsHands-on analysis, vulnerability scanning, report generation
Employer & Industry UsageLarge enterprises, cybersecurity firms, IT departmentsSecurity teams, IT departments, consulting firms
Search & Comparison IntentUnderstanding leadership roles in vulnerability managementTechnical analysis and operational tasks

The main difference is that the Director Remote Vulnerability Management focuses on strategic oversight, team leadership, and policy development, while the Vulnerability Analyst handles technical vulnerability assessments and analysis. Both roles require cybersecurity certifications, but the director's role is more managerial and strategic, whereas the analyst's role is more technical and operational.

What are the key skills and qualifications needed to thrive as a Director of Remote Vulnerability Management, and why are they important?

To thrive as a Director of Remote Vulnerability Management, you need deep expertise in cybersecurity frameworks, risk assessment, and vulnerability management, typically supported by a bachelor’s or master’s degree in information security or a related field. Familiarity with tools such as Qualys, Nessus, Tenable, and certifications like CISSP or CISM are common requirements. Leadership, strategic thinking, and strong communication skills are crucial for managing distributed teams and collaborating across departments. These skills ensure the effective identification, prioritization, and mitigation of security risks in dynamic and remote IT environments.

What are the main challenges faced by a Director of Remote Vulnerability Management, and how can they be addressed?

One of the primary challenges in this role is effectively coordinating vulnerability assessments and remediation efforts across distributed teams and diverse technology environments. Ensuring consistent communication, prioritizing vulnerabilities based on risk, and maintaining up-to-date inventories can be complex when managing remote teams and assets. Leveraging automated tools, establishing clear processes, and fostering strong cross-functional relationships with IT, security, and business units are key strategies for overcoming these challenges. Regularly scheduled meetings and transparent reporting also help align remote teams and ensure timely issue resolution.

What does a Director of Remote Vulnerability Management do?

A Director of Remote Vulnerability Management leads teams and strategies to identify, assess, and mitigate security vulnerabilities across an organization’s remote infrastructure. This role involves overseeing vulnerability assessments, ensuring compliance with security standards, and coordinating responses to threats that target remote systems and users. The director also collaborates with other IT and security leaders to integrate vulnerability management into broader cybersecurity initiatives, while keeping up with evolving threats and technologies.
More about Director Remote Vulnerability Management jobs
What cities are hiring for Director Remote Vulnerability Management jobs? Cities with the most Director Remote Vulnerability Management job openings:
What are the most commonly searched types of Remote Vulnerability Management jobs? The most popular types of Remote Vulnerability Management jobs are:
What states have the most Director Remote Vulnerability Management jobs? States with the most job openings for Director Remote Vulnerability Management jobs include:
Infographic showing various Director Remote Vulnerability Management job openings in the United States as of July 2026, with employment types broken down into 1% As Needed, 83% Full Time, 14% Part Time, 1% Temporary, and 1% Contract. Highlights an 93% Physical, 2% Hybrid, and 5% Remote job distribution.
Staff Vulnerability Management Analyst- AI Automation Security Researcher

Staff Vulnerability Management Analyst- AI Automation Security Researcher

UKG, Inc.

Remote

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 12 days ago


UKG rating

8.2

Company rating: 8.2 out of 10

Based on 40 frontline employees who took The Breakroom Quiz

87th of 209 rated software companies


Job description

Why UKG:
At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That's what we do.
We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you'll get flexibility that's real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters-and so do you.
About the Team
The research and innovation team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and red team operations. This team has an exceptional automation culture - all team members build production automation to find and remediate vulnerabilities, with the goal to reduce manual work at scale.
Role Summary
We are seeking a Vulnerability Management engineer to join our team as both a vulnerability management practitioner and an automation builder. This role combines traditional vulnerability analysis and remediation coordination with a strong emphasis on developing AI-powered tools and automations that scale the team's effectiveness. You will analyze vulnerabilities across infrastructure, cloud, and application layers, coordinate remediation with engineering teams, and build automation that makes the entire program faster and smarter.
Key Responsibilities
Vulnerability Discovery & Security Research (40%)
  • Conduct deep-dive source code audits of UKG products (Java, .NET, Python, JavaScript) to discover novel vulnerabilities - examples could be hardcoded secrets, authentication bypasses, injection flaws, cryptographic weaknesses, access control gaps, unsafe deserialization, etc.
  • Develop working proof-of-concept exploits that demonstrate real impact - not theoretical risk, but provable exploitation with clear data exposure or access escalation
  • Perform variant analysis: when you find a bug, systematically search the entire codebase for every instance of the same root cause pattern
  • Triage and validate findings from automated scanners (SAST, DAST, SCA) - separate real vulnerabilities from false positives using source-level analysis
  • Investigate and reproduce externally reported vulnerabilities (bug bounty, CVEs, vendor advisories) to assess actual exploitability in UKG's environment
  • Collaborate with engineering teams on remediation - not just filing tickets, but working with developers to design, validate fixes, and drive to remediation.

