HR, Pay, & Workforce Management
Staff Vulnerability Management Analyst- AI Automation Security Researcher
Location
United States
Posted
6 days ago
Salary
$115.1K - $165.5K / year
Seniority
Lead
Job Description
Staff Vulnerability Management Analyst- AI Automation Security Researcher
UKG
Role Description We are seeking a Vulnerability Management engineer to join our team as both a vulnerability management practitioner and an automation builder. This role combines traditional vulnerability analysis and remediation coordination with a strong emphasis on developing AI-powered tools and automations that scale the team's effectiveness. You will analyze vulnerabilities across infrastructure, cloud, and application layers, coordinate remediation with engineering teams, and build automation that makes the entire program faster and smarter. Key Responsibilities - Vulnerability Discovery & Security Research (40%) - Conduct deep-dive source code audits of UKG products (Java, .NET, Python, JavaScript) to discover novel vulnerabilities. - Develop working proof-of-concept exploits that demonstrate real impact. - Perform variant analysis to systematically search the entire codebase for every instance of the same root cause pattern. - Triage and validate findings from automated scanners (SAST, DAST, SCA). - Investigate and reproduce externally reported vulnerabilities to assess actual exploitability in UKG's environment. - Collaborate with engineering teams on remediation. - AI-Powered Vulnerability Automation (35%) - Build AI-assisted vulnerability discovery tools using automation. - Develop autonomous security scanning agents. - Create AI-powered remediation tools. - Build automated vulnerability lifecycle pipelines. - Contribute to the team's shared automation repositories. - Vulnerability Management & Remediation Driving (20%) - Own vulnerability remediation outcomes for assigned product areas. - Produce clear, actionable vulnerability reports. - Drive mean time to remediate (MTTR) down through better automation. - Support vulnerability management program metrics and dashboards. - Support compliance-driven vulnerability management requirements. - Research & Knowledge Sharing (5%) - Publish internal/external research on novel vulnerability classes. - Stay current on emerging vulnerability classes and exploitation techniques. - Mentor other team members on vulnerability research methodology. Qualifications - 7+ years of hands-on experience in vulnerability research, application security, or penetration testing. - Demonstrated ability to read and audit source code in at least two of: Java, C#/.NET, Python, JavaScript/TypeScript, Go, C/C++. - Experience developing working proof-of-concept exploits. - Strong proficiency in Python for building security tools. - Experience with AI/ML tools for security. - Deep understanding of common vulnerability classes. - Experience with vulnerability management programs. - Ability to work directly with development teams. - Excellent written communication. - Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience. Preferred Qualifications - Published CVEs, security advisories, or bug bounty findings. - Experience in SaaS/multi-tenant environments processing sensitive data. - Familiarity with SAST/DAST/SCA tooling. - Experience with cloud security assessment. - Familiarity with FedRAMP, NIST SP 800-53, or federal compliance frameworks. - Security certifications that demonstrate hands-on skill. - Conference presentations, published research, or open-source security tool contributions. - Experience with reverse engineering, binary analysis, or firmware security. Benefits - Competitive base salary. - Annual bonus. - Equity. - Full medical/dental/vision. - 401(k) match. - Unlimited PTO. - Professional development budget. - Remote work eligibility anywhere in the US. Company Description UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
• Operate Information Security controls focused on the Vulnerability Management lifecycle and the operation of Identity and Access Management (IAM), working collaboratively on monitoring, triage, and initial incident response across the company. • Execute the Vulnerability Management lifecycle: analyze scan results, perform risk-based prioritization, and coordinate and follow up on remediation with the responsible teams (Infrastructure, Systems, etc.). • Maintain, update, and improve operational metrics and remediation workbooks (agent coverage, severity, SLA tracking for fixes). • Operate Identity and Access Management (IAM) processes: provisioning, deprovisioning, privilege granting, periodic access reviews, and support for MFA mechanisms. • Actively support corporate access review campaigns and validation of segregation of duties (SoD). • Monitor, classify, and investigate alerts generated by security tools within your scope. • Perform triage and initial analysis of security incidents, executing structured escalation to a Specialist when necessary. • Produce periodic operational reports and security indicators for your area of responsibility. • Create and keep technical documentation and standard operating procedures (SOPs) up to date.
• Operar e apoiar a sustentação da plataforma SIEM, garantindo a correta coleta das fontes de logs, integridade e qualidade dos dados recebidos. • Apoiar a criação, revisão e ajuste fino (tuning) de regras e casos de uso de detecção, visando a redução de falsos positivos e otimização dos alertas. • Operar e administrar Firewalls de Próxima Geração (NGFW): implementação controlada de regras de acesso, NAT, VPNs, documentação de justificativas e revisão periódica de regras órfãs. • Apoiar ativamente as atividades de segmentação de rede, regras de tráfego e hardening de perímetro. • Monitorar, classificar e investigar alertas de segurança gerados pelo SIEM, firewalls e demais ferramentas perimetrais. • Realizar a triagem e análise inicial de incidentes de segurança perimetral, efetuando o escalonamento estruturado para o Especialista quando necessário. • Produzir relatórios operacionais, mapas de tráfego e indicadores de incidentes/bloqueios de segurança. • Elaborar e manter atualizada a documentação técnica de topologias, fluxos de redes e procedimentos operacionais (POPs).
Senior Cyber Security Analyst
SS&C TechnologiesEstablished in 1986, SS&C Technologies is a leading global provider of services and software for the global financial services industry. Committed to helping cl
Title: Sr. Cyber Security Analyst Location: Waltham, MA / Boston, MA - Hybrid / New York / Florida / Texas / Virginia / Washington - Remote Full time Job Description: As a leading financial services and healthcare technology company based on revenue, SS&C is headquartered in Windsor, Connecticut, and has 27,000+ employees in 35 countries. Some 20,000 financial services and healthcare organizations, from the world's largest companies to small and mid-market firms, rely on SS&C for expertise, scale, and technology. Job Description Sr. Cyber Security Analyst Locations: Waltham, MA / Boston, MA - Hybrid / New York / Florida / Texas / Virginia / Washington - Remote About the Role We are seeking a Sr. Cybersecurity Analyst to join our growing team, report to the Director of Information Security and Privacy. In this role, you will help protect client data and ensure trust in our products by identifying risks, coordinating remediation, and supporting daily security operations. You will leverage your expertise to assess, implement, and continuously improve controls aligned with security standards. Collaborating with cross-functional teams, you will drive risk-informed decision-making, support audit readiness, and help enhance our security culture. Why Join SS&C SS&C combines proprietary technology with deep industry expertise to support complex financial and health care operations. Our teams design, implement, and operate solutions that help clients manage data, automate processes, and scale their businesses with confidence. You will work with industry experts, modern platforms, and evolving technologies, gaining exposure to real-world operational challenges and large-scale enterprise environments. How You Will Make an Impact - Support the development, implementation, and monitoring of security policies and controls, and collaborate with Global Security to ensure alignment with enterprise security standards and frameworks. - Investigate security incidents and collaborate with internal teams for effective resolution. Coordinate post-incident reporting and remediation. - Partner with the Vulnerability Management team to drive vulnerability remediation, recommend controls, create playbooks, and ensure fixes are completed by application and system owners within SLAs. - Conduct periodic access reviews and report security access violations. - Create and deliver high-quality written communications on security, compliance, and audit issues. - Support internal security projects, automation efforts, and process improvements. - Adopt and extend AI-assisted security tooling to reduce toil, accelerate investigations, augment, and simplify recurring security workflows. - Collaborate with engineering teams to embed security best practices into the software development lifecycle (SDLC) and cloud environments. - Perform security assessments of new products and services to ensure the adequacy of security and privacy. Required Experience - Bachelor's degree in Information Security, Computer Science, or a related field. - 5+ years of experience in cybersecurity, risk management, or related roles. - Strong knowledge of security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls), privacy principles, and risk management methodologies. - Hands-on experience with security tools, including network firewalls, IDS/IPS, WAF, vulnerability management, XDR/EDR, and DLP solutions. - Experience with evaluating and testing the security of Public Cloud (AWS, Azure). - Strong understanding of application security, cloud security, network security, identity and access management, and cryptography. - Excellent written and oral communication skills, with experience in drafting technical documentation and client communications. - Hands-on experience with scripting, automation (Python, PowerShell, Bash, AI), and infrastructure-as-code security (Terraform, CloudFormation) to scale security outcomes and reduce manual work. - Experience executing threat modeling and design reviews. In-depth knowledge of identifying and protecting against web application and API security threats. - Industry certifications such as CISSP, CISM, CCSP, GSEC, or equivalent. What Sets You Apart (preferred qualifications) - Detail oriented and organized, with an ability to track multiple efforts to completion. - Strong analytical, process and problem-solving skills. - The desire, commitment, and ability to be a team player. Ability to manage expectations, align different points of view and gain consensus. - Excellent time management skills to effectively manage multiple and sometimes competing priorities. Ability to develop structured plans for short-term work activities and manage own time to consistently meet agreed targets across multiple concurrent security efforts. - Capable of working with limited direct supervision. Join SS&C, where innovation meets global opportunities. #LI-PE1 #LI-HYBRID Unless explicitly requested or approached by SS&C Technologies, Inc. or any of its affiliated companies, the company will not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. SS&C Technologies offers a comprehensive total rewards package designed to support your wellbeing, growth, and future. Our benefits include medical, dental, and vision coverage; a 401(k) plan with company match; paid time off, holidays, and parental leave; and professional development reimbursement opportunity. Actual base salary will vary based on several factors, including but not limited to relevant skills, prior experience, education, demonstrated performance, and geographic location. New York: The expected base salary for the position is between 110,000 USD to 145,000 USD. Washington: The expected base salary for the position is between 110,000 USD to 145,000 USD. Massachusetts: The expected base salary for the position is between 110,000 USD to 145,000 USD. In addition, employees in this role may be eligible for consideration on an annual basis for a discretionary bonus and/or equity awards, such as restricted stock units or stock options, based upon individual and business performance at the company's discretion. Applications will be accepted on an ongoing basis until the position is filled. SS&C Technologies is an Equal Employment Opportunity employer and does not discriminate against any applicant for employment or employee on the basis of race, color, religious creed, gender, age, marital status, sexual orientation, national origin, disability, veteran status or any other classification protected by applicable discrimination laws.
Role Description At Centorrino Technologies (CT), we’re more than just tech—we’re a community that goes beyond expectations. We’ve been recognised as a Great Place to Work in 2024 and one of the Best Places to Work Medium Size in Australia for 2024, with an outstanding eNPS score of 68. And we’re not stopping there. We're on a mission to redefine the customer experience, and we need a passionate Cyber Analyst to join our team in Melbourne and/or Perth. This role requires NV1 security clearance. - Conduct real-time monitoring of security alerts and incidents utilising our SIEM tools (FortiSIEM and MS Sentinel) to ensure swift identification and resolution of potential threats. - Utilise vulnerability management tools such as Tenable and MS Defender to report on vulnerabilities within customer environments and propose appropriate remediation plans. - Conduct security awareness training sessions for customers to foster a security-conscious culture. - Conduct regular security meetings with CT customers by generating reports and presenting findings. - Collaborate with all stakeholders to configure and fine-tune security tools, including EDR solutions, application control, firewalls, intrusion detection systems, and anti-malware software. - Develop and maintain comprehensive documentation on security procedures and guidelines. - Stay up-to-date with the latest cyber security trends, technologies, and best practices to continuously enhance our security posture. Qualifications - An NV1 Security Clearance is required to be eligible for this role. - Experience with any SIEM products, ideally FortiSIEM and/or Microsoft Sentinel. - Familiarity with IDS/IPS, EDR Solutions, cloud technologies and endpoint protection. - Knowledge of network protocols, security architectures, and information security frameworks. - Ideally experience in conducting vulnerability assessments and remediation. - Excellent analytical and problem-solving skills, with the ability to think critically and respond quickly to security incidents. - Effective communication and teamwork skills, with the ability to convey complex technical concepts to non-technical stakeholders. - Ideally experience in conducting vulnerability assessments and remediation using products such as Tenable and Microsoft Defender. - Working with user Cybersecurity Awareness training software such as uSecure or Microsoft based training modules. - Relevant certifications are beneficial (e.g., Tenable Vulnerability Management Specialist Course, SC-900, SC-200, SC-100). Benefits - Extensive training and development opportunities that enable continual growth as part of your career planning. - Extensive discounts and benefits to maximise your money. - A choice of your IT equipment to maximise your success and access to cost-price tech for your personal needs. - Fun team events to celebrate achievements and connect with colleagues outside work as part of our engaging culture. - CT celebrates diversity and enables every voice to be heard as we drive to create the world we want. Note: A valid Vulnerable People / Working with Children Check (WWCC) and Police Check are required.



