Why UKG? At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That’s what we do. We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you’ll get flexibility that’s real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters—and so do you. About the Team The Security Research & Innovation (SRI) team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and red team operations. This team has an exceptional automation culture — all team members build production automation that eliminates manual work at scale. The Red Team conducts various styles of external or assume breach exercises, purple team engagements, and offensive security research to identify systemic risks before attackers do. Successful engagements deliver results that lead to executive-level engagement to drive immediate remediation across the enterprise. Role Summary We are seeking a Sr. Staff Offensive Security Operator to lead and execute red team engagements across UKG's multi-cloud enterprise environment. This role combines deep technical expertise in offensive security with a strong emphasis on AI-powered automation, autonomous testing frameworks, and scalable attack simulation. You will design and execute complex attack scenarios, develop AI-enhanced offensive tooling, and deliver findings that drive measurable risk reduction across the organization. Key Responsibilities Offensive Operations (30%) - Plan and execute full-scope red team engagements (network, application, cloud, social engineering) against UKG's production and corporate environments - Conduct assume-breach exercises targeting multi-tenant infrastructure to validate cross-tenant isolation and breakout resistance - Perform adversary emulation aligned with MITRE ATT&CK framework, simulating nation-state and criminal threat actor TTPs relevant to the HCM/payroll industry - Execute purple team exercises with the SOC to validate detection coverage and response capabilities - Conduct M&A security assessments for newly acquired companies and integrations - Deliver executive-level readouts and technical reports that translate offensive findings into business risk language AI-Powered Offensive Automation (40%) - Design, build, and maintain autonomous security testing frameworks that leverage AI/ML for vulnerability discovery, exploit chain generation, and attack path analysis - Develop AI-assisted reconnaissance and target enumeration tools using LLMs (Claude) and custom agents for scalable attack surface analysis - Build and operate continuous automated red teaming pipelines that test UKG's defenses without manual intervention - Create AI-powered C2 frameworks, payload generators, and evasion tools that adapt to defensive controls in real-time - Integrate offensive tooling with Claude, MCP servers, and enterprise AI infrastructure for AI-assisted security operations - Develop automation that generates findings, routes tickets, and tracks remediation — reducing the gap between discovery and fix Strategic Leadership (20%) - Drive the red team's technical strategy and roadmap, identifying high-value targets and emerging attack surfaces (Product, Custom AI, and cloud-native services) - Mentor and develop junior offensive security operators, building team capability in AI-augmented offensive techniques - Represent the red team in cross-functional security initiatives, architecture reviews, and incident response when offensive expertise is needed - Maintain awareness of emerging threats, zero-day vulnerabilities, and adversary tradecraft relevant to UKG's technology stack Research & Knowledge Sharing (10%) - Publish internal research on novel attack techniques, AI-assisted exploitation, and cloud security assessment methodology - Contribute to the team's Claude Code skills store and shared automation repositories - Develop and maintain red team infrastructure (honeypots, C2, phishing platforms) using infrastructure-as-code - Stay current on offensive security conferences, findings, etc - and incorporate new techniques into operations Required Qualifications - 8+ years of experience in offensive security, red teaming, or penetration testing in enterprise environments - 5+ years conducting red team engagements against cloud environments including multi-tenant architectures - Deep expertise in at least 3: network exploitation, web application security, Active Directory attacks, cloud infrastructure attacks, social engineering, physical security - Strong proficiency in AI, Python, Go, or C/C++ for offensive tool development and automation - Demonstrated experience building automated security testing tools, frameworks, or pipelines - Experience with Kubernetes, container security, and cloud-native attack techniques - Experience with C2 frameworks and adversary simulation platforms - Knowledge of MITRE ATT&CK framework and adversary emulation methodology - Experience with AI/ML security — attacking AI systems, prompt injection, model poisoning, or building AI-powered offensive tools - Experience developing autonomous security testing agents using LLMs - Excellent written and verbal communication skills — ability to translate technical findings into business risk for executive audiences - Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience Preferred Qualifications - Published CVEs, security research papers, or conference presentations (DEF CON, Black Hat, etc.) - Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial) - OSCP, OSCE, OSEP, CRTO, GXPN, or equivalent offensive security certifications - Familiarity with .NET, Java/Kotlin, and legacy application security assessment - Experience building infrastructure-as-code (Terraform, Pulumi) for red team operations - Prior experience in a Sr. Staff / Principal level role with cross-team technical leadership What Sets This Role Apart This is not a traditional red team role. We are building the future of offensive security through AI-augmented automation. You will: - Work on a team where all of members build production automation — this is an engineering-first security team - Have access to enterprise AI infrastructure to build next-generation offensive tools - Operate against one of the largest HCM/payroll platforms in the world — protecting tens of thousands of customer organizations - Have direct impact — your findings directly prevent issues across UKG's entire customer base - Lead the integration of AI into offensive security operations, pioneering techniques that scale red team impact beyond headcount Compensation & Benefits UKG offers a comprehensive total rewards package including competitive base salary, annual bonus, equity, full medical/dental/vision, 401(k) match, unlimited PTO, and professional development budget. This role is eligible for remote work anywhere in the US. Company Overview: UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge. Learn more at ukg.com. Equal Opportunity Employer UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories. View The EEO Know Your Rights poster UKG participates in E-Verify. View the E-Verify posters here. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Disability Accommodation in the Application and Interview Process For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com. The pay range for this position is $145,600 to $209,300. The actual base pay offered may vary depending on skills, experience, job-related knowledge and work location. In addition to base pay, employees may be eligible to participate in a performance-based bonus plan and to receive restricted stock unit awards as part of total compensation. Learn more about UKG’s benefits and rewards at https://www.ukg.com/about-us/careers/benefits

• Independent planning and implementation of Cyber Defense projects in Germany, Austria and Switzerland for well-known large and medium-sized companies • Technical implementation of managed service projects and acting as a trusted advisor on Cyber Defense topics (SOAR, XDR, Threat Management, SIEM/SOC) • Design of scalable, future-proof Cyber Defense architectures and end-to-end implementation into production-ready, resilient solutions • Analysis of threat landscapes and assessment of an organization's security maturity using established frameworks and controls (e.g., NIST, MITRE ATT&CK) • Development and implementation of use cases, playbooks and incident response processes to effectively defend against cyber attacks • Active leadership role in cross-functional collaboration

• Deliver projects aligned to approved Statements of Work (SOWs) , ensuring scope, schedule, and quality objectives are met • Lead technical execution across on‑prem, hybrid, and cloud Microsoft solutions • Follow established project delivery and quality methodologies • Participate in customer kickoff meetings, technical workshops, and solution reviews • Actively manage technical risks, issues, and dependencies; escalate when required • Troubleshoot and resolve complex technical challenges during implementation • Identify scope risks and support change management discussions • Maintain accurate project documentation and technical deliverables • Provide regular project status updates to Project Managers and leadership • Enter project activities, service tickets, time reporting, and expenses accurately and on time • Support internal collaboration with Sales, Architecture, and Managed Services teams • Perform additional duties as assigned

About Cantina Cantina is building an agentic security operating system that spans application security, security operations, and agent security. We believe the next generation of security products should do more than aggregate alerts or automate isolated tasks. They should understand context, reason across systems, help teams investigate what matters, and safely take action. This is still an emerging space. Many of the most important risks, design constraints, and product opportunities haven’t been discovered yet. We need people who can help us build the product while also uncovering the unknown unknowns that come with combining security systems and agentic AI. The Role We’re hiring a security engineer who wants to build products in the AI era. You’ve spent years understanding how security teams actually work—how incidents get triaged, how alerts get tuned, how detection logic gets written and maintained, how appsec findings get prioritized. Now you want to build the product you wish existed. This is not a security review role, and it’s not a generic backend engineering position. We need someone whose core instincts come from security—understanding attacker behavior, operational failure modes, what actually matters when a SOC is under pressure—and who can turn that knowledge into product. The AI and product engineering dimensions are real parts of the job, but they’re the growth opportunity, not the entry requirement. If you have strong systems engineering skills and genuine curiosity about how agents, tools, and orchestration work, you’ll learn the rest here. What You’ll Do - Build product capabilities across application security, security operations, and agent security - Turn real security workflows into product experiences and platform primitives - Design systems that ingest, correlate, triage, and act on security signals - Help define safe patterns for agents, tools, permissions, memory, and execution boundaries - Identify hidden risks and failure modes that only someone with real security experience would see - Partner with product and engineering to make strong tradeoffs between speed, usability, and security - Contribute to evaluation, testing, observability, and guardrails for agentic behavior - Raise the team’s overall understanding of security architecture, operations, and AI risk What You Bring The non-negotiable: - Deep experience in one or more of: security engineering, application security, detection engineering, incident response, security operations, or security platform engineering - Strong hands-on experience building and shipping software—you write code, not just review it - The ability to reason clearly in ambiguous spaces and surface risks early Highly valued but learnable here: - Experience with AI/LLM application architecture, agent frameworks, or orchestration systems - Product judgment—translating messy technical workflows into usable product decisions - Comfort working across technical and non-technical teams Relevant Background You’ve likely worked with systems and workflows like these: - SIEMs: Splunk, Elastic, Microsoft Sentinel, Chronicle, Panther, or similar - EDR/XDR: CrowdStrike Falcon, SentinelOne, Microsoft Defender, or similar - SOAR / Automation: Tines, Torq, Cortex XSOAR, or similar - Appsec tooling: Semgrep, Snyk, CodeQL, Burp Suite, Wiz, or similar We don’t expect experience with every tool above. We want someone who has been close enough to these environments to understand how modern security teams investigate, prioritize, and respond. Technical Environment - TypeScript / Node.js (primary stack—willingness to work in this is required, prior experience is preferred) - API and integration-heavy systems - Backend and distributed systems design - Security data models, workflow design, and systems integration Why This Role Is Different Most security product companies hire engineers and teach them security, or hire security people and limit them to advisory roles. We’re looking for someone who can do both: ship real systems and bring the security depth to see what others will miss. You’ll have real influence over what gets built and how. If you’ve been frustrated by security products that clearly weren’t built by anyone who’s actually worked in security, this is your chance to fix that.