AI-Powered Vulnerability Automation (35%)
  • Build AI-assisted vulnerability discovery tools using automation (Claude, MCP servers, custom models, etc.) for automated source code analysis, vulnerability pattern matching, and exploit generation
  • Develop autonomous security scanning agents that can analyze codebases, identify vulnerability patterns, and produce validated findings with minimal human intervention
  • Create AI-powered remediation tools - automation that generates fix recommendations, patches, and pull requests for discovered vulnerabilities, accelerating the path from finding to fix
  • Build automated vulnerability lifecycle pipelines: intake from scanners, AI-assisted triage and deduplication, intelligent ticket routing, SLA tracking, and remediation verification
  • Contribute to the team's shared automation repositories and Claude Code skills store - every tool you build should be reusable by the rest of the team

Vulnerability Management & Remediation Driving (20%)
  • Own vulnerability remediation outcomes for assigned product areas - track findings from discovery through verified fix, holding engineering teams accountable to SLAs
  • Produce clear, actionable vulnerability reports that engineering teams can act on immediately - root cause, impact, reproduction steps, and recommended fix
  • Drive mean time to remediate (MTTR) down through better automation, better reports, and direct collaboration with development teams
  • Support vulnerability management program metrics and dashboards - contribute to reporting that gives leadership real-time visibility into risk posture
  • Support compliance-driven vulnerability management requirements, including FedRAMP continuous monitoring and POA&M processes, as UKG expands into federal markets

Research & Knowledge Sharing (5%)
  • Publish internal/external research on novel vulnerability classes, AI-assisted discovery techniques, and lessons learned from audits
  • Stay current on emerging vulnerability classes, exploitation techniques, and defensive patterns relevant to UKG's technology stack
  • Mentor other team members on vulnerability research methodology, source code analysis, and AI-augmented security tooling

Required Qualifications
  • 7+ years of hands-on experience in vulnerability research, application security, or penetration testing - with a track record of finding real vulnerabilities in production software
  • Demonstrated ability to read and audit source code in at least two of: Java, C#/.NET, Python, JavaScript/TypeScript, Go, C/C++
  • Experience developing working proof-of-concept exploits - not just scanning, but understanding root causes and proving exploitability
  • Strong proficiency in Python for building security tools, automation pipelines, and integrations
  • Experience with AI/ML tools for security - using LLMs for code analysis, building AI-assisted security tooling, or developing autonomous security agents
  • Deep understanding of common vulnerability classes: injection (SQL, command, LDAP), broken authentication, cryptographic failures, SSRF, deserialization, path traversal, access control, and their variants
  • Experience with vulnerability management programs - triaging, tracking, and driving remediation of vulnerabilities across engineering organizations
  • Ability to work directly with development teams - explaining vulnerabilities, reviewing proposed fixes, and validating remediations
  • Excellent written communication - ability to produce clear vulnerability reports, technical documentation, and executive summaries
  • Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience

Preferred Qualifications
  • Published CVEs, security advisories, or bug bounty findings in production software
  • Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial)
  • Familiarity with SAST/DAST/SCA tooling and how to reduce false positive rates through source-level validation
  • Experience with cloud security assessment (AWS, GCP, Azure) including container and Kubernetes vulnerability analysis
  • Familiarity with FedRAMP, NIST SP 800-53, or federal compliance frameworks - enough to understand vulnerability remediation timelines and reporting requirements in regulated environments
  • Security certifications that demonstrate hands-on skill: OSCP, OSWE, GWAPT, GXPN, BSCP, or equivalent
  • Conference presentations, published research, or open-source security tool contributions
  • Experience with reverse engineering, binary analysis, or firmware security

What Sets This Role Apart
This is a role for someone who finds bugs, fixes bugs, and builds tools that find more bugs. You will:
  • Work on a team where every member builds production automation - this is an engineering-first security team, not a compliance shop
  • Have access to enterprise AI infrastructure (Claude Code, MCP servers, etc.) to build next-generation vulnerability discovery and remediation tools
  • Audit one of the largest HCM/payroll platforms in the world - protecting tens of thousands of customer organizations and millions of workers' sensitive data
  • Have direct, measurable impact - your findings directly prevent issues across UKG's entire customer base
  • Pioneer the use of AI for vulnerability discovery and automated remediation - building tools that change how security research is done at scale
  • Grow your career in an environment that values builders and doers over process managers and policy writers

Compensation & Benefits
UKG offers a comprehensive total rewards package including competitive base salary, annual bonus, equity, full medical/dental/vision, 401(k) match, unlimited PTO, and professional development budget. This role is eligible for remote work anywhere in the US.
Company Overview:
UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry - because great organizations know their workforce is their competitive edge. Learn more at ukg.com.
Equal Opportunity Employer
UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories.
View The EEO Know Your Rights poster
UKG participates in E-Verify. View the E-Verify posters here.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Disability Accommodation in the Application and Interview Process
For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.
The pay range for this position is $115,100.00 to $165,450.00. The actual base pay offered may vary depending on skills, experience, job-related knowledge and work location. In addition to base pay, employees may be eligible to participate in a performance-based bonus plan and to receive restricted stock unit awards as part of total compensation. Learn more about UKG's benefits and rewards at https://www.ukg.com/about-us/careers/benefits

What UKG employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom